Processor Configuration Registers
2.3.2.2
TSEG
For processor initiated transactions, the processor relies on correct programming of
SMM Range Registers (SMRR) to enforce TSEG protection.
TSEG is below IGD stolen memory, which is at the Top of Low Usable physical memory
(TOLUD). BIOS will calculate and program the TSEG BASE in Device 0 (TSEGMB), used
to protect this region from DMA access. Calculation is:
TSEGMB = TOLUD – DSM SIZE – GSM SIZE – TSEG SIZE
SMM-mode processor accesses to enabled TSEG access the physical DRAM at the same
address.
When the extended SMRAM space is enabled, processor accesses to the TSEG range
without SMM attribute or without WB attribute are handled by the processor as invalid
accesses.
Non-processor originated accesses are not allowed to SMM space. PCI Express, DMI,
and Internal Graphics originated cycle to enabled SMM space are handled as invalid
cycle type with reads and writes to location C_0000h and byte enables turned off for
writes.
2.3.2.3
Protected Memory Range (PMR) – (programmable)
For robust and secure launch of the MVMM, the MVMM code and private data needs to
be loaded to a memory region protected from bus master accesses. Support for the
protected memory region is required for DMA-remapping hardware implementations on
platforms supporting Intel TXT, and is optional for non-Intel TXT platforms. Since the
protected memory region needs to be enabled before the MVMM is launched, hardware
must support enabling of the protected memory region independently from enabling
the DMA-remapping hardware.
As part of the secure launch process, the SINIT-AC module verifies the protected
memory regions are properly configured and enabled. Once launched, the MVMM can
setup the initial DMA-remapping structures in protected memory (to ensure they are
protected while being setup) before enabling the DMA-remapping hardware units.
To optimally support platform configurations supporting varying amounts of main
memory, the protected memory region is defined as two non-overlapping regions:
• Protected Low-memory Region: This is defined as the protected memory region
below 4 GB to hold the MVMM code/private data, and the initial DMA-remapping
structures that control DMA to host physical addresses below 4 GB. DMA-
remapping hardware implementations on platforms supporting Intel TXT are
required to support protected low-memory region5.
• Protected High-memory Region: This is defined as a variable sized protected
memory region above 4 GB, enough to hold the initial DMA-remapping structures
for managing DMA accesses to addresses above 4 GB. DMA-remapping hardware
implementations on platforms supporting Intel TXT are required to support
protected high-memory region6, if the platform supports main memory above
4 GB.
Once the protected low/high memory region registers are configured, bus master
protection to these regions is enabled through the Protected Memory Enable register.
For platforms with multiple DMA-remapping hardware units, each of the DMA-
remapping hardware units must be configured with the same protected memory
regions and enabled.
Datasheet, Volume 2
23
INTEL [ INTEL ]
