Data Sheet

ManualsBrandsIntel ManualsCPU ProcessorsCore i7-9700KF 3.6 GHz Eight-Core LGA 1151 Processor

Technologies

56 Datasheet, Volume 1 of 2

to translate the linear address), the resulting guest-physical address

is executable under EPT only if the XS bit is set in every EPT paging-

structure entry used to translate the guest-physical address

—The XU and XS bits are used only when translating linear

addresses for guest code fetches. They do not apply to guest

page walks, data accesses, or A/D-bit updates

• VMEntry - If the “activate secondary controls” and “mode-based EPT

execute control” VM-execution controls are both 1, VM entries ensure that

the “enable EPT” VM-execution control is 1. VM entry fails if this check

fails. When such a failure occurs, control is passed to the next instruction,

• VMExit - The exit qualification due to EPT violation reports clearly

whether the violation was due to User mode access or supervisor mode

access.

— Capability Querying: IA32_VMX_PROCBASED_CTLS2 has bit to indicate the

capability, RDMSR can be used to read and query whether the processor

supports the capability or not.

• Extended Page Tables (EPT)

— EPT is hardware assisted page table virtualization.

— It eliminates VM exits from guest OS to the VMM for shadow page-table

maintenance.

• Virtual Processor IDs (VPID)

— Ability to assign a VM ID to tag processor IA core hardware structures (such as

TLBs).

— This avoids flushes on VM transitions to give a lower-cost VM transition time

and an overall reduction in virtualization overhead.

• Guest Preemption Timer

— Mechanism for a VMM to preempt the execution of a guest OS after an amount

of time specified by the VMM. The VMM sets a timer value before entering a

guest.

— The feature aids VMM developers in flexibility and Quality of Service (QoS)

guarantees.

• Descriptor-Table Exiting

— Descriptor-table exiting allows a VMM to protect a guest OS from internal

(malicious software based) attack by preventing relocation of key system data

structures like IDT (interrupt descriptor table), GDT (global descriptor table),

LDT (local descriptor table), and TSS (task segment selector).

— A VMM using this feature can intercept (by a VM exit) attempts to relocate

these data structures and prevent them from being tampered by malicious

software.

3.1.2 Intel

Virtualization Technology (Intel

VT) for Directed

I/O (Intel

VT-d)

Intel

VT-d Objectives

The key Intel VT-d objectives are domain-based isolation and hardware-based

virtualization. A domain can be abstractly defined as an isolated environment in a

platform to which a subset of host physical memory is allocated. Intel VT-d provides

accelerated I/O performance for a virtualized platform and provides software with the

following capabilities:

• I/O device assignment and security: for flexibly assigning I/O devices to VMs and

extending the protection and isolation properties of VMs for I/O operations.