enabling Intel SMX on a Dell Optiplex 760

Only for programmers and BIOS gurus with technical questions.
Post Reply
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

I've been trying to enable Intel SMX (Safer Mode Extensions) on a Dell Optiplex 760 without any luck. There is no BIOS setting for this, and Dell was not able to assist me at all.

The first thing I found out was that the IA32_FEATURE_CONTROL_MSR register controls this feature. The bits are as follows:

bit 0: lock bit
bit 1: enable VMXON in SMX
bit 2: enable VMXON in normal operation
bit 3: undocumented

Through the one "enable VT" option in my BIOS, I am able to toggle the setting of bit 2, but not bit 1. Bits 0 and 3 are also always set. Bit 0 being set seems to indicate that the register is locked by the BIOS, correct?

I saw how people were able to overcome issues like this with Sony Vaio laptops when Sony disabled this feature, so I tried some of their approaches:

1. I tried to use Phoenix BIOS editor to open the ROM file for my BIOS so I could see if there were any "hidden" options. The program would not open the ROM file - I get the error: No BCPs found.

2. I tried to use Uniflash to back up my current BIOS, it just sort of hung until I rebooted.

3. I tried to use symcmos to get a back up of the current BIOS settings. I got the error:
Write symbolic report to file: DEFAULT.TXT

combineFiles (0h, COMBINE.ROM)...
initPdmEntry ...
search '$PDM' ... not Found!
pdmEntry = NULL !

4. Tried to use modbin/modbin6, but got the error: BIOS version not 6.0

That might be everything I've tried so far. This appears to be a Phoenix BIOS under some weird Dell gui, which is why I'm thinking there are more features that they are not allowing me to set.

Sorry for such a long post. Does anyone know if this is possible?

Thanks!

-- BrokenString
edwin
The Hardware Archivist
Posts: 6286
Joined: Wed Mar 20, 2002 7:11 pm
Location: Netherlands
Contact:

Intel Trusted Execution Technology provides hardware-based mechanisms that help protect against software-based attacks and protects the confidentiality and integrity of data stored or created on the client PC.
If the SMX (part of TXT) is not in the hardware, there's nothing that can enable it.
Intel has released the Q35 and Q33 chipsets that supports TXT.
http://en.wikipedia.org/wiki/Trusted_Ex ... Technology

Not what is inside the Optiplex 760
http://www.dell.com/content/products/pr ... b=specstab
Chipset
Intel® Q43 Express Chipset w/ICH10D
edwin/evasive

Do not assume anything

System error, strike any user to continue...
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

Thank you for your reply. The Q43 chipset does support TXT - Intel has released an AC SINIT module for that chipset which I am attempting to load. I am trying to use tboot on my machine, which is why I need SMX enabled:

http://sourceforge.net/projects/tboot

Thanks!

-- BrokenString
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

I forgot to add: SMX shows up as a flag in /proc/cpuinfo, and tboot also points out that the CPU is SMX capable when it is loading. Part of an example load:

TBOOT: IA32_FEATURE_CONTROL_MSR: 0000000d
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (d)
...
TBOOT: SMX not supported.

SENTER is one of the SMX instructions. The d indicates that bits 0, 2, and 3 are set, but not bit 1 which would enable SMX.

-- BrokenString
cp
BIOS Guru
Posts: 1914
Joined: Mon Oct 21, 2002 9:07 pm
Location: Germany

and if you'd write a small program that reads IA32_FEATURE_CONTROL_MSR, modifies it and writes the contents back? or just find the code that reads, modifies and writes 0x3a (IA32_FEATURE_CONTROL_MSR) in the BIOS. rdmsr and wrmsr are the assembler commands you are looking for.
If you email me include [WIMSBIOS] in the subject.
edwin
The Hardware Archivist
Posts: 6286
Joined: Wed Mar 20, 2002 7:11 pm
Location: Netherlands
Contact:

The Q43 chipset does support TXT - Intel has released an AC SINIT module for that chipset which I am attempting to load.
Says so where? I checked the product briefs and the chipset diagrams, no TXT inside the Q43 picture only in the Q35. Unless they need to update that part of their website?

Where can you download that module from?
edwin/evasive

Do not assume anything

System error, strike any user to continue...
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

Thanks for the info about rdmsr and wrmsr. I'm pretty sure I can't write a program to modify 0x3a since bit 0 is set, indicating that the register is locked by the BIOS (and can't be modified by software). Like you said, I'd like to find the code that modifies it in the BIOS and just change it there. Do you know how I can do that? All of my attempts (listed in my first post) to read the BIOS have failed. Is there another way that I can try?

Thanks!

-- BrokenString
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

The second page of this pdf file:

http://www.intel.com/Assets/PDF/prodbrief/320665.pdf

seems to indicate support for TXT in the Q43 chipset. The Dell site also mentions it with regard to the Optiplex 760:

http://www.dell.com/content/products/pr ... b=specstab

The modules can be downloaded here:

http://sourceforge.net/project/showfile ... _id=255119

Thanks!

-- BrokenString
BrokenString
New visitors - please read the rules.
Posts: 6
Joined: Wed Mar 11, 2009 8:40 am

Sort of an update: I just used ndisasm on the rom file I extracted from my BIOS, and now I can see the rdmsr and wrmsr instructions. I'm not exactly sure what I might be able to do next if I successfully modify this to set things the way I want them, but I thought it might be a step in the right direction...

-- BrokenString
Post Reply