Hi Ning,
You’re right that usually TXT and Vt-D are enabled together in the BIOS.
However, it’s possible that due to errors in tooling, or because the system
BIOS or settings were modified, the Vt-D setting is accidentally cleared. Tboot
is good about checking for SMX and VMX, which makes it mo
Generally, when VT-d is disabled in the BIOS, Intel TXT is also in disabled
state, tboot will boot into kernel directly without triggering Getsec[senter].
Meanwhile, it looks like the testing method below is not sufficient to verify
your patch, as current tboot can achieve your testing goal with
