Before this mode there was very little one could do the examine the state of the chip using an standard 1980's style in circuit emulator. In October 1994, a year after the first pentium, a patent for Microprocessor with an external command mode for diagnosis and debugging (US5479652) was filed. EvolutionThe Pentium Probe Mode evolved from the P5 to the P6. For the P6, the Probe Instruction Register no longer accepted microcode instructions, but it accepted x86 instructions instead. The Probe Data Register was no longer an internal register accessible by microcode only, but is now available as an MSR. The Probe Mode Control Register changed from MSR address 8000001Dh to a MSR 71h. In addition, the segment descriptor caches are accessed using MSRs in the P6 instead of microcode addressing in the P5. These Probe Mode MSRs are not accessible from Ring 0, but only from Probe Mode. Any attempt to read or write these MSRs from Ring 0 will result in a General Protection Fault. Thus, any software protection or anti-cheat rootkits are unable to disrupt or detect the operation of Probe Mode. Probe Mode did not change much from the P6 to the Pentium III. From the Pentium III to Pentium M, The TAP protocol for reading the Probe Data Register was slightly modified. The Probe Instruction Register was changed to a fixed-length register (16 bytes) instead of the variable-length register present in the P6. The ODLAT (On die Logic Analyzer Trigger) feature was added. The Core 2 Duo family was derived from the Pentium M, so Probe Mode implementation did not change much. The TAP protocol for reading the Probe Data Register was slightly modified again. TAP commands were added to support hyperthreading. For instance, a THREADSELECT TAP command was added so that an engineer can select which thread in the core to control. However, there is one recent Intel processor architecture that reverted back to the P5-style implentation of Probe Mode. That is the Larrabee architecture, which is based on the P5. The u and v pipes of Intel Larrabee are extended by one bit each. New microcode instructions for Larrabee's FPU and vector extensions exist. Other than that, the implementation of probe mode is similar to the P5. The Probe Mode Control Register and Probe Data Registers are accessible using microcode only, not through MSRs. Over next few x86 generations, probe mode has been made more powerful. Additional bits are added to the Probe Mode Control Register. These bits allow the user to break on special processor transitions such as SMM Entry/Exit, C6 package Entry/Exit, CC1-CC7 Entry/Exit, VM Entry/Exit and Reset etc. However, the Probe Mode Control Register soon did not have enough bits to control the diverse variety of hooks and breaks in modern x86 processors. This led to the creation of Probe Mode Control Register 2 and VM Probe Mode Control Register. The author suspects that Probe Mode Control Register 2 controls breaking on Intel TXT transitions, Core and Package power state transitions and VMX mode transitions, whereas the VM Probe Mode Control Register enables breaking on certain VM Exit conditions. It is unknown if setting the Interrupt Redirect bit (bit 12) of DR7 is required for these breaks to work. MiscFrom a joke archive (who wrote this??):
10. Quality control complained about the rattling noises the chip makes whenever it's reset.9. Intel hoped to outfox AMD developers this time by waiting for them to release their "Pentium" first.8. Intel's still trying to figure out how to mount a three-foot high cooling tower on a two-inch square package. ...4. Military insisted at the last minute on 8080-compatability mode.3. Employees complained about being harassed by engineers who offered to demonstrate "Probe Mode."2. All those millions of dollars in processor research and development were cutting into the CEO's Christmas bonus. and the #1 reason..1. Intel needed to hire more lawyers first |
|
|