Overview of Intel VT-rp (Intel Virtualization Technology) Redirect Protection. The hardware memory management feature known as paging is used by contemporary multi-tasking operating systems (OSes)
Hierarchical paging structures, also known as page tables, are used by the CPU paging function to translate addresses
The integrity of the paging structures that the kernel controls is essential for all sensitive OS kernel data structures and memory protection guarantees
Although they are limited for this use case, security hypervisors can leverage Intel Virtualization Technology Extensions (Intel VT-x) Extended Page Table (EPT) techniques to manage access to the kernel’s paging structures
Intel VT -rp is available on server platforms beginning with 4th Gen Intel Xeon Scalable processors and on Intel processors beginning with 12th Gen Intel Core processors for clients
Three new virtual-machine extensions (VMX) are defined by the Intel VT-rp architecture, which enables the OS and security hypervisor to counteract paging structure assaults with the aforementioned objectives
Intel VT-rp prevents A/D bit update emulation exits and allows monitoring of a subset of paging structures
Verify guest paging, also known as VGP (enabled via the “Guest-paging verification” VM-execution control in VMCS), is another new per-page EPT control defined by Intel VT-rp