On 03/12/2012 01:04 PM, H. Peter Anvin wrote: > On 03/12/2012 01:01 PM, Eric W. Biederman wrote: >> >> The basic problem is which source do we block this at? How many >> sources are their? And architecturally last I looked x86 no longer >> has a NMI disable EFI and similar systems want to get away without >> a CMOS legacy clock because designers so often get them wrong. >> > > On all processors which have an LAPIC you can block all NMI sources at > the LAPIC. I think it's safe to assume that if you don't have an LAPIC > -- an ancient system by now -- you have port 70h. > One thing: *disabling* the LAPIC will allow external NMIs coming in on LINT1 through, since the LAPIC in the disabled state tries to mimic the no-LAPIC configuration. So I don't think you want to disable LAPIC as much as disable the interrupt vectors within. -hpa
