To download and install iKGT for Debian systems, use the following curl command:
$ curl https://01.org/sites/default/files/downloads/intel-kernel-guard-technolo... | bash
To download and install iKGT for RPM systems, use the following curl command:
$ curl https://01.org/sites/default/files/downloads/intel-kernel-guard-technolo... | bash
I'm wondering by utilizing VT-x to implement the xmon module, whether this framework can be used to protect a hardware virtualized hypervisor (e.g., KVM) or not.
Yep. This is all stuff that VT-x can already do, only it's giving a nice little wrapper to do it to the "base" operating system. More than a bit of me sees this as something to encourage operating system developers to actually use the security features that virtualization allows, instead of doing the bare minimum and obvious with it.
The protected OS is de-privileged though. In order to protect a hardware virtualized hypervisor (i.e., one that also requires VT-x), they need to implement some sort of nested virtual machine.
The feature is called VMCS shadowing. Wikipedia's description cites an Intel whitepaper (https://www-ssl.intel.com/content/dam/www/public/us/en/docum...) which describes how it's intended to help with the case of using McAfee's Deep Safe hypervisor (which does basically the same thing as this Kernel Guard, but for Windows) nested inside of Xen.
