Re: [Syllable-kernel] Syllable security and "trusted computing"

[Kip M. <kip...@gm...>]

> Microsoft/Intel "trusted computing" initiative.
>=20
> First, every UNIX OS as well as Windows uses only two of the four
> "rings" of protection on x86.  The kernel and all modules run in Ring 0
> and all user programs run in Ring 3.  Ring 0 can bypass all protections.
>   What's interesting about the special hardware support that is being
> added for "Palladium" (what Intel calls "LaGrande Technology", or LT),
> is that they've essentially had to add a new "Ring -1" that is more
> privileged than the layer at which the normal operating system runs, in
> order to be able to assure the privacy and security that Windows itself
> is apparently not able to provide.  This is stupid:  if we have Rings 1

No it isn't, it is necessary if they are to support running Windows
_unmodified_ on top of a hypervisor. See VT-x.