Menu
▾
▴
Re: [Syllable-kernel] Syllable security and "trusted computing"
|
From: Mark W. <mar...@cl...> - 2005-04-29 16:07:27
|
Hi Kip, didn't expect to see you here ;-) > > First, every UNIX OS as well as Windows uses only two of the four > > "rings" of protection on x86. The kernel and all modules run in Ring 0 > > and all user programs run in Ring 3. Ring 0 can bypass all protections. > > What's interesting about the special hardware support that is being > > added for "Palladium" (what Intel calls "LaGrande Technology", or LT), > > is that they've essentially had to add a new "Ring -1" that is more > > privileged than the layer at which the normal operating system runs, in > > order to be able to assure the privacy and security that Windows itself > > is apparently not able to provide. This is stupid: if we have Rings 1 > > No it isn't, it is necessary if they are to support running Windows > _unmodified_ on top of a hypervisor. See VT-x. VT-x introduces "root mode" and "non-root mode", which is orthogonal to the ring you're running in (although root mode can only be entered and left in certain restricted ways). Root mode & ring 0 is where a hypervisor would run, non-root mode & rings 0-3 would contain guest OSs. One thing which I'm curious about is exactly what form "Ring -1" in LT will actually take. Both AMD's and Intel's security extensions are dependent on their virtualisation extentions because they use similar mechanisms. I guess it may be that "ring -1" == "root mode ring 0". Speculation on my part... Are there any specs available for LT? I haven't seen any, the deadline for LT seems to have moved back relative to what I was expecting. Cheers, Mark |