Simultaneous LinuxWindows on dual processor PCs 458

J. Clarke

You're kidding right ?

With all these terms being bandied about as usual (to cause confusion amongst the mbuttes, which is succeeding), and with the Acronym Soup being tossed about; (TCPM-TCP, VT, VT-x, SVM, AMT, LT, EIT, etc; Palladium, Vanderpool, LeGrande, HDCP, COPP, Macrovision, DTCP-IP, CGMS-A) , like a ragdoll strapped to a bucking bronco - not to mention the newer BIOS implementations using EFI

Allow me to paste soem blurbs from this awesome article; that has some nice pics that truly show a Virtualization Ring-1 Hypervisor's insiduous capabilities.

------------- Article -------------

....

FIVE-RING CIRCUS

Building virtualization into hardware sounds contradictory. The whole point of virtualization has traditionally been to avoid hardware, simulating it in software. Why crawl around in the data center every time a Unix server needs a memory upgrade when an IBM mainframe can provision virtual Linux instances automatically? Why keep that old Windows 95 box around when a modern XP workstation can virtualize legacy DOS applications in the idle time between key presses?

The difficult part is that true virtualization requires each Virtual Machine (VM) to simulate a real one exactly. This is a problem with the x86 architecture because OS kernels expect direct control of the CPU. In programming parlance, they run at "Ring 0," the deepest level of access, with the most functionality. A traditional x86 chip can't run a virtualized OS at Ring 0 because that's needed for the hypervisor, the master OS that hosts all the VMs.

The x86 architecture provides three more rings, each with progressively less functionality. For stability, modern OSs restrict applications to the least functional, Ring 3. (This is why Windows XP is so much more reliable than its DOS-based predecessors, which let applications access Ring 0.) So the obvious approach to virtualization is to run the guest OS in one of the two vacant rings.

Unfortunately, some x86 machine code instructions only work at Ring 0. To run properly in higher rings, the OS must be rewritten (or at least recompiled) to avoid those instructions, an approach known as paravirtualization. This is popular in the Linux world--IBM uses a similar technique to run Linux clusters on a mainframe--but it takes work on the part of programmers, and it requires that the OS's source code be available.

Microsoft originally planned to support VT and Pacifica through Palladium, a new security architecture aimed mainly at consumer Digital Rights Management (DRM). The principle was that a new, more secure OS would run parallel to Windows and be invoked whenever extra security was wanted. For example, a media player on the secure OS would be able to play content that couldn't be captured by an application on regular Windows.

Microsoft demonstrated the technology in early alpha versions of Windows Vista, then called Longhorn. From the user's perspective, applications running on the second, secure OS appeared to run in Windows with highlighted borders. However, the extra OS wasn't included in later beta versions, and the plan has since been put on hold. Microsoft has announced a hypervisor for Windows Server 2007, but that will ship later in 2007 (or perhaps 2008), not with the OS itself, and may require an additional licensing fee.

Absent Microsoft, Intel is still promoting VT as a desktop (and laptop) security technology, but focused on enterprise management. The slogan is "Embedded IT Architecture"--a VM dedicated to anti-virus, anti-spyware, or backup software (see figure at left). In most cases, this software would be controlled remotely by the IT department, invisible to the user. Another VM can run Windows and all its applications normally--except that a malicious program or user wouldn't be able to disable the security software.

The same thing will be possible with Pacifica, though Intel's Active Management Technology (AMT) gives Intel an edge in embedded IT. AMT places a hardware management agent inside the NIC that can perform basic management tasks even when the CPU is switched off. For example, it could reboot a crashed PC or install a new hypervisor.

Compebreastion for the hypervisor has higher stakes. While VMs allow several OSs to share a system, there can only be one hypervisor. Windows servers will probably end up using Microsoft's. Clients and other servers will have a harder choice.

So far, there are two main contenders: VMware and Xen, an open-source hypervisor. The current versions still run at Ring 0--Xen uses paravirtualization, VMware emulation--but Intel and AMD are helping them move down to Ring -1. Both plan to support VT and Pacifica by the time the hardware is available.

Xen is the early favorite for embedded client management. It's used in all of Intel's embedded IT demos and has attracted code contributions from IBM as well as the chip vendors. For customers who don't feel comfortable downloading free software, some of its developers have formed a start-up, XenSource, to provide support and custom development work.

The server virtualization market still belongs to VMware. And to protect its position, it has formed a consortium including hardware vendors IBM and Dell, Linux leaders Red Hat and Novell, and Intel and AMD (see "Linux Virtually Ready For the Data Center" April 2005. The consortium aims to develop an open hypervisor standard, though it isn't clear yet whether Xen, Microsoft, and other compebreastors will be able to implement that standard.

-1 RING TO RULE THEM ALL

Virtualization can help protect a system against OS bugs or vulnerabilities, but it really just pushes security and stability problems down a level. The whole system is only as good as the hypervisor.

Fortunately, hypervisors tend to be robust. Most VMware products have never suffered a security advisory, a refreshing change to anyone accustomed to the frequent patches required by other software. And that's not just because of the programming skills of VMware employees. A hypervisor can be much smaller than a full-scale OS--Microsoft calls its own a "microkernel"--so auditing one for security is easier.

But VT and Pacifica can still introduce new vulnerabilities, especially for users who don't want the new VM capability. An attack on a system running a single, non-virtualized OS wouldn't even require hacking the hypervisor, as the attacker could just slip a virus or Trojan into the unused Ring -1.

A Ring -1 virus is the ultimate rootkit. Because it operates beneath the OS and simulates the legacy x86 chip exactly, it can attack even perfectly secure software. What's more, it's OS-independent: The same virus can compromise every x86 OS, from CP-M to Solaris. Worst of all, it's mathematically impossible for software alone to detect.

To protect against such a virus, the system needs a hardware component that can't be virtualized. This is provided by the Trusted Platform Module (TPM), the controversial PKI chip already included in many PCs. The TPM watches the hypervisor and other programs as they load into memory, checking that they match precomputed hash values. Once it's sure that the hypervisor hasn't been tampered with, it signs a digital certificate that can be verified by the virtualized OS or security software.

This process, known as attestation, isn't limited to software. It can also prove whether or not particular components are present. In the original Palladium DRM architecture, it would be used to rebutture a media player or video-streaming site that movies aren't being saved to a TiVo.

Intel and AMD both plan to do something similar in 2007, with technologies known respectively as La Grande and Presidio. Supposedly intended for enterprise security, these will encrypt the link to local USB and video devices, protecting against hardware keyboard sniffers.

In the meantime, VT and Pacifica both provide a compelling application for the TPM--even for enterprises that don't yet need VMs and hypervisors on desktops or laptops. While the chip has other uses such as disk encryption, virtualization-aware hardware could be what persuades users to activate it. Intel and AMD are moving ever more PC features onto the CPU.

---------------------- End Article ------------------

So perhaps I'm off-the-mark a bit about "which" exact tech will be responsible for Restricting our "Fair Use" -- but it's intertwined amongst this plethora of DRM Acronym stew.

My Advice; Take care of your Older Hardware folks ;)

p.s. it took an 'exacting' Google search to find this info - many