last one, kernel-switching, microkernel, dynamically loading kernels.

To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org
Subject: last one, kernel-switching, microkernel, dynamically loading kernels.
From: Francis Whittle <fudje@subdimension.com>
Date: Mon, 30 Dec 2002 11:37:40 +1100
Message-id: <[🔎] 20021230003740.GA16769@blackberry.noxious>
In-reply-to: <[🔎] 200212300057.43126.russell@coker.com.au>; from russell@coker.com.au on Mon, Dec 30, 2002 at 10:57:43 +1100
References: <[🔎] 20021229175930.GA8986@digitasaru.net> <[🔎] 200212292324.42357.russell@coker.com.au> <[🔎] 20021229233602.GA13147@blackberry.noxious> <[🔎] 200212300057.43126.russell@coker.com.au>

On 2002.12.30 10:57 Russell Coker wrote:

On Mon, 30 Dec 2002 00:36, Francis Whittle wrote:
> Dunno anything about TCPA, sorry.

I recommend that you read about it, it does some of the things that
you seem
interested in.


I'm not really interested in this stuff, really...
I just had a brief flash of possible future.


> > I wasn't aware of any crypto support in mainframes.  Do you have
any
> > references as to what the S/390 family supports in this regard?
>
> I was meaning in terms of channels bypassing processors.  Mainframe
> channels don't neccesarily need to use a processor, or even
classical
> memory sometimes, they can do software<>channel<>device.

Like bus-mastering PCI cards.  You can have two PCI cards talk to each
other
without involving main memory or CPU.


Sort of.  Well, yeah, like that.


> You have a bootloader, a pre-vm that defines a minimal threading
set, a
> linux security vm (low priority) a linux kernel vm, a security
> interface to comminucate with the authentication system.  These are
all
> in software; like so (same level of operation on same line):

So are you suggesting a micro-kernel architecture so that the Linux
kernel
can't get direct hardware access?  If so then that will never take
off, Linus
doesn't like it and there's the HURD for people who do.  I suggest
that you
investigate the HURD.

No, this would still essentially be linux. Both processes could havedirect access to hardware. Hardware access apart from memory for thesecurity thread wouldn't be neccessary and could be actually throughthe kernel itself, for which the password itself is not really needed.Like an extra FS driver.


> After Booting, the bootloader loads the Pre VM.  This can be
considered
> like the Linux Virtual Machine which interfaces between the Linux
> kernel and hardware, turning Linux system calls into the correct I/O
> mechanisms.

Firstly, there is nothing like a 1:1 mapping between system calls and
IO
mechanisms.  You could have Linux running over a virtual hardware
interface
such as UML.  But that has some significant performance issues and
doesn't
necessarily gain you much.

who said anything about 1:1? The arch vm translates a system call intoa string of architecture-specific calls to enable most of the code inthe linux kernel to be architecture-independent.


> This Pre VM, however, is minimally multithreading, unlike the
existing
> Linux VM (sort of).  It spawns two virtual processes, first the
> security VM, which sleeps until the interface makes a call to it,
and

Let's call these two processes two copies of UML Linux running on
Linux so
that we are talking about something that could possibly be
implemented.

With the UML argument -- you can't have a direct memory pipe betweentwo uml kernels anyway, so this theory wouldn't work there; it's stilldependant on networking.

> Once the OS has booted and the Authentication System starts, it
> switches its memory interface to be the security interface, while
the
> input remains in the linux kernel (This could be difficult to
achieve
> without writing some new calls to do kernel switching).

What do you mean by "kernel switching"?  Are you referring to having a

"Trusted Path" to the security code from an application?

I actually mean changing the memory space so that the process called bythe kernel thread could have its memory pointers shifted to thesecurity thread.

Back to the HURD,microkernel,platform thing, this isn't really what'sin mind with the design on the HURD either -- none of this securitymethod would be necessary anyway, because I think we can trust anybackdoors or anything in on OSS O/S kernel itself to be found outpretty damn quick, so memory residue in the kernel isn't really aproblem.Sorry to the list admins and "normal developers", but this thread isprobably a waste of mailing list. It brings to light a little bit ofundeveloped theory in case one wants to create a toy operating system,but isn't really that useful otherwise. Probably.

As to the kernel reloading into running systems... that was sarcasm asmy own build up.

If anyone actually wants to open a mailing list kickstarted by theseideas, go ahead. But this ties it up for my input.


Francis Whittle
(fudje)

[ Next time, something useful ]

Reply to:

References:
- Linux-NG
  - From: Joseph Pingenot <trelane@digitasaru.net>
- Re: Linux-NG - security
  - From: Russell Coker <russell@coker.com.au>
- Re: Linux-NG - security
  - From: Francis Whittle <fudje@subdimension.com>
- Re: Linux-NG - security
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Linux-NG - dynamic loading
Next by Date: Re: Digital video recording software
Previous by thread: Re: Linux-NG - security
Next by thread: Re: Linux-NG - security
Index(es):
- Date
- Thread