On Wed, 7 Aug 2002, AARG! Anonymous wrote:
What is special about ring-0? Two things: first, it can see the code in the TE space so that it can execute it. And second, it doesn't trap into supervisor mode for things like debugger single-stepping. I'm not familiar with the details of the Pentium family but on most CPUs the debugger single-steps things by setting a flag and returning into the code. The code executes one instruction and then automatically traps into supervisor mode, which hands off to the debugger. This process must be suppressed in ring-0 mode, and likewise for any other features which can force a ring-0 process to trap involuntarily into supervisor mode, which exposes the registers and such.
If there's no way to debug the "hidden" (so called "trusted") code using standard techniques, then how can you know it works right? Most all processors now have hardware debugging capability - it is a requirement due to the complexity of the chips. *Somebody* has to be able to run a hardware debugger and have access to the raw hardware, even if it's just Intel running with the covers off. If I'm going to write a TOR, I want access to internal registers. So I'd expect there's a hardware interface to do that. This basicly breaks the whole thing. You can't have a generic platform *and* a trusted platform. You can have a trusted platform which is *specific* - nobody but the manufacturer knows the guts. If people want to buy it because it does something useful, that's ok, but don't call it a generic PC. As an aside, check out http://www.beastrider.com it's a hardware debugger for a DSP (which I built). The Intel processor may not work the same way, but it's got to have some kind of similar interface, and anybody like me can build an interface into it. If the processor is sealed into a tamper proof case (like the IBM 4875) Then it can be made secure for one manufacturer. The system is checked before being sealed. If people want to add one to their PC they are free to do so, but they understand who owns the key inside the sealed case. With TCPA people do not know who owns the key - and that's its basic problem. Until we know real hardware details, we're not really going to figure out what's going on. Since Palladium guys claim that TCPA doesn't do what they want, it seems that the hardware hasn't been figured out yet. If the processor isn't sealed to prevent people like me from building hardware debuggers, then Palladium will be cracked by someone. If it is sealed then it's not a generic PC anymore. I don't think it's possible to outlaw a generic pc, but I guess I'm not willing to let congress begin to think about it either :-\ Patience, persistence, truth, Dr. mike