Palladium block diagram
AARG! Anonymous
remailer at aarg.net
Tue Sep 17 12:37:21 PDT 2002
Here is a functional block diagram of the Palladium software, based on
a recent presentation by Microsoft. My notes were a bit sketchy as I
rushed to copy down this slide, so there may be some slight errors.
But this is basically what was shown. (Use a monospace font to see
it properly.)
Normal Mode Trusted Mode
+-----------------------------------------------------------------+
| +-------+ | +-------+ |
| Nubsys | App |---o | o---| Agent | | USER
| exe | PdLib | | | PdLib | |
| o +-------+ | +-------+ |
| | | o |
| | | | |
|--------|----------------------------+-----------|---------------|
| \-----------------\ | | |
| | | | |
| +---------+ +--------+ | +------------------+ |
| | Main OS | | NubMgr |--o | o--| Secure Executive | | KERNEL
| ++----+----+----+ | sys | | | Nexus | |
| | HAL | Drivers | +--------+ | +------------------+ |
| +-----+---------+ | |
| | |
+-----------------------------------------------------------------+
The idea is that initially only the left half exists. To launch
Palladium the user runs the Nubsys.exe program. This goes into
kernel mode and loads the NubMgr.sys module, which initiates trusted
mode and launches the secure executive or "nexus". (This is what is
also sometimes called the Nub or the TOR.)
When a Palladium-aware app is launched in user mode, it is linked with a
PdLib and requests to the Nexus to load the corresponding Trusted Agent.
The Agent runs trusted in user mode, and has its own PdLib which lets it
make system calls into the Nexus. The Trusted Agent and the application
then communicate back and forth across the trusted/normal mode boundary.
More information about the cypherpunks-legacy
mailing list