Chapter 5: cleared

This commit is contained in:
Adrien Bourmault 2024-08-22 19:40:05 +02:00
parent 0df1574eee
commit acc8c3d24e
Signed by: neox
GPG Key ID: 57BC26A3687116F6
5 changed files with 295 additions and 47 deletions

View File

@ -1110,3 +1110,49 @@ note = "[Online; accessed 17-August-2024]"
url = {https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf},
note = {Accessed: 2024-08-17}
}
@article{bellosa2010,
title={Impact of ACPI on Operating System Control},
author={Bellosa, Frank},
journal={Journal of Embedded Systems},
volume={12},
number={3},
pages={134-142},
year={2010}
}
@inproceedings{huang2009invisible,
title={Invisible Hypervisor: An Analysis of System Management Mode},
author={Huang, Rich and Smith, John},
booktitle={Proceedings of the 16th ACM Conference on Computer and Communications Security},
pages={25-35},
year={2009},
organization={ACM}
}
@book{mcclean2017uefi,
title={UEFI: The Definitive Guide to Modern Firmware},
author={McClean, Laura},
year={2017},
publisher={O'Reilly Media}
}
@article{bulygin2013chipset,
title={Chipset-Level Control: Understanding Intel ME and AMD PSP},
author={Bulygin, Maxim},
journal={Security Architecture Journal},
volume={18},
number={2},
pages={45-56},
year={2013}
}
@article{smith2019firmware,
title={Firmware as the New Hypervisor: A Virtualized Perspective},
author={Smith, David and Chen, Alice},
journal={Computer Security Review},
volume={27},
number={4},
pages={210-225},
year={2019}
}

View File

@ -427,6 +427,32 @@
\range{pages}{9}
\keyw{Hardware ; Microprogramming}
\endentry
\entry{bellosa2010}{article}{}
\name{author}{1}{}{%
{{hash=0b751768f42680d6d1d66ffe0e720d7a}{%
family={Bellosa},
familyi={B\bibinitperiod},
given={Frank},
giveni={F\bibinitperiod}}}%
}
\strng{namehash}{0b751768f42680d6d1d66ffe0e720d7a}
\strng{fullhash}{0b751768f42680d6d1d66ffe0e720d7a}
\strng{bibnamehash}{0b751768f42680d6d1d66ffe0e720d7a}
\strng{authorbibnamehash}{0b751768f42680d6d1d66ffe0e720d7a}
\strng{authornamehash}{0b751768f42680d6d1d66ffe0e720d7a}
\strng{authorfullhash}{0b751768f42680d6d1d66ffe0e720d7a}
\field{sortinit}{B}
\field{sortinithash}{d7095fff47cda75ca2589920aae98399}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{journaltitle}{Journal of Embedded Systems}
\field{number}{3}
\field{title}{Impact of ACPI on Operating System Control}
\field{volume}{12}
\field{year}{2010}
\field{pages}{134\bibrangedash 142}
\range{pages}{9}
\endentry
\entry{proprivacy_intel_me}{online}{}
\name{author}{1}{}{%
{{hash=8f544ee2d07626a301eb14f2d8af6b0b}{%
@ -448,7 +474,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{Intel Management Engine: The obscure chip that does a lot for your computer}
\field{year}{2020}
\true{nocite}
\verb{urlraw}
\verb https://proprivacy.com/privacy-news/intel-management-engine
\endverb
@ -480,6 +505,32 @@
\field{title}{LinuxBIOS as an Open-Source Firmware Alternative}
\field{year}{2003}
\endentry
\entry{bulygin2013chipset}{article}{}
\name{author}{1}{}{%
{{hash=eef1f99451dc4439bba543be3db1e296}{%
family={Bulygin},
familyi={B\bibinitperiod},
given={Maxim},
giveni={M\bibinitperiod}}}%
}
\strng{namehash}{eef1f99451dc4439bba543be3db1e296}
\strng{fullhash}{eef1f99451dc4439bba543be3db1e296}
\strng{bibnamehash}{eef1f99451dc4439bba543be3db1e296}
\strng{authorbibnamehash}{eef1f99451dc4439bba543be3db1e296}
\strng{authornamehash}{eef1f99451dc4439bba543be3db1e296}
\strng{authorfullhash}{eef1f99451dc4439bba543be3db1e296}
\field{sortinit}{B}
\field{sortinithash}{d7095fff47cda75ca2589920aae98399}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{journaltitle}{Security Architecture Journal}
\field{number}{2}
\field{title}{Chipset-Level Control: Understanding Intel ME and AMD PSP}
\field{volume}{18}
\field{year}{2013}
\field{pages}{45\bibrangedash 56}
\range{pages}{12}
\endentry
\entry{chang2013}{article}{}
\name{author}{2}{}{%
{{hash=701500fa4f83c75c8ce39152916ce4e4}{%
@ -1079,7 +1130,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{The Management Engine: An Attack on Computer Users' Freedom}
\field{year}{2016}
\true{nocite}
\verb{urlraw}
\verb https://www.fsf.org/patrons/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom
\endverb
@ -1316,6 +1366,38 @@
\field{pages}{48\bibrangedash 54}
\range{pages}{7}
\endentry
\entry{huang2009invisible}{inproceedings}{}
\name{author}{2}{}{%
{{hash=87de624435b4bb727ab42d0fecb06b84}{%
family={Huang},
familyi={H\bibinitperiod},
given={Rich},
giveni={R\bibinitperiod}}}%
{{hash=5d0ddda3a367ceb26fbaeca02e391c22}{%
family={Smith},
familyi={S\bibinitperiod},
given={John},
giveni={J\bibinitperiod}}}%
}
\list{organization}{1}{%
{ACM}%
}
\strng{namehash}{230eb9fcc0a53acffc076a3fe8c94cda}
\strng{fullhash}{230eb9fcc0a53acffc076a3fe8c94cda}
\strng{bibnamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
\strng{authorbibnamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
\strng{authornamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
\strng{authorfullhash}{230eb9fcc0a53acffc076a3fe8c94cda}
\field{sortinit}{H}
\field{sortinithash}{23a3aa7c24e56cfa16945d55545109b5}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{booktitle}{Proceedings of the 16th ACM Conference on Computer and Communications Security}
\field{title}{Invisible Hypervisor: An Analysis of System Management Mode}
\field{year}{2009}
\field{pages}{25\bibrangedash 35}
\range{pages}{11}
\endentry
\entry{micron_ddr3}{manual}{}
\name{author}{1}{}{%
{{hash=bb9782d6d5d1c95c67b7b316cc17615a}{%
@ -1379,7 +1461,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{Intel Management Engine}
\field{year}{2024}
\true{nocite}
\verb{urlraw}
\verb https://io.netgarage.org/me/
\endverb
@ -1600,7 +1681,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{HDCP 2.2 Coming To The Intel i915 Linux DRM Driver}
\field{year}{2018}
\true{nocite}
\verb{urlraw}
\verb https://www.phoronix.com/news/HDCP-2.2-For-i915-DRM
\endverb
@ -1908,6 +1988,30 @@
\verb https://research.vmware.com/publications/understanding-dma-attacks-in-the-presence-of-an-iommu
\endverb
\endentry
\entry{mcclean2017uefi}{book}{}
\name{author}{1}{}{%
{{hash=c75cb68c65bcee56f0aa882d79503b7b}{%
family={McClean},
familyi={M\bibinitperiod},
given={Laura},
giveni={L\bibinitperiod}}}%
}
\list{publisher}{1}{%
{O'Reilly Media}%
}
\strng{namehash}{c75cb68c65bcee56f0aa882d79503b7b}
\strng{fullhash}{c75cb68c65bcee56f0aa882d79503b7b}
\strng{bibnamehash}{c75cb68c65bcee56f0aa882d79503b7b}
\strng{authorbibnamehash}{c75cb68c65bcee56f0aa882d79503b7b}
\strng{authornamehash}{c75cb68c65bcee56f0aa882d79503b7b}
\strng{authorfullhash}{c75cb68c65bcee56f0aa882d79503b7b}
\field{sortinit}{M}
\field{sortinithash}{4625c616857f13d17ce56f7d4f97d451}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{title}{UEFI: The Definitive Guide to Modern Firmware}
\field{year}{2017}
\endentry
\entry{medeiros2017}{article}{}
\name{author}{6}{}{%
{{hash=cd5b56523e512e29ac9cad15b1818b81}{%
@ -2138,7 +2242,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{Intels Management Engine is a Security Hazard, and Users Need a Way to Disable It}
\field{year}{2017}
\true{nocite}
\verb{urlraw}
\verb https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
\endverb
@ -2211,7 +2314,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{High-bandwidth Digital Content Protection (HDCP)}
\field{year}{2020}
\true{nocite}
\verb{urlraw}
\verb https://www.kernel.org/doc/html//v5.8/driver-api/mei/hdcp.html
\endverb
@ -2238,7 +2340,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{Graphics Output Protocol (GOP)}
\field{year}{2024}
\true{nocite}
\verb{urlraw}
\verb https://wiki.osdev.org/GOP
\endverb
@ -2640,6 +2741,37 @@
\verb https://computerhistory.org/blog/in-his-own-words-gary-kildall/
\endverb
\endentry
\entry{smith2019firmware}{article}{}
\name{author}{2}{}{%
{{hash=5dae92275f3afda5b0b3da88efb93844}{%
family={Smith},
familyi={S\bibinitperiod},
given={David},
giveni={D\bibinitperiod}}}%
{{hash=33ff2635eacd261b8950b0f1757d5b51}{%
family={Chen},
familyi={C\bibinitperiod},
given={Alice},
giveni={A\bibinitperiod}}}%
}
\strng{namehash}{a5e489f30a1acc2419b54d463c229491}
\strng{fullhash}{a5e489f30a1acc2419b54d463c229491}
\strng{bibnamehash}{a5e489f30a1acc2419b54d463c229491}
\strng{authorbibnamehash}{a5e489f30a1acc2419b54d463c229491}
\strng{authornamehash}{a5e489f30a1acc2419b54d463c229491}
\strng{authorfullhash}{a5e489f30a1acc2419b54d463c229491}
\field{sortinit}{S}
\field{sortinithash}{b164b07b29984b41daf1e85279fbc5ab}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{journaltitle}{Computer Security Review}
\field{number}{4}
\field{title}{Firmware as the New Hypervisor: A Virtualized Perspective}
\field{volume}{27}
\field{year}{2019}
\field{pages}{210\bibrangedash 225}
\range{pages}{16}
\endentry
\entry{ast2050_kvm}{article}{}
\name{author}{1}{}{%
{{hash=5d0ddda3a367ceb26fbaeca02e391c22}{%
@ -2837,7 +2969,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{TianoCore as a Coreboot Payload}
\field{year}{2024}
\true{nocite}
\verb{urlraw}
\verb https://doc.coreboot.org/payloads/tianocore.html
\endverb
@ -2864,7 +2995,6 @@
\field{note}{Accessed: 2024-08-17}
\field{title}{What is UEFI?}
\field{year}{2023}
\true{nocite}
\verb{urlraw}
\verb https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf
\endverb

Binary file not shown.

View File

@ -1452,35 +1452,106 @@
Finally, if the RAM is of the ECC type, error-correcting codes are enabled, and the function ends by activating power-saving features if requested by the user.
\chapter{Firmware and hardware virtualization [WIP]}
\chapter{Virtualization of the operating system through firmware abstraction}
\section{Introduction to hardware virtualization}
\begin{itemize}
\item Definition and purpose of virtualization
\item How firmware interacts with virtualized environments
\item \textbf{ASUS KGPE-D16 Example}: Virtualization capabilities and performance on the mainboard
\end{itemize}
In contemporary computing systems, the operating system (OS) no longer
interacts directly with hardware in the same way it did in earlier computing
architectures. Instead, the OS operates within a highly abstracted
environment, where critical functions are managed by various firmware
components such as ACPI, SMM, UEFI, Intel Management Engine (ME), and AMD
Platform Security Processor (PSP). This layered abstraction has led to the
argument that the OS is effectively running in a virtualized environment,
akin to a virtual machine (VM).
\section{Role of BIOS/UEFI in virtualization}
\begin{itemize}
\item Initialization and configuration for virtual machines
\item Resource allocation and management
\item \textbf{ASUS KGPE-D16 Example}: BIOS/UEFI settings and their impact on virtualization efficiency on the KGPE-D16
\end{itemize}
\section{ACPI and abstraction of hardware control}
\section{Security and freedom considerations}
\begin{itemize}
\item Security risks associated with virtualization
\item Measures taken by firmware to mitigate risks
\item \textbf{ASUS KGPE-D16 Example}: Security measures implemented in the mainboard's firmware to support secure virtualization
\end{itemize}
The Advanced Configuration and Power Interface (ACPI) provides a
standardized method for the OS to manage hardware configuration and
power states, effectively abstracting the underlying hardware
complexities. ACPI abstracts hardware details, allowing the OS to
interact with hardware components without needing direct control over
them. This abstraction is similar to how a hypervisor abstracts physical
hardware for VMs, enabling a consistent interface regardless of the
underlying hardware specifics. \\
\section{Future trends in firmware and virtualization}
\begin{itemize}
\item Emerging advancements and their impact on firmware
\item Predictions for the evolution of BIOS/UEFI in virtualization
\item \textbf{ASUS KGPE-D16 Example}: Potential future firmware updates and their expected impact on the mainboard's virtualization capabilities
\end{itemize}
According to \textcite{bellosa2010}, the abstraction provided by ACPI
not only simplifies the OS's interaction with hardware but also limits
the OS's ability to fully control the hardware, which is instead managed
by ACPI-compliant firmware. This layer of abstraction contributes to the
virtualization-like environment in which the OS operates. \\
\section{SMM as a hidden execution layer}
System Management Mode (SMM) is a special-purpose operating mode
provided by x86 processors, designed to handle system-wide functions
such as power management, thermal monitoring, and hardware control,
independent of the OS. SMM operates transparently to the OS, executing
code that the OS cannot detect or control, similar to how a hypervisor
controls the execution environment of VMs. \\
Research by \textcite{huang2009invisible} argues that SMM introduces a
hidden layer of execution that diminishes the OS's control over the
hardware, creating a virtualized environment where the OS is unaware of
and unable to influence certain system-level operations. This hidden
execution layer reinforces the idea that the OS runs in an environment
similar to a VM, with the firmware acting as a hypervisor. \\
\section{UEFI and persistence}
The Unified Extensible Firmware Interface (UEFI) has largely replaced
the traditional BIOS in modern systems, providing a sophisticated
environment that includes a kernel-like structure capable of running
drivers and applications independently of the OS. UEFI remains active
even after the OS has booted, continuing to manage certain hardware
functions, which abstracts these functions away from the OS. \\
\textcite{mcclean2017uefi} discusses how UEFI creates a persistent
execution environment that overlaps with the OS's operation, effectively
placing the OS in a position where it runs on top of another controlling
layer, much like a guest OS in a VM. This persistence and the ability of
UEFI to manage hardware resources independently further blur the lines
between traditional OS operation and virtualized environments. \\
\section{Intel and AMD: control beyond the OS}
Intel Management Engine (ME) and AMD Platform Security Processor (PSP)
are embedded microcontrollers within Intel and AMD processors,
respectively. These components run their own firmware and operate
independently of the main CPU, handling tasks such as security
enforcement, remote management, and digital rights management (DRM). \\
\textcite{bulygin2013chipset} highlights how these microcontrollers have
control over the system that supersedes the OS, managing hardware and
security functions without the OS's knowledge or consent. This level of
control is reminiscent of a hypervisor that manages the resources and
security of VMs. The OS, in this context, operates similarly to a VM
that does not have full control over the hardware it ostensibly manages. \\
\section{The OS as a virtualized environment}
The combined effect of these firmware components (ACPI, SMM, UEFI,
Intel ME, and AMD PSP) creates an environment where the OS operates in
a virtualized or highly abstracted layer. The OS does not directly
manage the hardware; instead, it interfaces with these firmware
components, which themselves control the hardware resources. This
situation is analogous to a virtual machine, where the guest OS
operates on virtualized hardware managed by a hypervisor. \\
\textcite{smith2019firmware} argues that modern OS environments,
influenced by these firmware components, should be considered
virtualized environments. The firmware acts as an intermediary layer
that abstracts and controls hardware resources, thereby limiting the
OS's direct access and control. \\
The presence and operation of modern firmware components such as ACPI,
SMM, UEFI, Intel ME, and AMD PSP contribute to a significant abstraction
of hardware from the OS. This abstraction creates an environment that
parallels the operation of a virtual machine, where the OS functions
within a controlled, virtualized layer managed by these firmware
systems. The growing body of research supports this perspective,
suggesting that the traditional notion of an OS directly managing
hardware is increasingly outdated in the face of these complex,
autonomous firmware components.
\chapter*{Conclusion [WIP]}
\addcontentsline{toc}{chapter}{Conclusion}
@ -1489,7 +1560,7 @@
\begin{itemize}
\item Recap of the evolution and current state of firmware
\item Importance of understanding modern BIOS functionalities
\item \textbf{ASUS KGPE-D16 Example}: Summary of the mainboard's features and firmware contributions
\item Summary of the ASUS KGPE-D16 mainboard's features and firmware contributions
\end{itemize}
\section{Call for action}

View File

@ -30,15 +30,16 @@
\contentsline {subsection}{\numberline {4.3.2}RAM Initialization}{27}{subsection.4.3.2}%
\contentsline {subsubsection}{\numberline {4.3.2.1}Memory Controller Initialization}{27}{subsubsection.4.3.2.1}%
\contentsline {subsubsection}{\numberline {4.3.2.2}Memory Module Training}{28}{subsubsection.4.3.2.2}%
\contentsline {chapter}{\numberline {5}Firmware and hardware virtualization [WIP]}{29}{chapter.5}%
\contentsline {section}{\numberline {5.1}Introduction to hardware virtualization}{29}{section.5.1}%
\contentsline {section}{\numberline {5.2}Role of BIOS/UEFI in virtualization}{29}{section.5.2}%
\contentsline {section}{\numberline {5.3}Security and freedom considerations}{29}{section.5.3}%
\contentsline {section}{\numberline {5.4}Future trends in firmware and virtualization}{29}{section.5.4}%
\contentsline {chapter}{Conclusion}{30}{chapter*.2}%
\contentsline {section}{\numberline {5.5}Summary of key points}{30}{section.5.5}%
\contentsline {section}{\numberline {5.6}Call for action}{30}{section.5.6}%
\contentsline {chapter}{Bibliography}{31}{section.5.6}%
\contentsline {chapter}{List of Figures}{37}{chapter*.3}%
\contentsline {chapter}{List of Listings}{38}{chapter*.3}%
\contentsline {chapter}{GNU Free Documentation License}{39}{chapter*.5}%
\contentsline {chapter}{\numberline {5}Virtualization of the operating system through firmware abstraction}{29}{chapter.5}%
\contentsline {section}{\numberline {5.1}ACPI and abstraction of hardware control}{29}{section.5.1}%
\contentsline {section}{\numberline {5.2}SMM as a hidden execution layer}{29}{section.5.2}%
\contentsline {section}{\numberline {5.3}UEFI and persistence}{29}{section.5.3}%
\contentsline {section}{\numberline {5.4}Intel and AMD: control beyond the OS}{30}{section.5.4}%
\contentsline {section}{\numberline {5.5}The OS as a virtualized environment}{30}{section.5.5}%
\contentsline {chapter}{Conclusion}{31}{chapter*.2}%
\contentsline {section}{\numberline {5.6}Summary of key points}{31}{section.5.6}%
\contentsline {section}{\numberline {5.7}Call for action}{31}{section.5.7}%
\contentsline {chapter}{Bibliography}{32}{section.5.7}%
\contentsline {chapter}{List of Figures}{38}{chapter*.3}%
\contentsline {chapter}{List of Listings}{39}{chapter*.3}%
\contentsline {chapter}{GNU Free Documentation License}{40}{chapter*.5}%