Chapter 5: cleared
This commit is contained in:
parent
0df1574eee
commit
acc8c3d24e
|
@ -1110,3 +1110,49 @@ note = "[Online; accessed 17-August-2024]"
|
||||||
url = {https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf},
|
url = {https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf},
|
||||||
note = {Accessed: 2024-08-17}
|
note = {Accessed: 2024-08-17}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@article{bellosa2010,
|
||||||
|
title={Impact of ACPI on Operating System Control},
|
||||||
|
author={Bellosa, Frank},
|
||||||
|
journal={Journal of Embedded Systems},
|
||||||
|
volume={12},
|
||||||
|
number={3},
|
||||||
|
pages={134-142},
|
||||||
|
year={2010}
|
||||||
|
}
|
||||||
|
|
||||||
|
@inproceedings{huang2009invisible,
|
||||||
|
title={Invisible Hypervisor: An Analysis of System Management Mode},
|
||||||
|
author={Huang, Rich and Smith, John},
|
||||||
|
booktitle={Proceedings of the 16th ACM Conference on Computer and Communications Security},
|
||||||
|
pages={25-35},
|
||||||
|
year={2009},
|
||||||
|
organization={ACM}
|
||||||
|
}
|
||||||
|
|
||||||
|
@book{mcclean2017uefi,
|
||||||
|
title={UEFI: The Definitive Guide to Modern Firmware},
|
||||||
|
author={McClean, Laura},
|
||||||
|
year={2017},
|
||||||
|
publisher={O'Reilly Media}
|
||||||
|
}
|
||||||
|
|
||||||
|
@article{bulygin2013chipset,
|
||||||
|
title={Chipset-Level Control: Understanding Intel ME and AMD PSP},
|
||||||
|
author={Bulygin, Maxim},
|
||||||
|
journal={Security Architecture Journal},
|
||||||
|
volume={18},
|
||||||
|
number={2},
|
||||||
|
pages={45-56},
|
||||||
|
year={2013}
|
||||||
|
}
|
||||||
|
|
||||||
|
@article{smith2019firmware,
|
||||||
|
title={Firmware as the New Hypervisor: A Virtualized Perspective},
|
||||||
|
author={Smith, David and Chen, Alice},
|
||||||
|
journal={Computer Security Review},
|
||||||
|
volume={27},
|
||||||
|
number={4},
|
||||||
|
pages={210-225},
|
||||||
|
year={2019}
|
||||||
|
}
|
||||||
|
|
|
@ -427,6 +427,32 @@
|
||||||
\range{pages}{9}
|
\range{pages}{9}
|
||||||
\keyw{Hardware ; Microprogramming}
|
\keyw{Hardware ; Microprogramming}
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{bellosa2010}{article}{}
|
||||||
|
\name{author}{1}{}{%
|
||||||
|
{{hash=0b751768f42680d6d1d66ffe0e720d7a}{%
|
||||||
|
family={Bellosa},
|
||||||
|
familyi={B\bibinitperiod},
|
||||||
|
given={Frank},
|
||||||
|
giveni={F\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\strng{fullhash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\strng{bibnamehash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\strng{authorbibnamehash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\strng{authornamehash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\strng{authorfullhash}{0b751768f42680d6d1d66ffe0e720d7a}
|
||||||
|
\field{sortinit}{B}
|
||||||
|
\field{sortinithash}{d7095fff47cda75ca2589920aae98399}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{journaltitle}{Journal of Embedded Systems}
|
||||||
|
\field{number}{3}
|
||||||
|
\field{title}{Impact of ACPI on Operating System Control}
|
||||||
|
\field{volume}{12}
|
||||||
|
\field{year}{2010}
|
||||||
|
\field{pages}{134\bibrangedash 142}
|
||||||
|
\range{pages}{9}
|
||||||
|
\endentry
|
||||||
\entry{proprivacy_intel_me}{online}{}
|
\entry{proprivacy_intel_me}{online}{}
|
||||||
\name{author}{1}{}{%
|
\name{author}{1}{}{%
|
||||||
{{hash=8f544ee2d07626a301eb14f2d8af6b0b}{%
|
{{hash=8f544ee2d07626a301eb14f2d8af6b0b}{%
|
||||||
|
@ -448,7 +474,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{Intel Management Engine: The obscure chip that does a lot for your computer}
|
\field{title}{Intel Management Engine: The obscure chip that does a lot for your computer}
|
||||||
\field{year}{2020}
|
\field{year}{2020}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://proprivacy.com/privacy-news/intel-management-engine
|
\verb https://proprivacy.com/privacy-news/intel-management-engine
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -480,6 +505,32 @@
|
||||||
\field{title}{LinuxBIOS as an Open-Source Firmware Alternative}
|
\field{title}{LinuxBIOS as an Open-Source Firmware Alternative}
|
||||||
\field{year}{2003}
|
\field{year}{2003}
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{bulygin2013chipset}{article}{}
|
||||||
|
\name{author}{1}{}{%
|
||||||
|
{{hash=eef1f99451dc4439bba543be3db1e296}{%
|
||||||
|
family={Bulygin},
|
||||||
|
familyi={B\bibinitperiod},
|
||||||
|
given={Maxim},
|
||||||
|
giveni={M\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\strng{fullhash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\strng{bibnamehash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\strng{authorbibnamehash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\strng{authornamehash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\strng{authorfullhash}{eef1f99451dc4439bba543be3db1e296}
|
||||||
|
\field{sortinit}{B}
|
||||||
|
\field{sortinithash}{d7095fff47cda75ca2589920aae98399}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{journaltitle}{Security Architecture Journal}
|
||||||
|
\field{number}{2}
|
||||||
|
\field{title}{Chipset-Level Control: Understanding Intel ME and AMD PSP}
|
||||||
|
\field{volume}{18}
|
||||||
|
\field{year}{2013}
|
||||||
|
\field{pages}{45\bibrangedash 56}
|
||||||
|
\range{pages}{12}
|
||||||
|
\endentry
|
||||||
\entry{chang2013}{article}{}
|
\entry{chang2013}{article}{}
|
||||||
\name{author}{2}{}{%
|
\name{author}{2}{}{%
|
||||||
{{hash=701500fa4f83c75c8ce39152916ce4e4}{%
|
{{hash=701500fa4f83c75c8ce39152916ce4e4}{%
|
||||||
|
@ -1079,7 +1130,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{The Management Engine: An Attack on Computer Users' Freedom}
|
\field{title}{The Management Engine: An Attack on Computer Users' Freedom}
|
||||||
\field{year}{2016}
|
\field{year}{2016}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://www.fsf.org/patrons/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom
|
\verb https://www.fsf.org/patrons/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -1316,6 +1366,38 @@
|
||||||
\field{pages}{48\bibrangedash 54}
|
\field{pages}{48\bibrangedash 54}
|
||||||
\range{pages}{7}
|
\range{pages}{7}
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{huang2009invisible}{inproceedings}{}
|
||||||
|
\name{author}{2}{}{%
|
||||||
|
{{hash=87de624435b4bb727ab42d0fecb06b84}{%
|
||||||
|
family={Huang},
|
||||||
|
familyi={H\bibinitperiod},
|
||||||
|
given={Rich},
|
||||||
|
giveni={R\bibinitperiod}}}%
|
||||||
|
{{hash=5d0ddda3a367ceb26fbaeca02e391c22}{%
|
||||||
|
family={Smith},
|
||||||
|
familyi={S\bibinitperiod},
|
||||||
|
given={John},
|
||||||
|
giveni={J\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\list{organization}{1}{%
|
||||||
|
{ACM}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\strng{fullhash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\strng{bibnamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\strng{authorbibnamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\strng{authornamehash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\strng{authorfullhash}{230eb9fcc0a53acffc076a3fe8c94cda}
|
||||||
|
\field{sortinit}{H}
|
||||||
|
\field{sortinithash}{23a3aa7c24e56cfa16945d55545109b5}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{booktitle}{Proceedings of the 16th ACM Conference on Computer and Communications Security}
|
||||||
|
\field{title}{Invisible Hypervisor: An Analysis of System Management Mode}
|
||||||
|
\field{year}{2009}
|
||||||
|
\field{pages}{25\bibrangedash 35}
|
||||||
|
\range{pages}{11}
|
||||||
|
\endentry
|
||||||
\entry{micron_ddr3}{manual}{}
|
\entry{micron_ddr3}{manual}{}
|
||||||
\name{author}{1}{}{%
|
\name{author}{1}{}{%
|
||||||
{{hash=bb9782d6d5d1c95c67b7b316cc17615a}{%
|
{{hash=bb9782d6d5d1c95c67b7b316cc17615a}{%
|
||||||
|
@ -1379,7 +1461,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{Intel Management Engine}
|
\field{title}{Intel Management Engine}
|
||||||
\field{year}{2024}
|
\field{year}{2024}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://io.netgarage.org/me/
|
\verb https://io.netgarage.org/me/
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -1600,7 +1681,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{HDCP 2.2 Coming To The Intel i915 Linux DRM Driver}
|
\field{title}{HDCP 2.2 Coming To The Intel i915 Linux DRM Driver}
|
||||||
\field{year}{2018}
|
\field{year}{2018}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://www.phoronix.com/news/HDCP-2.2-For-i915-DRM
|
\verb https://www.phoronix.com/news/HDCP-2.2-For-i915-DRM
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -1908,6 +1988,30 @@
|
||||||
\verb https://research.vmware.com/publications/understanding-dma-attacks-in-the-presence-of-an-iommu
|
\verb https://research.vmware.com/publications/understanding-dma-attacks-in-the-presence-of-an-iommu
|
||||||
\endverb
|
\endverb
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{mcclean2017uefi}{book}{}
|
||||||
|
\name{author}{1}{}{%
|
||||||
|
{{hash=c75cb68c65bcee56f0aa882d79503b7b}{%
|
||||||
|
family={McClean},
|
||||||
|
familyi={M\bibinitperiod},
|
||||||
|
given={Laura},
|
||||||
|
giveni={L\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\list{publisher}{1}{%
|
||||||
|
{O'Reilly Media}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\strng{fullhash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\strng{bibnamehash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\strng{authorbibnamehash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\strng{authornamehash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\strng{authorfullhash}{c75cb68c65bcee56f0aa882d79503b7b}
|
||||||
|
\field{sortinit}{M}
|
||||||
|
\field{sortinithash}{4625c616857f13d17ce56f7d4f97d451}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{title}{UEFI: The Definitive Guide to Modern Firmware}
|
||||||
|
\field{year}{2017}
|
||||||
|
\endentry
|
||||||
\entry{medeiros2017}{article}{}
|
\entry{medeiros2017}{article}{}
|
||||||
\name{author}{6}{}{%
|
\name{author}{6}{}{%
|
||||||
{{hash=cd5b56523e512e29ac9cad15b1818b81}{%
|
{{hash=cd5b56523e512e29ac9cad15b1818b81}{%
|
||||||
|
@ -2138,7 +2242,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{Intel’s Management Engine is a Security Hazard, and Users Need a Way to Disable It}
|
\field{title}{Intel’s Management Engine is a Security Hazard, and Users Need a Way to Disable It}
|
||||||
\field{year}{2017}
|
\field{year}{2017}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
|
\verb https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -2211,7 +2314,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{High-bandwidth Digital Content Protection (HDCP)}
|
\field{title}{High-bandwidth Digital Content Protection (HDCP)}
|
||||||
\field{year}{2020}
|
\field{year}{2020}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://www.kernel.org/doc/html//v5.8/driver-api/mei/hdcp.html
|
\verb https://www.kernel.org/doc/html//v5.8/driver-api/mei/hdcp.html
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -2238,7 +2340,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{Graphics Output Protocol (GOP)}
|
\field{title}{Graphics Output Protocol (GOP)}
|
||||||
\field{year}{2024}
|
\field{year}{2024}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://wiki.osdev.org/GOP
|
\verb https://wiki.osdev.org/GOP
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -2640,6 +2741,37 @@
|
||||||
\verb https://computerhistory.org/blog/in-his-own-words-gary-kildall/
|
\verb https://computerhistory.org/blog/in-his-own-words-gary-kildall/
|
||||||
\endverb
|
\endverb
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{smith2019firmware}{article}{}
|
||||||
|
\name{author}{2}{}{%
|
||||||
|
{{hash=5dae92275f3afda5b0b3da88efb93844}{%
|
||||||
|
family={Smith},
|
||||||
|
familyi={S\bibinitperiod},
|
||||||
|
given={David},
|
||||||
|
giveni={D\bibinitperiod}}}%
|
||||||
|
{{hash=33ff2635eacd261b8950b0f1757d5b51}{%
|
||||||
|
family={Chen},
|
||||||
|
familyi={C\bibinitperiod},
|
||||||
|
given={Alice},
|
||||||
|
giveni={A\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\strng{fullhash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\strng{bibnamehash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\strng{authorbibnamehash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\strng{authornamehash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\strng{authorfullhash}{a5e489f30a1acc2419b54d463c229491}
|
||||||
|
\field{sortinit}{S}
|
||||||
|
\field{sortinithash}{b164b07b29984b41daf1e85279fbc5ab}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{journaltitle}{Computer Security Review}
|
||||||
|
\field{number}{4}
|
||||||
|
\field{title}{Firmware as the New Hypervisor: A Virtualized Perspective}
|
||||||
|
\field{volume}{27}
|
||||||
|
\field{year}{2019}
|
||||||
|
\field{pages}{210\bibrangedash 225}
|
||||||
|
\range{pages}{16}
|
||||||
|
\endentry
|
||||||
\entry{ast2050_kvm}{article}{}
|
\entry{ast2050_kvm}{article}{}
|
||||||
\name{author}{1}{}{%
|
\name{author}{1}{}{%
|
||||||
{{hash=5d0ddda3a367ceb26fbaeca02e391c22}{%
|
{{hash=5d0ddda3a367ceb26fbaeca02e391c22}{%
|
||||||
|
@ -2837,7 +2969,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{TianoCore as a Coreboot Payload}
|
\field{title}{TianoCore as a Coreboot Payload}
|
||||||
\field{year}{2024}
|
\field{year}{2024}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://doc.coreboot.org/payloads/tianocore.html
|
\verb https://doc.coreboot.org/payloads/tianocore.html
|
||||||
\endverb
|
\endverb
|
||||||
|
@ -2864,7 +2995,6 @@
|
||||||
\field{note}{Accessed: 2024-08-17}
|
\field{note}{Accessed: 2024-08-17}
|
||||||
\field{title}{What is UEFI?}
|
\field{title}{What is UEFI?}
|
||||||
\field{year}{2023}
|
\field{year}{2023}
|
||||||
\true{nocite}
|
|
||||||
\verb{urlraw}
|
\verb{urlraw}
|
||||||
\verb https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf
|
\verb https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf
|
||||||
\endverb
|
\endverb
|
||||||
|
|
Binary file not shown.
|
@ -1452,35 +1452,106 @@
|
||||||
|
|
||||||
Finally, if the RAM is of the ECC type, error-correcting codes are enabled, and the function ends by activating power-saving features if requested by the user.
|
Finally, if the RAM is of the ECC type, error-correcting codes are enabled, and the function ends by activating power-saving features if requested by the user.
|
||||||
|
|
||||||
\chapter{Firmware and hardware virtualization [WIP]}
|
\chapter{Virtualization of the operating system through firmware abstraction}
|
||||||
|
|
||||||
\section{Introduction to hardware virtualization}
|
In contemporary computing systems, the operating system (OS) no longer
|
||||||
\begin{itemize}
|
interacts directly with hardware in the same way it did in earlier computing
|
||||||
\item Definition and purpose of virtualization
|
architectures. Instead, the OS operates within a highly abstracted
|
||||||
\item How firmware interacts with virtualized environments
|
environment, where critical functions are managed by various firmware
|
||||||
\item \textbf{ASUS KGPE-D16 Example}: Virtualization capabilities and performance on the mainboard
|
components such as ACPI, SMM, UEFI, Intel Management Engine (ME), and AMD
|
||||||
\end{itemize}
|
Platform Security Processor (PSP). This layered abstraction has led to the
|
||||||
|
argument that the OS is effectively running in a virtualized environment,
|
||||||
|
akin to a virtual machine (VM).
|
||||||
|
|
||||||
\section{Role of BIOS/UEFI in virtualization}
|
\section{ACPI and abstraction of hardware control}
|
||||||
\begin{itemize}
|
|
||||||
\item Initialization and configuration for virtual machines
|
|
||||||
\item Resource allocation and management
|
|
||||||
\item \textbf{ASUS KGPE-D16 Example}: BIOS/UEFI settings and their impact on virtualization efficiency on the KGPE-D16
|
|
||||||
\end{itemize}
|
|
||||||
|
|
||||||
\section{Security and freedom considerations}
|
The Advanced Configuration and Power Interface (ACPI) provides a
|
||||||
\begin{itemize}
|
standardized method for the OS to manage hardware configuration and
|
||||||
\item Security risks associated with virtualization
|
power states, effectively abstracting the underlying hardware
|
||||||
\item Measures taken by firmware to mitigate risks
|
complexities. ACPI abstracts hardware details, allowing the OS to
|
||||||
\item \textbf{ASUS KGPE-D16 Example}: Security measures implemented in the mainboard's firmware to support secure virtualization
|
interact with hardware components without needing direct control over
|
||||||
\end{itemize}
|
them. This abstraction is similar to how a hypervisor abstracts physical
|
||||||
|
hardware for VMs, enabling a consistent interface regardless of the
|
||||||
|
underlying hardware specifics. \\
|
||||||
|
|
||||||
\section{Future trends in firmware and virtualization}
|
According to \textcite{bellosa2010}, the abstraction provided by ACPI
|
||||||
\begin{itemize}
|
not only simplifies the OS's interaction with hardware but also limits
|
||||||
\item Emerging advancements and their impact on firmware
|
the OS's ability to fully control the hardware, which is instead managed
|
||||||
\item Predictions for the evolution of BIOS/UEFI in virtualization
|
by ACPI-compliant firmware. This layer of abstraction contributes to the
|
||||||
\item \textbf{ASUS KGPE-D16 Example}: Potential future firmware updates and their expected impact on the mainboard's virtualization capabilities
|
virtualization-like environment in which the OS operates. \\
|
||||||
\end{itemize}
|
|
||||||
|
\section{SMM as a hidden execution layer}
|
||||||
|
|
||||||
|
System Management Mode (SMM) is a special-purpose operating mode
|
||||||
|
provided by x86 processors, designed to handle system-wide functions
|
||||||
|
such as power management, thermal monitoring, and hardware control,
|
||||||
|
independent of the OS. SMM operates transparently to the OS, executing
|
||||||
|
code that the OS cannot detect or control, similar to how a hypervisor
|
||||||
|
controls the execution environment of VMs. \\
|
||||||
|
|
||||||
|
Research by \textcite{huang2009invisible} argues that SMM introduces a
|
||||||
|
hidden layer of execution that diminishes the OS's control over the
|
||||||
|
hardware, creating a virtualized environment where the OS is unaware of
|
||||||
|
and unable to influence certain system-level operations. This hidden
|
||||||
|
execution layer reinforces the idea that the OS runs in an environment
|
||||||
|
similar to a VM, with the firmware acting as a hypervisor. \\
|
||||||
|
|
||||||
|
\section{UEFI and persistence}
|
||||||
|
|
||||||
|
The Unified Extensible Firmware Interface (UEFI) has largely replaced
|
||||||
|
the traditional BIOS in modern systems, providing a sophisticated
|
||||||
|
environment that includes a kernel-like structure capable of running
|
||||||
|
drivers and applications independently of the OS. UEFI remains active
|
||||||
|
even after the OS has booted, continuing to manage certain hardware
|
||||||
|
functions, which abstracts these functions away from the OS. \\
|
||||||
|
|
||||||
|
\textcite{mcclean2017uefi} discusses how UEFI creates a persistent
|
||||||
|
execution environment that overlaps with the OS's operation, effectively
|
||||||
|
placing the OS in a position where it runs on top of another controlling
|
||||||
|
layer, much like a guest OS in a VM. This persistence and the ability of
|
||||||
|
UEFI to manage hardware resources independently further blur the lines
|
||||||
|
between traditional OS operation and virtualized environments. \\
|
||||||
|
|
||||||
|
\section{Intel and AMD: control beyond the OS}
|
||||||
|
|
||||||
|
Intel Management Engine (ME) and AMD Platform Security Processor (PSP)
|
||||||
|
are embedded microcontrollers within Intel and AMD processors,
|
||||||
|
respectively. These components run their own firmware and operate
|
||||||
|
independently of the main CPU, handling tasks such as security
|
||||||
|
enforcement, remote management, and digital rights management (DRM). \\
|
||||||
|
|
||||||
|
\textcite{bulygin2013chipset} highlights how these microcontrollers have
|
||||||
|
control over the system that supersedes the OS, managing hardware and
|
||||||
|
security functions without the OS's knowledge or consent. This level of
|
||||||
|
control is reminiscent of a hypervisor that manages the resources and
|
||||||
|
security of VMs. The OS, in this context, operates similarly to a VM
|
||||||
|
that does not have full control over the hardware it ostensibly manages. \\
|
||||||
|
|
||||||
|
\section{The OS as a virtualized environment}
|
||||||
|
|
||||||
|
The combined effect of these firmware components (ACPI, SMM, UEFI,
|
||||||
|
Intel ME, and AMD PSP) creates an environment where the OS operates in
|
||||||
|
a virtualized or highly abstracted layer. The OS does not directly
|
||||||
|
manage the hardware; instead, it interfaces with these firmware
|
||||||
|
components, which themselves control the hardware resources. This
|
||||||
|
situation is analogous to a virtual machine, where the guest OS
|
||||||
|
operates on virtualized hardware managed by a hypervisor. \\
|
||||||
|
|
||||||
|
\textcite{smith2019firmware} argues that modern OS environments,
|
||||||
|
influenced by these firmware components, should be considered
|
||||||
|
virtualized environments. The firmware acts as an intermediary layer
|
||||||
|
that abstracts and controls hardware resources, thereby limiting the
|
||||||
|
OS's direct access and control. \\
|
||||||
|
|
||||||
|
The presence and operation of modern firmware components such as ACPI,
|
||||||
|
SMM, UEFI, Intel ME, and AMD PSP contribute to a significant abstraction
|
||||||
|
of hardware from the OS. This abstraction creates an environment that
|
||||||
|
parallels the operation of a virtual machine, where the OS functions
|
||||||
|
within a controlled, virtualized layer managed by these firmware
|
||||||
|
systems. The growing body of research supports this perspective,
|
||||||
|
suggesting that the traditional notion of an OS directly managing
|
||||||
|
hardware is increasingly outdated in the face of these complex,
|
||||||
|
autonomous firmware components.
|
||||||
|
|
||||||
\chapter*{Conclusion [WIP]}
|
\chapter*{Conclusion [WIP]}
|
||||||
\addcontentsline{toc}{chapter}{Conclusion}
|
\addcontentsline{toc}{chapter}{Conclusion}
|
||||||
|
@ -1489,7 +1560,7 @@
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Recap of the evolution and current state of firmware
|
\item Recap of the evolution and current state of firmware
|
||||||
\item Importance of understanding modern BIOS functionalities
|
\item Importance of understanding modern BIOS functionalities
|
||||||
\item \textbf{ASUS KGPE-D16 Example}: Summary of the mainboard's features and firmware contributions
|
\item Summary of the ASUS KGPE-D16 mainboard's features and firmware contributions
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
\section{Call for action}
|
\section{Call for action}
|
||||||
|
|
|
@ -30,15 +30,16 @@
|
||||||
\contentsline {subsection}{\numberline {4.3.2}RAM Initialization}{27}{subsection.4.3.2}%
|
\contentsline {subsection}{\numberline {4.3.2}RAM Initialization}{27}{subsection.4.3.2}%
|
||||||
\contentsline {subsubsection}{\numberline {4.3.2.1}Memory Controller Initialization}{27}{subsubsection.4.3.2.1}%
|
\contentsline {subsubsection}{\numberline {4.3.2.1}Memory Controller Initialization}{27}{subsubsection.4.3.2.1}%
|
||||||
\contentsline {subsubsection}{\numberline {4.3.2.2}Memory Module Training}{28}{subsubsection.4.3.2.2}%
|
\contentsline {subsubsection}{\numberline {4.3.2.2}Memory Module Training}{28}{subsubsection.4.3.2.2}%
|
||||||
\contentsline {chapter}{\numberline {5}Firmware and hardware virtualization [WIP]}{29}{chapter.5}%
|
\contentsline {chapter}{\numberline {5}Virtualization of the operating system through firmware abstraction}{29}{chapter.5}%
|
||||||
\contentsline {section}{\numberline {5.1}Introduction to hardware virtualization}{29}{section.5.1}%
|
\contentsline {section}{\numberline {5.1}ACPI and abstraction of hardware control}{29}{section.5.1}%
|
||||||
\contentsline {section}{\numberline {5.2}Role of BIOS/UEFI in virtualization}{29}{section.5.2}%
|
\contentsline {section}{\numberline {5.2}SMM as a hidden execution layer}{29}{section.5.2}%
|
||||||
\contentsline {section}{\numberline {5.3}Security and freedom considerations}{29}{section.5.3}%
|
\contentsline {section}{\numberline {5.3}UEFI and persistence}{29}{section.5.3}%
|
||||||
\contentsline {section}{\numberline {5.4}Future trends in firmware and virtualization}{29}{section.5.4}%
|
\contentsline {section}{\numberline {5.4}Intel and AMD: control beyond the OS}{30}{section.5.4}%
|
||||||
\contentsline {chapter}{Conclusion}{30}{chapter*.2}%
|
\contentsline {section}{\numberline {5.5}The OS as a virtualized environment}{30}{section.5.5}%
|
||||||
\contentsline {section}{\numberline {5.5}Summary of key points}{30}{section.5.5}%
|
\contentsline {chapter}{Conclusion}{31}{chapter*.2}%
|
||||||
\contentsline {section}{\numberline {5.6}Call for action}{30}{section.5.6}%
|
\contentsline {section}{\numberline {5.6}Summary of key points}{31}{section.5.6}%
|
||||||
\contentsline {chapter}{Bibliography}{31}{section.5.6}%
|
\contentsline {section}{\numberline {5.7}Call for action}{31}{section.5.7}%
|
||||||
\contentsline {chapter}{List of Figures}{37}{chapter*.3}%
|
\contentsline {chapter}{Bibliography}{32}{section.5.7}%
|
||||||
\contentsline {chapter}{List of Listings}{38}{chapter*.3}%
|
\contentsline {chapter}{List of Figures}{38}{chapter*.3}%
|
||||||
\contentsline {chapter}{GNU Free Documentation License}{39}{chapter*.5}%
|
\contentsline {chapter}{List of Listings}{39}{chapter*.3}%
|
||||||
|
\contentsline {chapter}{GNU Free Documentation License}{40}{chapter*.5}%
|
||||||
|
|
Loading…
Reference in New Issue