19 Sep
2024
19 Sep
'24
3 a.m.
Forget "rings". Unix needs only two states from hardware.
Forget virtualization for now as well.
The kernel runs in the supervisor state, the user code in the
unprivileged state where it can't execute or see certain
instructions or processor state or peripherals and must make
system calls for controlled access to the same.
In addition Unix has the "root" user that can access much more
but it too must go through the system call interface.
A "warm reboot" system call would simply arrange things so that
the new kernel image is copied in the right place and control
will eventually pass to it.
It is not so simple these days as the hardware is much more
complex and often requires vendor provided firmware assist
to properly initialize the system before control gets passed
to an OS kernel but no change in the protection model is
required for a kernel to kernel handoff.
On Sep 18, 2024, at 5:04 PM, George Michaelson
<ggm(a)algebras.org> wrote:
Not to be "that guy" some of this can be read as "the whole
ring/protection model is a myth" because doing a boot into a new
executive demands "writing" state into parts of the system which
people believe by a phenomenal act of faith are "protected" against
that.
Virtualisation makes much of this latent "protection rings are a bit
of a myth" concrete.
Maybe I misunderstand some of this. I can believe that UNIX-like
things try to work irrespective of what chip designers do underneath
to construct things like TPM, and talk to it in the limited ways
necessary.
-G