1. This forum section is a read-only archive which contains old newsgroup posts. If you wish to post a query, please do so in one of our main forum sections (here). This way you will get a faster, better response from the members on Motherboard Point.

Microsoft may abandon Palladium for AMD's NX-bit

Discussion in 'Intel' started by Yousuf Khan, May 5, 2004.

  1. Yousuf Khan

    Yousuf Khan Guest

    Now these two stories confuse me a little bit. When we first heard about
    Palladium (or NGSCB or whatever it's being called today), it was supposed to
    be this dire invasion of our privacies, etc., etc. But now it simply looks
    like it was something to stop viruses. So how exactly was Palladium supposed
    to work anyways? Was there supposed to be some hardware support for this
    technology, or was it entirely software? If there was hardware support, were
    they using separated code and data segments as has existed in 32-bit
    processors but never implemented, since the 386? What was Palladium supposed
    to be really?

    http://www.theinquirer.net/?article=15737

    http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49936

    Yousuf Khan
     
    Yousuf Khan, May 5, 2004
    #1
    1. Advertisements

  2. Yousuf Khan

    Wes Felter Guest

    Not surprising since the Inquirer article is bogus. The NX bit is
    orthogonal to Palladium.
    Palladium provides little protection against viruses/worms; it's not
    intended to.
    http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
     
    Wes Felter, May 5, 2004
    #2
    1. Advertisements

  3. Yousuf Khan

    Stacey Guest

    Stacey, May 6, 2004
    #3
  4. Yousuf Khan

    Yousuf Khan Guest

    Yousuf Khan, May 6, 2004
    #4
  5. Yousuf Khan

    Alex Johnson Guest

    CRN said:
    "Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended
    Systems will also support the NX feature in Intel Itanium processors for
    clients due out in the second half."

    I'd like to know how they do it now and how they plan to do it in the
    future, considering this sentence makes no sense to me. The Itanium
    architecture doesn't have an NX bit. There are two things they could
    do. First they could actually use the fact that Itanium has separate
    ITB and DTB and don't map your code pages into the data TLB! Second
    they could set their data pages' access rights level to 2 (read, write),
    and their instruction pages' access rights to 1 (read, execute) (other
    combinations would give more useful but equally safe access to various
    priviledged code). But really, what is the chance than Microsoft would
    write correct, much less safe, code? They don't even use the split TLB
    system properly or allow any page size besides 8KB, AFAIK.

    Alex
     
    Alex Johnson, May 7, 2004
    #5
  6. Yousuf Khan

    Sam Iam Guest

    Well, more like:

    We determined that you have run something illegal. Homeland Security has
    been alerted!

    (back in the lurk mode :)
     
    Sam Iam, May 7, 2004
    #6
  7. In the US that would be:
    'Can you PROVE you were not running anything illegal'?
    This law will make it, as it saves companies ++++ on support.
    JP
     
    Jan Panteltje, May 7, 2004
    #7
  8. Yousuf Khan

    Yousuf Khan Guest

    I was wondering about that, i.e. how data and instruction pages are
    separated in Itanium? So it's actually done with two separate page tables,
    as opposed to a single page table with a special attribute. This would also
    make more sense in long-term architectural design point of view, as Itanium
    is brand new and they can take brand new paths like this, whereas with x86
    you have to take somewhat more limited steps.

    Yousuf Khan
     
    Yousuf Khan, May 7, 2004
    #8
  9.  
    Eugene Nalimov, May 7, 2004
    #9

  10. This is silly. Page access rights on IPF let you do everything you
    can do with the U/S, R/W and NX bits on an x86, and then some. Or do
    you think that somehow being able to explicitly disable execution on a
    page is somehow different than having to explicitly enable it?
     
    Robert Wessel, May 8, 2004
    #10
  11. Yousuf Khan

    Stacey Guest

    That was my thinking, this will give them something to blame ANY problem
    on!!! And yes I'm sure "protection" laws are just around the corner. This
    kind of BS is exactly what will end up killing the internet for many
    people.
     
    Stacey, May 8, 2004
    #11
  12. Yousuf Khan

    Jim Hull Guest

    No. The ITLB and DTLB serve as on-chip caches of translations from a
    single page table (the VHPT). Furthermore, the TLBs need not be separate
    structures, but can be implemented as a single unified TLB if desired
    (although no processor has yet done so). Given this, the only way the OS
    can guarantee that data pages aren't executable is to set the access
    rights field to a value that doesn't include execute permission. For
    details of the access rights combinations defined by the Itainum
    architecture, see Section 4.1.1.6, here:

    http://developer.intel.com/design/itanium/manuals/245318.pdf#page=64

    You might want to peruse the other parts of Chapter 4 of this document,
    which describe other aspects of the Itanium addressing and protection
    architecture.
    Actually, the Itanium system architecture is, in general, pretty standard
    stuff - mostly just combining various parts of the system architectures of
    PA-RISC and IA32. This was done by design, to help minimize the effort of
    porting OSs to Itanium. Not to say that there aren't interesting twists
    (like explicit serialization) and new features (e.g., the RSE) to deal
    with, but mostly it's supposed to look familiar to an OS designer.

    -- Jim
    HP Itanium Processor Architect
     
    Jim Hull, May 13, 2004
    #12
  13. Yousuf Khan

    Alex Johnson Guest

    This is generally true because the intent was to have the VHPT enabled.
    However, this is not required. There can be separate software tables
    which each handler uses. This does have a performance hit, but often
    security is gained at the cost of performance. The actual
    implementation of split caches makes this unexpected bonus possible.
    Sadly, you are wrong here, Jim. Intel will *never* go to a unified TLB
    on Itanium because that would break legacy code. Intel sets up things
    as "undefined" or having behavior which may change in each
    microarchitecture, but invariably forces its designers to duplicate all
    past "undefined" and optional behaviors to guarantee a customer's
    incorrectly written code still functions. (Personal opinion, that
    customer is almost always Microsoft.)

    Alex
     
    Alex Johnson, May 14, 2004
    #13
  14. Yousuf Khan

    Jim Hull Guest

    Yes, I probably should have made it clearer that I was assuming that the
    VHPT walker is enabled, since as you say, there is a substantial
    performance advantage in doing so. I was trying to avoid going into too
    many details, but now that you've brought it up, here are some more:

    The architecture allows the walker to be enabled for some portions of the
    address space and disabled for others (this is controlled by the "ve" bit
    in each region register). For regions where it is enabled, you must have
    a single VHPT in one of the architecturally-defined formats. For regions
    where the walker is disabled, all TLB misses result in faults to special
    OS handlers, which can be written to access separate page tables, tables
    in whatever format the OS likes, or even no tables at all (linux uses the
    latter to create "identity-mapped" memory).
    I don't think so. I did, however, over simplify things again. The
    architecture defines two sub-sections in the TLBs, Translation Registers
    (TRs), which you can think of as "pinned" entries, and Translation Cache
    (TC) entries. The TRs are guaranteed to not to be unified, but the TCs
    can be.
    I'd love to hear about what existing code you think will break.
    I agree that this is how Intel behaves in the IA-32 world. I think part
    of the problem there is that too much of the architecture was
    underspecified, and mixed in with implementation specifics, with no way
    for software to separate the two.

    However, my experience in the Itanium world is different. Intel seems to
    be more willing to change implementations in order to take advantage of
    optional or undefined behavior, so long as it is clearly documented in the
    architecture that such implementations are allowed, as in this case - see
    Volume 2, Section 4.1.1.3, here:

    http://developer.intel.com/design/itanium/manuals/245318.pdf#page=60

    -- Jim
    HP Itanium Processor Architect
     
    Jim Hull, May 21, 2004
    #14
  15. A while back when the FUD was flying everywhere, I wrote a brief
    description of what Palladium (and TCPA) is supposed to be, from a
    technical standpoint. Perhaps it would help clarify things:

    http://www.colohan.com/docs/trusted_computing.html

    Chris
     
    Christopher Brian Colohan, May 21, 2004
    #15
  16. Interesting and clearly written, but some questions remain, such as for example
    the coordinates of redmond for a nuclear attack.
    JP
     
    Jan Panteltje, May 21, 2004
    #16
  17. Do I really want all my hw to support/require encrypted tunnels?
    No problem! :)
    (Or should that be :-( ?)

    From Garmin's City Select:

    Microsoft-Corporate Headquarters
    1 Microsoft Way
    Redmond, WA 98052
    425-882-8080

    N47.64376 W122.13050

    Terje
     
    Terje Mathisen, May 22, 2004
    #17
  18. Yousuf Khan

    Alex Johnson Guest

    That's interesting. I've learned something new. Linux uses no page
    table structure? What exactly is identity-mapped memory? Funny, I
    hacked the kernel and simulated bootup sequences but never had the time
    to delve into what was going on in those sequences.
    Sadly (or not), I'm wrong. That's a small paragraph in a large book.
    But it looks like intel did plan ahead for that.
    I don't know of any real examples, but I've been told enough horror
    stories from the trenches of vendors NOT following the published specs
    and doing implementation specific behaviors because it is easier for
    them, or enables some copy protection scheme. I'm sure there are people
    out there that don't obey the rules for translations either because they
    don't know what they are doing or don't care. And when those large
    vendors' software is broken by a new design and they complain, intel
    will not point to the books and say "you didn't do this the way we told
    you", they'll say "oh, you need it to work like this? here, i'll just
    go get the engineers to change it back for you." But usually that kind
    of thing only happens for bug-dependent code or code dependent on
    undefined behaviors, which later become defined to be whatever the first
    chip did since some valuable code depends on it.

    Alex
     
    Alex Johnson, May 24, 2004
    #18
  19. Yousuf Khan

    I R T Guest

    In the US that would be:
    And a free holiday in Guantanomo Bay, for anyone who looks even
    slightly suspicious.

    I hope that they have cleaned the chemical lights after use....
     
    I R T, Jun 14, 2004
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.