|
amadeus
|
 |
« on: December 18, 2007, 03:44:30 PM » |
|
Hi,
I was wondering, if anyone have an estimate of the performance drop because of the hypervisor? Are we talking about 1%, 5%, or 10%?
If the hypervisor is disabled, would that make the games faster, or does it not work like that?
|
|
|
|
|
Logged
|
|
|
|
|
Arakon
|
|
« Reply #1 on: December 18, 2007, 03:47:14 PM » |
|
if the hypervisor was disabled, the system wouldn't run anything.
|
|
|
|
|
Logged
|
I do NOT give support by email, PM, ICQ or whatever. Anyone annoying me that way will have his balls removed. With a rusty butterknife. Slowly. And I'll enjoy doing it.
|
|
|
|
Ell3X
|
|
« Reply #2 on: December 18, 2007, 04:07:25 PM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
amadeus
|
|
« Reply #3 on: December 18, 2007, 04:49:24 PM » |
|
Thanks for that one  I assume, that the biggest problem is, that the kernel needs to be signed by MS? But if that is not the case, would it then be possible to develop a kernel without a HV? |
|
|
|
« Last Edit: December 18, 2007, 05:11:36 PM by amadeus »
|
Logged
|
|
|
|
|
tmbinc
|
|
« Reply #4 on: December 18, 2007, 08:02:29 PM » |
|
Sure, linux for example doesn't use a hypervisor.
Still the hypervisor act as part of the OS. the functions need to be there. If they wouldn't be in the HV, they would be in the supervisor. What you could save would be the mode switch at the syscalls. But the syscalls are not called in performance critical tasks, so my guess is: <1%.
What might impact performance is the memory encryption and checking. But according to the sources we know, the impact is minimal because the latency of the decryption is largely hidden by the l2 cache latency (however this works).
|
|
|
|
|
Logged
|
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
|
|
|
|
amadeus
|
|
« Reply #5 on: December 19, 2007, 10:21:21 AM » |
|
That's pretty impressive Is the memory also encrypted when running Linux? Would it be possible to develop a new (open source) kernel? |
|
|
|
|
Logged
|
|
|
|
|
aegzorz
|
|
« Reply #6 on: December 19, 2007, 03:08:28 PM » |
|
The Linux kernel IS open source |
|
|
|
|
Logged
|
|
|
|
|
amadeus
|
|
« Reply #7 on: December 19, 2007, 03:46:02 PM » |
|
The Linux kernel IS open source What??? Just kidding  Unfortunately won't the Linux kernel fit in the flash. I was fishing more after what sort of modifications that don't need signing from MS. Hence, can we e.g. modify the kernel? |
|
|
|
|
Logged
|
|
|
|
|
aegzorz
|
|
« Reply #8 on: December 19, 2007, 04:32:06 PM » |
|
The linux kernel should fit nicely in the flash, just that we can't load it directly because of the signatures.
The signatures also prevents us from replacing the existing kernel, that's why we need the vulnerable 4532/4548 to run unsigned code.
|
|
|
|
|
Logged
|
|
|
|
|
amadeus
|
|
« Reply #9 on: December 19, 2007, 05:09:27 PM » |
|
The linux kernel should fit nicely in the flash, just that we can't load it directly because of the signatures.
The signatures also prevents us from replacing the existing kernel, that's why we need the vulnerable 4532/4548 to run unsigned code.
Okay thanks for that. It would be so cool, if we could use the HV to return a different signature (ours) instead of MS's... |
|
|
|
|
Logged
|
|
|
|
|
Redline99
|
|
« Reply #10 on: December 19, 2007, 05:17:08 PM » |
|
If you could change the HV to skip the Kernel sig then great, but how are you going to change the HV without breaking it's sig? Everything is checked in the bootloaders from 1bl to fully running. You have to break that chain of trust somewhere to get unsigned code to execute.
|
|
|
|
|
Logged
|
Where's Waldo
|
|
|
|
amadeus
|
|
« Reply #11 on: December 19, 2007, 05:38:11 PM » |
|
If you could change the HV to skip the Kernel sig then great, but how are you going to change the HV without breaking it's sig? Everything is checked in the bootloaders from 1bl to fully running. You have to break that chain of trust somewhere to get unsigned code to execute.
I now understand the problem... Although it is not clear to me, how the kernel is patched up from 1888 to current, and the signature is still valid. Is it due to some mathematics like super position that ensures that the new (patched) kernel also have a valid signature? |
|
|
|
|
Logged
|
|
|
|
|
tmbinc
|
|
« Reply #12 on: December 19, 2007, 06:28:01 PM » |
|
No, it's just that the base kernel (1888) signature must be ok (technically speaking: the signature of the loader of the kernel must be ok (2BL). The loader then checks the hash of the next loader (4BL)/kernel(5BL), which must match).
Then, the 4BL (i.e. the program which unpacks the kernel) checks, after the base kernel was extracted ok, if the signature of the patcher (6BL) is ok. The patcher is a program which applies the difference to the updated kernel (7BL) against the base kernel. Thus, an updated system has two signatures: one for the base kernel (which is always the same), and one for the upgrade. The upgrade of course is delivered already in a signed form.
|
|
|
|
|
Logged
|
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
|
|
|
|
Redline99
|
|
« Reply #13 on: December 19, 2007, 06:43:46 PM » |
|
oh and the HV/Kern are packaged in the same section covered by the same sig etc... And I was over simplifying the explanation.  |
|
|
|
|
Logged
|
Where's Waldo
|
|
|
|
amadeus
|
|
« Reply #14 on: December 19, 2007, 08:53:09 PM » |
|
No, it's just that the base kernel (1888) signature must be ok (technically speaking: the signature of the loader of the kernel must be ok (2BL). The loader then checks the hash of the next loader (4BL)/kernel(5BL), which must match).
Then, the 4BL (i.e. the program which unpacks the kernel) checks, after the base kernel was extracted ok, if the signature of the patcher (6BL) is ok. The patcher is a program which applies the difference to the updated kernel (7BL) against the base kernel. Thus, an updated system has two signatures: one for the base kernel (which is always the same), and one for the upgrade. The upgrade of course is delivered already in a signed form.
So how to they ensure the integrity of the 2nd signature? Have they signed the 2nd signature? And if so, is the component that does that check signed its self? |
|
|
|
|
Logged
|
|
|
|
|
Redline99
|
|
« Reply #15 on: December 19, 2007, 11:51:06 PM » |
|
From my limited understanding, the chain of trust starts with the 1bl which is inside of the cpu. Then the 2bl is is loaded from flash. Then the 1bl validates the 2bl before the 2bl gets to run. The 2bl then validates the next section before it gets to run, etc... Since the 1bl is started automatically from the cpu rom, that makes it hard to start any naughty business.
|
|
|
|
|
Logged
|
Where's Waldo
|
|
|
|
tmbinc
|
|
« Reply #16 on: December 20, 2007, 06:20:02 PM » |
|
amadeus: Please re-read my post. The first signature (of 2BL) is checked in 1BL (ROM), the second signature (of 6BL) is checked in 4BL. 4BL itself is hashed and checked by 2BL, which is signed.
So yeah, chain of trust: 1BL -> 2BL -> 4BL -> 5BL and 4BL -> 6BL -> 7BL. 5BL is base kernel, 7BL is the difference to the final kernel.
|
|
|
|
|
Logged
|
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
|
|
|
|
amadeus
|
|
« Reply #17 on: December 20, 2007, 08:33:26 PM » |
|
Thank you very much for the visuals and explanation. I now understand the problem, and have no more questions |
|
|
|
|
Logged
|
|
|
|
|
Dilber MC Theme by HarzeM