Sign in with
Sign up | Sign in
Your question

Microsoft may abandon Palladium for AMD's NX-bit

Last response: in CPUs
Share
Anonymous
a b à CPUs
May 5, 2004 8:33:27 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Now these two stories confuse me a little bit. When we first heard about
Palladium (or NGSCB or whatever it's being called today), it was supposed to
be this dire invasion of our privacies, etc., etc. But now it simply looks
like it was something to stop viruses. So how exactly was Palladium supposed
to work anyways? Was there supposed to be some hardware support for this
technology, or was it entirely software? If there was hardware support, were
they using separated code and data segments as has existed in 32-bit
processors but never implemented, since the 386? What was Palladium supposed
to be really?

http://www.theinquirer.net/?article=15737

http://www.crn.com/sections/BreakingNews/dailyarchives....

Yousuf Khan

--
Humans: contact me at ykhan at rogers dot com
Spambots: just reply to this email address ;-)
Anonymous
a b à CPUs
May 5, 2004 8:33:28 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

On Wed, 05 May 2004 16:33:27 +0000, Yousuf Khan wrote:

> Now these two stories confuse me a little bit.

Not surprising since the Inquirer article is bogus. The NX bit is
orthogonal to Palladium.

> When we first heard about
> Palladium (or NGSCB or whatever it's being called today), it was supposed to
> be this dire invasion of our privacies, etc., etc. But now it simply looks
> like it was something to stop viruses.

Palladium provides little protection against viruses/worms; it's not
intended to.

> So how exactly was Palladium supposed
> to work anyways? Was there supposed to be some hardware support for this
> technology, or was it entirely software? If there was hardware support, were
> they using separated code and data segments as has existed in 32-bit
> processors but never implemented, since the 386? What was Palladium supposed
> to be really?

http://www.eff.org/Infrastructure/trusted_computing/200...

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

--
Wes Felter - wesley@felter.org - http://felter.org/wesley/
May 6, 2004 4:05:18 AM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Wes Felter wrote:

> On Wed, 05 May 2004 16:33:27 +0000, Yousuf Khan wrote:
>
>> What was Palladium
>> supposed to be really?
>
> http://www.eff.org/Infrastructure/trusted_computing/200...
>
> http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
>

Looks like security for THEM at our expense. I love being treated like a
thief! This BS is why I stopped using MS products to start with!
--

Stacey
Anonymous
a b à CPUs
May 7, 2004 1:09:53 AM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Wes Felter wrote:
> Palladium provides little protection against viruses/worms; it's not
> intended to.
>
>> So how exactly was Palladium supposed
>> to work anyways? Was there supposed to be some hardware support for
>> this technology, or was it entirely software? If there was hardware
>> support, were they using separated code and data segments as has
>> existed in 32-bit processors but never implemented, since the 386?
>> What was Palladium supposed to be really?
>
> http://www.eff.org/Infrastructure/trusted_computing/200...
>
> http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Oh yes, now I remember what we were so afraid of Palladium for. :-)

Your computer breaks down and you call for tech support, and part of the
tech support questions would be, "were you trying to run something illegal,
sir?"

Yousuf Khan
Anonymous
a b à CPUs
May 7, 2004 12:32:04 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

CRN said:
"Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended
Systems will also support the NX feature in Intel Itanium processors for
clients due out in the second half."

I'd like to know how they do it now and how they plan to do it in the
future, considering this sentence makes no sense to me. The Itanium
architecture doesn't have an NX bit. There are two things they could
do. First they could actually use the fact that Itanium has separate
ITB and DTB and don't map your code pages into the data TLB! Second
they could set their data pages' access rights level to 2 (read, write),
and their instruction pages' access rights to 1 (read, execute) (other
combinations would give more useful but equally safe access to various
priviledged code). But really, what is the chance than Microsoft would
write correct, much less safe, code? They don't even use the split TLB
system properly or allow any page size besides 8KB, AFAIK.

Alex
--
My words are my own. They represent no other; they belong to no other.
Don't read anything into them or you may be required to compensate me
for violation of copyright. (I do not speak for my employer.)
Anonymous
a b à CPUs
May 7, 2004 3:35:26 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Yousuf Khan wrote:

> Oh yes, now I remember what we were so afraid of Palladium for. :-)
>
> Your computer breaks down and you call for tech support, and part of the
> tech support questions would be, "were you trying to run something
> illegal, sir?"
>

Well, more like:

We determined that you have run something illegal. Homeland Security has
been alerted!

(back in the lurk mode :) 
--
Sam I am
Spam alert! Reply-to address is bogus
spam_heaven at sympatico dot ca is where I can be reached
Anonymous
a b à CPUs
May 7, 2004 4:11:45 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

"Alex Johnson" <compuwiz@acm.org> wrote in message
news:c7fvk5$6le$1@news01.intel.com...
> CRN said:
> "Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended
> Systems will also support the NX feature in Intel Itanium processors for
> clients due out in the second half."
>
> I'd like to know how they do it now and how they plan to do it in the
> future, considering this sentence makes no sense to me. The Itanium
> architecture doesn't have an NX bit. There are two things they could
> do. First they could actually use the fact that Itanium has separate
> ITB and DTB and don't map your code pages into the data TLB! Second
> they could set their data pages' access rights level to 2 (read, write),
> and their instruction pages' access rights to 1 (read, execute) (other
> combinations would give more useful but equally safe access to various
> priviledged code). But really, what is the chance than Microsoft would
> write correct, much less safe, code? They don't even use the split TLB
> system properly or allow any page size besides 8KB, AFAIK.

http://msdn.microsoft.com/library/default.asp?url=/libr...

Thanks,
Eugene

> Alex
> --
> My words are my own. They represent no other; they belong to no other.
> Don't read anything into them or you may be required to compensate me
> for violation of copyright. (I do not speak for my employer.)
>
Anonymous
a b à CPUs
May 7, 2004 8:35:03 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Alex Johnson <compuwiz@acm.org> wrote in message news:<c7fvk5$6le$1@news01.intel.com>...
> The Itanium
> architecture doesn't have an NX bit. There are two things they could
> do. First they could actually use the fact that Itanium has separate
> ITB and DTB and don't map your code pages into the data TLB! Second
> they could set their data pages' access rights level to 2 (read, write),
> and their instruction pages' access rights to 1 (read, execute) (other
> combinations would give more useful but equally safe access to various
> priviledged code). But really, what is the chance than Microsoft would
> write correct, much less safe, code? They don't even use the split TLB
> system properly or allow any page size besides 8KB, AFAIK.


This is silly. Page access rights on IPF let you do everything you
can do with the U/S, R/W and NX bits on an x86, and then some. Or do
you think that somehow being able to explicitly disable execution on a
page is somehow different than having to explicitly enable it?
Anonymous
a b à CPUs
May 7, 2004 8:47:04 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

On a sunny day (Thu, 06 May 2004 21:09:53 GMT) it happened "Yousuf Khan"
<news.tally.bbbl67@spamgourmet.com> wrote in
<BQxmc.432375$2oI1.147591@twister01.bloor.is.net.cable.rogers.com>:

>Wes Felter wrote:
>> Palladium provides little protection against viruses/worms; it's not
>> intended to.
>>
>>> So how exactly was Palladium supposed
>>> to work anyways? Was there supposed to be some hardware support for
>>> this technology, or was it entirely software? If there was hardware
>>> support, were they using separated code and data segments as has
>>> existed in 32-bit processors but never implemented, since the 386?
>>> What was Palladium supposed to be really?
>>
>> http://www.eff.org/Infrastructure/trusted_computing/200...
>>
>> http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
>
>Oh yes, now I remember what we were so afraid of Palladium for. :-)
>
>Your computer breaks down and you call for tech support, and part of the
>tech support questions would be, "were you trying to run something illegal,
>sir?"
>
> Yousuf Khan
In the US that would be:
'Can you PROVE you were not running anything illegal'?
This law will make it, as it saves companies ++++ on support.
JP
>
>
Anonymous
a b à CPUs
May 7, 2004 10:55:25 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

"Alex Johnson" <compuwiz@acm.org> wrote in message
news:c7fvk5$6le$1@news01.intel.com...
> CRN said:
> "Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended
> Systems will also support the NX feature in Intel Itanium processors for
> clients due out in the second half."
>
> I'd like to know how they do it now and how they plan to do it in the
> future, considering this sentence makes no sense to me. The Itanium
> architecture doesn't have an NX bit. There are two things they could
> do. First they could actually use the fact that Itanium has separate
> ITB and DTB and don't map your code pages into the data TLB! Second
> they could set their data pages' access rights level to 2 (read, write),
> and their instruction pages' access rights to 1 (read, execute) (other
> combinations would give more useful but equally safe access to various
> priviledged code). But really, what is the chance than Microsoft would
> write correct, much less safe, code? They don't even use the split TLB
> system properly or allow any page size besides 8KB, AFAIK.

I was wondering about that, i.e. how data and instruction pages are
separated in Itanium? So it's actually done with two separate page tables,
as opposed to a single page table with a special attribute. This would also
make more sense in long-term architectural design point of view, as Itanium
is brand new and they can take brand new paths like this, whereas with x86
you have to take somewhat more limited steps.

Yousuf Khan
May 8, 2004 2:32:05 AM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Jan Panteltje wrote:

>
> In the US that would be:
> 'Can you PROVE you were not running anything illegal'?
> This law will make it, as it saves companies ++++ on support.
> JP

That was my thinking, this will give them something to blame ANY problem
on!!! And yes I'm sure "protection" laws are just around the corner. This
kind of BS is exactly what will end up killing the internet for many
people.

--

Stacey
Anonymous
a b à CPUs
May 13, 2004 2:30:49 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Yousuf Khan <news.tally.bbbl67@spamgourmet.com> wrote ...
> "Alex Johnson" <compuwiz@acm.org> wrote in message
> news:c7fvk5$6le$1@news01.intel.com...
> > CRN said:
> > "Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended
> > Systems will also support the NX feature in Intel Itanium processors for
> > clients due out in the second half."
> >
> > I'd like to know how they do it now and how they plan to do it in the
> > future, considering this sentence makes no sense to me. The Itanium
> > architecture doesn't have an NX bit. There are two things they could
> > do. First they could actually use the fact that Itanium has separate
> > ITB and DTB and don't map your code pages into the data TLB! Second
> > they could set their data pages' access rights level to 2 (read, write),
> > and their instruction pages' access rights to 1 (read, execute) (other
> > combinations would give more useful but equally safe access to various
> > priviledged code). But really, what is the chance than Microsoft would
> > write correct, much less safe, code? They don't even use the split TLB
> > system properly or allow any page size besides 8KB, AFAIK.
>
> I was wondering about that, i.e. how data and instruction pages are
> separated in Itanium? So it's actually done with two separate page tables,
> as opposed to a single page table with a special attribute.

No. The ITLB and DTLB serve as on-chip caches of translations from a
single page table (the VHPT). Furthermore, the TLBs need not be separate
structures, but can be implemented as a single unified TLB if desired
(although no processor has yet done so). Given this, the only way the OS
can guarantee that data pages aren't executable is to set the access
rights field to a value that doesn't include execute permission. For
details of the access rights combinations defined by the Itainum
architecture, see Section 4.1.1.6, here:

http://developer.intel.com/design/itanium/manuals/24531...

You might want to peruse the other parts of Chapter 4 of this document,
which describe other aspects of the Itanium addressing and protection
architecture.

> This would also
> make more sense in long-term architectural design point of view, as Itanium
> is brand new and they can take brand new paths like this, whereas with x86
> you have to take somewhat more limited steps.

Actually, the Itanium system architecture is, in general, pretty standard
stuff - mostly just combining various parts of the system architectures of
PA-RISC and IA32. This was done by design, to help minimize the effort of
porting OSs to Itanium. Not to say that there aren't interesting twists
(like explicit serialization) and new features (e.g., the RSE) to deal
with, but mostly it's supposed to look familiar to an OS designer.

-- Jim
HP Itanium Processor Architect
Anonymous
a b à CPUs
May 14, 2004 12:34:43 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Jim Hull wrote:
> No. The ITLB and DTLB serve as on-chip caches of translations from a
> single page table (the VHPT).

This is generally true because the intent was to have the VHPT enabled.
However, this is not required. There can be separate software tables
which each handler uses. This does have a performance hit, but often
security is gained at the cost of performance. The actual
implementation of split caches makes this unexpected bonus possible.

> Furthermore, the TLBs need not be separate
> structures, but can be implemented as a single unified TLB if desired
> (although no processor has yet done so). Given this, the only way the
> OS can guarantee that data pages aren't executable is to set the
> access rights field to a value that doesn't include execute
> permission.

Sadly, you are wrong here, Jim. Intel will *never* go to a unified TLB
on Itanium because that would break legacy code. Intel sets up things
as "undefined" or having behavior which may change in each
microarchitecture, but invariably forces its designers to duplicate all
past "undefined" and optional behaviors to guarantee a customer's
incorrectly written code still functions. (Personal opinion, that
customer is almost always Microsoft.)

Alex
--
My words are my own. They represent no other; they belong to no other.
Don't read anything into them or you may be required to compensate me
for violation of copyright. (I do not speak for my employer.)
Anonymous
a b à CPUs
May 21, 2004 3:59:06 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Alex Johnson <compuwiz@acm.org> wrote ...
> Jim Hull wrote:
> > No. The ITLB and DTLB serve as on-chip caches of translations from a
> > single page table (the VHPT).
>
> This is generally true because the intent was to have the VHPT enabled.
> However, this is not required. There can be separate software tables
> which each handler uses. This does have a performance hit, but often
> security is gained at the cost of performance. The actual
> implementation of split caches makes this unexpected bonus possible.

Yes, I probably should have made it clearer that I was assuming that the
VHPT walker is enabled, since as you say, there is a substantial
performance advantage in doing so. I was trying to avoid going into too
many details, but now that you've brought it up, here are some more:

The architecture allows the walker to be enabled for some portions of the
address space and disabled for others (this is controlled by the "ve" bit
in each region register). For regions where it is enabled, you must have
a single VHPT in one of the architecturally-defined formats. For regions
where the walker is disabled, all TLB misses result in faults to special
OS handlers, which can be written to access separate page tables, tables
in whatever format the OS likes, or even no tables at all (linux uses the
latter to create "identity-mapped" memory).

> > Furthermore, the TLBs need not be separate
> > structures, but can be implemented as a single unified TLB if desired
> > (although no processor has yet done so). Given this, the only way the
> > OS can guarantee that data pages aren't executable is to set the
> > access rights field to a value that doesn't include execute
> > permission.
>
> Sadly, you are wrong here, Jim.

I don't think so. I did, however, over simplify things again. The
architecture defines two sub-sections in the TLBs, Translation Registers
(TRs), which you can think of as "pinned" entries, and Translation Cache
(TC) entries. The TRs are guaranteed to not to be unified, but the TCs
can be.

> Intel will *never* go to a unified TLB
> on Itanium because that would break legacy code.

I'd love to hear about what existing code you think will break.

> Intel sets up things
> as "undefined" or having behavior which may change in each
> microarchitecture, but invariably forces its designers to duplicate all
> past "undefined" and optional behaviors to guarantee a customer's
> incorrectly written code still functions. (Personal opinion, that
> customer is almost always Microsoft.)

I agree that this is how Intel behaves in the IA-32 world. I think part
of the problem there is that too much of the architecture was
underspecified, and mixed in with implementation specifics, with no way
for software to separate the two.

However, my experience in the Itanium world is different. Intel seems to
be more willing to change implementations in order to take advantage of
optional or undefined behavior, so long as it is clearly documented in the
architecture that such implementations are allowed, as in this case - see
Volume 2, Section 4.1.1.3, here:

http://developer.intel.com/design/itanium/manuals/24531...

-- Jim
HP Itanium Processor Architect
Anonymous
a b à CPUs
May 21, 2004 9:29:11 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

"Yousuf Khan" <news.tally.bbbl67@spamgourmet.com> writes:
> What was Palladium supposed to be really?

A while back when the FUD was flying everywhere, I wrote a brief
description of what Palladium (and TCPA) is supposed to be, from a
technical standpoint. Perhaps it would help clarify things:

http://www.colohan.com/docs/trusted_computing.html

Chris
--
Chris Colohan Email: chris@colohan.ca PGP: finger colohan@cs.cmu.edu
Web: www.colohan.com Phone: (412)268-4751
Anonymous
a b à CPUs
May 22, 2004 2:27:44 AM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

On a sunny day (21 May 2004 17:29:11 -0400) it happened Christopher Brian
Colohan <colohan+@cs.cmu.edu> wrote in
<uclsmdto4ew.fsf@cilento.stampede.cs.cmu.edu>:

>"Yousuf Khan" <news.tally.bbbl67@spamgourmet.com> writes:
>> What was Palladium supposed to be really?
>
>A while back when the FUD was flying everywhere, I wrote a brief
>description of what Palladium (and TCPA) is supposed to be, from a
>technical standpoint. Perhaps it would help clarify things:
>
>http://www.colohan.com/docs/trusted_computing.html
Interesting and clearly written, but some questions remain, such as for example
the coordinates of redmond for a nuclear attack.
JP
Anonymous
a b à CPUs
May 22, 2004 1:06:36 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Jan Panteltje wrote:

> On a sunny day (21 May 2004 17:29:11 -0400) it happened Christopher Brian
> Colohan <colohan+@cs.cmu.edu> wrote in
>>http://www.colohan.com/docs/trusted_computing.html
>
> Interesting and clearly written, but some questions remain, such as for example

Do I really want all my hw to support/require encrypted tunnels?

> the coordinates of redmond for a nuclear attack.

No problem! :-)
(Or should that be :-( ?)

From Garmin's City Select:

Microsoft-Corporate Headquarters
1 Microsoft Way
Redmond, WA 98052
425-882-8080

N47.64376 W122.13050

Terje

--
- <Terje.Mathisen@hda.hydro.com>
"almost all programming can be viewed as an exercise in caching"
Anonymous
a b à CPUs
May 24, 2004 1:09:34 PM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

Jim Hull wrote:
> For regions
> where the walker is disabled, all TLB misses result in faults to special
> OS handlers, which can be written to access separate page tables, tables
> in whatever format the OS likes, or even no tables at all (linux uses the
> latter to create "identity-mapped" memory).

That's interesting. I've learned something new. Linux uses no page
table structure? What exactly is identity-mapped memory? Funny, I
hacked the kernel and simulated bootup sequences but never had the time
to delve into what was going on in those sequences.

>> > Furthermore, the TLBs need not be separate
>> > structures, but can be implemented as a single unified TLB if desired
>> > (although no processor has yet done so). Given this, the only way the
>> > OS can guarantee that data pages aren't executable is to set the
>> > access rights field to a value that doesn't include execute
>> > permission.
>>
>>Sadly, you are wrong here, Jim.

>http://developer.intel.com/design/itanium/manuals/24531...
Sadly (or not), I'm wrong. That's a small paragraph in a large book.
But it looks like intel did plan ahead for that.

>>Intel will *never* go to a unified TLB
>>on Itanium because that would break legacy code.
>
> I'd love to hear about what existing code you think will break.

I don't know of any real examples, but I've been told enough horror
stories from the trenches of vendors NOT following the published specs
and doing implementation specific behaviors because it is easier for
them, or enables some copy protection scheme. I'm sure there are people
out there that don't obey the rules for translations either because they
don't know what they are doing or don't care. And when those large
vendors' software is broken by a new design and they complain, intel
will not point to the books and say "you didn't do this the way we told
you", they'll say "oh, you need it to work like this? here, i'll just
go get the engineers to change it back for you." But usually that kind
of thing only happens for bug-dependent code or code dependent on
undefined behaviors, which later become defined to be whatever the first
chip did since some valuable code depends on it.

Alex
--
My words are my own. They represent no other; they belong to no other.
Don't read anything into them or you may be required to compensate me
for violation of copyright. (I do not speak for my employer.)
Anonymous
a b à CPUs
June 14, 2004 7:58:48 AM

Archived from groups: comp.arch,comp.sys.ibm.pc.hardware.chips,comp.sys.intel (More info?)

> In the US that would be:
> 'Can you PROVE you were not running anything illegal'?
> This law will make it, as it saves companies ++++ on support.

And a free holiday in Guantanomo Bay, for anyone who looks even
slightly suspicious.

I hope that they have cleaned the chemical lights after use....
!