View Single Post: BBMF News around the web
bbmf
bbmf's Avatar
Carnage
Join Date: Jan 2006
Posts: 2,923
Trade rep: 0%
Intel's new vPro: a step forward for x86...or invasive hardware? bbmf Aug 30th, 07, 11:12 PM #646 (permalink)
Intel's newest platform

Today's launch of the latest version of Intel's vPro platform is a much bigger deal than you might think, with implications for end users that extend far beyond the enterprise arena at which vPro is initially aimed. The 2007 version of vPro represents the culmination of two of Intel's most ambitious and important plans for the PC platform: the transformation of x86 into a fully virtualizable ISA complete with virtualized I/O, and the first fully-complete implementation of all the parts of Intel's controversial contribution to "trusted computing" technology, formerly codenamed "LaGrande" but now called Trusted Execution Technology (TXT).
Let's take a look at the new vPro and what its new virtualization and "trusted computing" capabilities mean for ordinary users.
The hardware
The hardware side of today's launch has gotten the most coverage, but the basic specs and product names are probably the least interesting and important aspects of the announcement. So I'll run through it quickly and refer you to Intel's press release if you want to know more.
Intel has announced three new Core 2 Duo processors to go with the new vPro platform: the the E6550 at 2.33GHz, the E6750 at 2.66GHz, and the 3GHz E6850. These new processors have an idle power consumption rating of 8 watts, which is almost a third of their predecessors' 22W idle power.
The chipset that these processors will be paired with is the new Intel Q35 Express chipset, which features the ICH9-DO southbridge and 82566DM gigabit Ethernet controller. This chipset and Ethernet controller hardware have support for two of vPro's most significant features, which I'll discuss in more detail below.
Virtualization technology for directed I/O
Today's vPro launch marks the introduction of the long-awaited Virtualization Technology for Directed I/O, or VT-d. The VT-d launch is a major milestone for both x86 virtualization and the Trusted Computing Group's vision of so-called "trusted computing." In a nutshell, VT-d is to virtualization what protected memory was to multitasking, and the long-term impact for x86 computing will be just as large.
In the early days of virtualization on x86 there were two major hurdles that any virtualization vendor had to get over. The first of these was the fact that some x86 instructions had effects on the system that could potentially tip off a guest operating that it wasn't running as root. Virtualization vendors like VMware used a trap-and-emulate approach to catch these instructions and prevent a guest OS from learning that there was actually a hypervisor running beneath it. Intel eventually remedied this deficiency of the x86 ISA with the VT-x extensions, and in subsequent iterations of VT-x it has improved the performance of the new VM entry and exit instructions to make them competitive with the older trap-and-emulate approach.

DMA remapping. Source: Intel Technology Journal, vol. 10 iss. 3

The other big problem, which has persisted until now, involves mapping interrupts and DMA transfers to the proper virtual machine and keeping such interrupt and DMA traffic private to each VM. The need for a virtualization-friendly I/O memory management unit (IOMMU) has been significant, and now Intel has addressed that need with Virtualization Technology for Directed I/O, also known as VT-d. VT-d does its thing by controlling access to memory at the physical page level so that I/O devices that are not assigned to a particular VM cannot access that VM's memory space and vice versa. No longer will a device under the control of one VM be able to access another VM's memory space because the IOMMU knows which regions of physical memory correspond to which VM, and it can block or grant access to those regions based on the source of the I/O request. So VT-d fixes the final place where x86 has been hostile to virtualization, making interrupts and DMA transfers fully virtualizable.
Note that the newly announced Ethernet controller works with VT-d, and it also contains some nice features of its own. It has the ability to store security tokens so that a remote manager can connect to and troubleshoot the machine even when the OS, which normally handles the token-based handshake at the other end of a secure network connection, is incapacitated. The new NIC also hosts a few basic traffic filters that let it check for certain types of network activity characteristic of viruses and Trojans.
With x86 now a virtualization-friendly ISA from top to bottom, Intel can slot the last and long-planned piece of its platform remote management/security solution into place. Enter Trusted Execution Technology (TXT), formerly known as LaGrande.
TXT: Because your network admin (and Big Content?) needs a safe place inside your system that you can't tamper with
Given the fact that we at Ars, along with the EFF, Slashdot, and the rest of the usual suspects, have beat the "LaGrande" = "Big Content inside your PC" = "DRM nirvana" drum for going on five years now, I find remarkable the lack of hue and cry over the full-scale, production, mass-market rollout of what was once considered by the geekerati (myself included) to be the Worst Idea Ever. Let's take a brief look back at the history of what was finally announced today.
  • Way back in 2002, when Microsoft announced plans to turn your PC into the Panopticon by placing a fortified virtual room—complete with watchers behind a one-way mirror—in your system, an uproar forced the company to scale back its ambitions. The name of the initiative was Palladium, and the idea was that DRM-encumbered content could run in a "trusted," copy-proof chamber and funnel audio-visual output over trusted links to your monitor and speakers.
  • The Palladium announcement was followed shortly by Intel's announcement of LaGrande, which would be the hardware part of this "trusted computing" vision. The centerpiece of LaGrande is the Trusted Platform Module, a device whose stated purpose is to safely keep secrets from would-be hackers, viruses, and trojans. But the TPM is also designed to keep secrets from you, the end user, because who knows—you may be a filthy pirate who's out to exercise your fair use rights.
  • In brief, the TPM is a small ASIC that sits on the motherboard and is useful for a number of different security-related functions. In addition to a small pool of nonvolatile storage that can store keys, it has hardware that implements RSA algorithms for key generation, signatures, and encryption/decryption. It also has a small execution engine that can execute the program code for initializing the device and performing the "measurement taking" functions that are essential to its ability to determine if an execution environment is tampered with.
  • These TPM facilities can be used to boot the machine in a known, "trusted" state, with a "chain of trust" that extends throughout the entire boot process from the BIOS to the hypervisor or operating system. The TPM can stop the boot process immediately if it determines that the code at any link in the chain (BIOS, hypervisor, OS) is not correct, and it can also signal to a remote system if the machine has booted into a trusted state or not.
  • Earlier versions of the TPM have been in PCs for some time now, but the module is rarely used both because Windows XP doesn't support it and because the TPM alone is of limited utility. With the launch of the new vPro, however, the full force of LaGrande is now officially upon us. The primary missing piece that has now fallen into place for LaGrande to create fully locked-down regions within your computer is support for I/O virtualization, which finally gives Intel platforms the ability to load, run, and display protected code and content in fully sealed, completely trusted (i.e., "trusted" by your network admin, Sony, Disney, Microsoft, etc., to keep you out of the parts of your system where you don't belong) environments now called Measured Launch Environments (MLEs, formerly "vaults" in LaGrange lingo). VT-d protects the memory space of the sealed-off vault, be it a virtual machine or a process hosted by the OS, from access by unauthorized devices, thereby closing the hole that interrupts and DMA transfers had left in previous vPro implementations.
The higher level of control over memory—specifically the ability to control access at the level of individual physical pages—that VT-d gives TXT provides other security features, like the ability to erase all traces of an MLE from memory once it terminates.
You won't really see much mention of DRM in most vPro coverage, because Intel has (quite appropriately) spent a lot of time and effort over the past few years talking up the TXT + VT-x and VT-d combination as a robust enterprise security and remote management solution. And indeed it is. But as a potential technological enabler of more effective DRM, it's also the ideal companion to Blu-ray and HD DVD, and a godsend to Big Content. Look for it across the rest of Intel's desktop and portable line by the end of 2008 and prepare to kiss fair use goodbye.
Everyone who values security will love it
vPro's potential as an enabling platform for intrusive DRM (again, only one of many possible uses) is disturbing enough that it merits much more attention than it seems to have gotten so far in the tech press, but it shouldn't overshadow the platform's potential benefits. Some nice things are already being done with vPro as a basis, like Symantec's Virtual Security Solution (VSS), formerly known as "Project Hood."
The basic idea behind VSS, which was demonstrated at the vPro launch event, is to launch a lightweight hypervisor that runs the same network intrusion prevention software that you find in Norton AV in a secure virtual machine that can't be reached from Windows. The software sits between the NIC and the OS, and filters inbound and outbound network traffic looking for Trojans, keyloggers, viruses and so on. Ideally, VSS would neutralize such malicious software before it gets into Windows, and if it the Windows partition does become infected the virus can't contaminate the antivirus software because it resides in a secure VM.
New applications like VSS, along with potential of TXT and VT-d for secure remote access and management, will eventually make vPro a must-have in the enterprise and on the consumer desktop. The technology opens up whole new vistas of secure network communication that will excite everyone from e-commerce software vendors to corporate IT departments to foreign governments and militaries... er... waitaminute.
According to a report [PDF] by Endpoint Technologies, both the NSA and the U.S. Army now rely on technology from the Trusted Computing Group, with the Army mandating the same TPM v1.2 modules that form the basis of vPro in all of its computers for network security reasons. This being the case, many folks, myself included, look at "trusted computing" technologies and wonder how the federal government allows them to proceed to market absent the export controls that are typical of strong encryption and so-called "dual-use" technologies that could have potential military applications. But that's a topic for another day.
In the meantime, suffice it to say that vPro 2007 is a big deal for enterprise computing in the near- to medium-term, but whether it's a big deal to online shoppers, foreign militaries, or parties on either side of the DRM vs. "piracy" battles is a question that only time will answer.


http://arstechnica.com/articles/paed...ndor-P2P.ars/1
The future of humanity depends on the dreams of children, and the imagination of man.
Warning. DO NOT try to challenge VR-Zone's MODerators and ADMINistrators. I repeat, DO NOT try to challenge the moderating team.
 
Last edited by bbmf; Sep 11th, 07 at 03:56 PM..