The CPU, or processor, has some internal state and packing issues that in-fluence the LT architecture.
Protected Mode
Protected mode provides the “rings” in a processor. When you see a ref-erence to ring 0 or ring 3, that’s a refref-erence to the protection mode in the processor. The protection modes actually provide four rings: 0, 1, 2, and 3. Figure 2.2 depicts the layers of protection mode rings.
Figure 2.2 Protection Mode Rings
The intent of the ring architecture is to provide separation of the op-erating system (OS) and the applications that the OS manages. The ring structure also gives the OS a way to separate5 and layer functions in the OS to improve the ability of the OS to protect itself. Chapter 4 explains how a current OS uses the ring structures.
Memory Management
The processor supports management of physical memory through seg-mentation and paging. In this simple introduction, I cannot possibly ex-plain all of the options, permutations, and usages for managing memory.
The canonical reference is the IA-32 Intel Architecture Software Devel-opers Manual, Volume 3: System Programming Guide (Intel 2003c).
5 Consider Table 2.1 and the requirement for user and supervisor separation
26 The Intel Safer Computing Initiative
Chapter 3 of that document gives a much deeper overview of how to manage memory.
Figure 2.3 shows a simplified view of the memory management sys-tem.6 Additional controls and tables provide the complete range of mem-ory management.
Figure 2.3 Memory Management
When an application requests access to a memory location, the sys-tem follows this map to convert the address that the application needs to a physical memory page and location.
1. The logical address breaks down into two components, the seg-ment and offset.
6 The author knows that the definition of “simple” here does not seem to fit, but trust me, this explanation only scratches the surface of the mechanisms in use here. Do not miss the main point:
to go from an address in a program to the real physical page, you pass through control points that system entities can manage.
Chapter 2: History of Trusted Computing 27
2. The segment indicates a selector that provides a base page ad-dress and adding the offset produces a linear adad-dress.
■ If paging is not in use, the linear address would point to a physical address location.
■ Converting the logical address into the linear address is the segmentation task of memory management.
3. If the memory manager is using paging, the linear address maps to three components: directory, table, and offset.
4. The processor uses the directory to locate the table, and then it adds the offset to produce a physical address.
The directory and table can indicate that the contents that should be in a physical address are currently not in memory, and the memory manager must load the correct physical page. This proc-ess is called page swapping and is the mechanism behind the swap file in use by operating systems.
Segmentation and Paging Control. An important property to understand from Figure 2.3 is the control issue. Notice that the entity controlling segmentation and paging controls the mapping of logical address to physical address. From an application standpoint, two successive ac-cesses to the same logical address can result in two different physical ad-dresses.
The memory manager is under no obligation to expose the complete physical address space. The physical address space in use can have holes and not allow access to specific physical address pages.
The controls that manage segmentation and paging start with Control Register 3 (CR3) and include the manipulation of the paging entries.
Front-side Bus
The connection between the CPU and MCH passes messages that allow control of the chipset and access to memory. The front-side bus (FSB) al-lows for the connection of multiple CPU packages onto a single MCH.
The LT design only works in topologies with a single MCH. Systems built with multiple MCH units cannot support the initial version of the security initiative. Chapter 16 discusses the issues of multiple MCH to-pologies.
28 The Intel Safer Computing Initiative
Multiple CPU Systems
When the term CPU comes up, most people think of the CPU package that is put into a platform. A synonym for CPU is processor. An LT-enabled system provides support for multiple CPUs. The support ensures that all processors are operating in a consistent fashion.
MCH
The MCH connects the CPU to memory. The MCH also provides a connection between the graphics adapter and system memory. Some MCH units are actually a Graphic MCH, which has an integrated graphics adapter.
On a typical personal computer, the system has only one MCH. The MCH is not a field replaceable part and is permanently mounted on the motherboard. Some server designs use multiple MCH units to handle multiple CPUs and complex memory topologies.
Memory
All CPU requests for system memory travel through the FSB, through the MCH, and to the actual memory DIMM. The MCH can “snoop” the mem-ory request and either block it or re-route the request to some other en-tity. For information held by the ICH, the MCH snoops the address, recognizes the address as one held by the ICH, then routes the request to the ICH.
Display Adapter
The MCH can either contain an integrated display adapter or it can pro-vide a connector for a discrete display adapter. Discrete display adapters connect to the MCH on a variety of busses, the newest being the PCI Ex-press† bus.
ICH
The ICH, as the input/output controller hub, provides the connections to most of the platform peripherals. Platform peripherals include keyboards, USB connections, BIOS memory, and other busses like PCI Express.
Chapter 2: History of Trusted Computing 29
Keyboard
The keyboard connector normally uses either a USB connection or the PS2 port. Most desktop systems use the USB port for keyboard connec-tions and most laptops provide a PS2 port for connecting an external keyboard. In the context of a trusted platform, either connector can pro-vide the ability to protect the keyboard input.
USB
The ICH provides at least one USB controller hub. Numerous peripherals use the USB connections to attach the device to the platform.
A critical requirement for the USB connection is the need for a driver to discover and route messages to the attached devices. The driver de-termines which devices are visible to applications, when the devices get service, and the routing of messages from the attached devices. Requiring a driver also inhibits the use of the bus and devices on the bus during startup operations. Without a driver, the peripherals are invisible; at-tempting to require the device during a startup process requires some sort of intermediate driver.
LPC Bus
The Low Pin Count (LPC) bus provides a simple bus that does not require any drivers to access the devices on the bus. Typical platform compo-nents that reside on the LPC bus include the BIOS boot block and the Trusted Platform Module (TPM).
The LPC bus is a slow bus running at a normal speed of 33megahertz.
Not only is the bus slow, but the data path is narrow. The reality is that sending information to a device on the LPC bus is like sending informa-tion through a cocktail straw.
The LPC bus does have a redeeming factor: it is so simple the devices on the bus are available very early in the startup sequence. The availabil-ity of devices on the LPC bus provides an excellent location for devices that can support trusted platforms.