How DRM prepared the way for Xen/Vmware virtualization efforts, or how Microsoft may have shot themselves in the foot with Palladium
I found a interesting article that is full of nice technical tidbits on
Intel's and AMD's virtualization features among other things.
I found it very educational and it helped me understand a lot of what is
going on with DRM/TPM/Xen/Vmware/Ring 0/Ring 1/Ring-1/ etc etc.
(link dead, sorry)
Keep in mind that I am NOT a security expert in any manner. These are just
my personal conclusions based on researching various articles around the
net with assistance from Google. It is bound to be full of
misinformation, misunderstandings, and bad conclusions. The goal is to
provide some useful information and links that other people can use to
learn more about the subject themselves.
For those that don't know Palladium was a effort on Microsoft to
implement 'Trusted Computing' features. It was originally slated to be
included in Vista/Longhorn operating systems, but it has been dropped
(or at least trimmed down heavily) in later beta releases.
What the goal was was that for secure computing Microsoft would setup a
special operating system that you would use to execute programs. It
would prevent software exploits, like say in IE, from being used to
further compromise your system. Also, and probably more importantly, it
would be used as a vehicle to implement DRM. That is this special
operating system would be out of the control of Window's users, but be
in control by Microsoft and it's business partners. This would allow
people to create 'protected' content that would then be played in this
special environment where you could implement very secure restrictions on
what the end user can and cannot do with the items they've obtained.
So theoretically you could allow access to a streaming server that
implements DRM and 'software pirates' wouldn't then be able record the
stream or retransmit the data to other computer.. but end users would be
able to pay for it and watch it fairly transparently. Or you could
create legal documents using Microsoft's tools that would only be
decrypt-able by certain end users.
Or something like that. I don't follow MS stuff that closely on items
such as this because to me the concept seemed fairly useless for mere
mortals and not something not too interesting. And Microsoft wasn't to
eager to tell people how it worked either.
My understanding on how they were planning on running this stuff was by
creating a hypervisor that would be built into the hardware that would
help host a special operating system for executing code in a
secure-from-the-end-user manner. You would play these 'DRM' multimedia
applications or execute programs in this 'trusted' environment.
However there is this problem with x86 platform were it's very hard to
virtualize. There are certain instructions that can only be executed by
software running in 'Ring 0'.. that is closest to the hardware. They
couldn't really be abstracted. So on normal computers Microsoft couldn't
just insert a hypervisor underneath Windows XP and expect things to
Other products have run into similar problems. It's a well known side
effect of using x86 and it's legacy nature.
Vmware's solution for their server editions (that ran their hypervisor)
for this was to run stuff they would translate instructions as much as
possible down to ring0, but then they would have to emulate the stuff
they couldn't abstract in software.
Xen's solution to this was to create 'paravirtualisation', were the
kernels of operating systems had to be ported slightly to Xen to avoid
the items that couldn't be abstracted easily.
Vmware's advantage was that it could run any x86 compatible software
with no problem were with Xen you could only run ported kernels. Xen's
advantage was that it was much faster for certain operations since there
was no software emulation layer. Also this made Xen quite a bit simpler.
Microsoft's (being the overwhelming force that they are) solution was to
have Intel and AMD change how the processor operated slightly. That the
hardware would assist the hypervisor on abstracting the x86 processor.
Microsoft's approach advantages was that it made it's virtualization
approach as fast as Xen's setup, but that it also could run unported
software like Vmware's hypervisor does. So it had both the advantages of
Xen and Vmware server without much of the drawbacks.
However the downside to Microsoft's approach was, ironically, that it
introduces a HUGE security hole in all x86 platforms. That is a rootkit
that could be created that could execute a possible vulnerability and
insert itself down underneath the operating system kernel down in the
new 'Ring-1' that MS's (and Intel VT/AMD Pacifica) approach introduced.
This would lead to a much superior exploit then that is currently
possible with the most sophisticated driver/module-based root kits that
are currently available. Instead of running on the x86 computer you'd
run the entire OS hosted inside of the rootkit and it would be
impossible for any system software to EVER detect this. Even
uninstalling and reinstalling the OS wouldn't necessarily get rid of it
and it is platform independent. That is a virus made for Windows would
work just as well inside OS X or Linux.
And this threat doesn't go away if you're not running in the hypervisor
either. Theoretically it will still work out well on a x86 operating
system running directly on the hardware. All you'd need would be some
way to lift the system onto the rootkit and the effect would be the
same. Like a bootable cdrom with a toy operating system to play around
Microsoft Research and Michigan University created a proof-of-concept VM
virus called 'subvert' that does exactly this. A PDF outlining their
conclusions are available at (link dead, sorry)
These things work so well that a researcher accidentally infected
himself without even noticing it...
The solution for this is Trusted Platform Modules (TPM).
TPM creates a new x86 feature that can't be virtualized... This will
work with a hypervisor and system kernels that will check hashes on
executed kernel code and other programs to make sure that it's not
modified by something like a VM-based rootkit.
And, of course, Microsoft liked this solution to the problem because the
TPM is required to make sure that in their special 'Palladium' DRM-using
operating system/software or whatnot isn't modified by end users and
allow people to circumvent DRM restrictions.
So that works out great. You have the virtualization created that makes
it easier to take away control from end users, while requiring x86 based
operating systems to support TPM controls, which again is required for
DRM, or otherwise increase those 'alternative OSes' their end-user's
risk for VM-based rootkits.
However Palladium, as it was envisioned, never made it to market.
Microsoft basically dropped it. It may still exist a bit as a product
called 'Bitlocker' for TPM-enforced file system encryption features.
Also it may be related to Vista's 'Protected Mode' that uses new
Mandatory Access Control-like features (MAC as opposed to normal Unix
DAC (discretionary access controls).. used in things like Novell's
AppArmor or Linux/Redhat/NSA's SElinux. (yes, that National Security
Agency from the U.S. federal government).
Vista's protected mode can be used to help secure end users from
programming flaws in IE7 (as well as probably other software).
Protected Mode in Vista IE7
I don't know that though. But in the past Microsoft has used stuff from
failed products/features in stuff that actually makes it to market.
(such as previous WinFS efforts and current NTFS stuff). Don't know how
exactly the Protected Mode stuff works.
However for the previous Virtualization software like Vmware and Xen
goes this Palladium stuff has been a huge boon. The VT from Intel and
Pacifica from AMD seems like is a direct result from Palladium project.
By using these new instructions Xen can gain the ability to run unported
software and gain more speed. Vmware's products now should be able to
provide much better support then what is currently possible.
And the TPM stuff should provide the hooks necessarily to make sure that
a compromise on one hosted system can't be used to break into another
Ultimately this should allow uses to migrate away from Microsoft systems
(and probably move to Microsoft systems if they felt like it). It will
provide a way for Apple to market OS X much more aggressively and
successfully as a Windows-replacement and for people wanting to use
Linux they don't have to worry about the odd program that is not yet
available or doesn't have a suitable replacement for the Linux
Also the need for a hosted environment to control the hypervisor with
Xen puts Linux is a unique position. If OEM-style vendors begin shipping
VM-equipped systems Linux is a ideal system to provide a stripped down
environment irregardless what OS was requested to be installed on the
Also VT/Pacifica should eventually allow operating systems to
use their own drivers to access hardware... However this requires
PCI-SIG development on specifications and then all new PCI hardware to
support such things. It's going to be a long long time before that's
going to be possible. Right now in Xen they use Linux to provide direct
hardware access for things like display drivers, sound, network, and
disk access. Other operating systems don't have this access. Also there
is a big tie into DRM for this one also
Some more stuff.
Linux has supported TPM since 2.6.12 kernel.
sHype a research implementation of a secure hypervisor (link dead, sorry).
A short article about IBM's experimentation with virtualizing TPM. (link dead, sorry)
Xen mailing list were IBM researcher announced IBM's intentions with Xen
Xen mailing list archive
There are a bunch of 'PowerPoint' style PDFs available from the Xen
Summit 2005 and 2006. Unfortunately being Power-Point style they are
virtually devoid of any any really useful information. Of particular
interest are the PDFs dealing with TPM and security. They are mentioned
in Intel and sHype related items. Also interesting is the Linux's
support for IOMMU.
As for Microsoft's own virtualization stuff... Currently Microsoft has
their 'Microsoft Virtual Server' that they offer. It is not a hypervisor
product like Vmware Server editions or Xen is. It's more like Vmware's
workstation products and is probably based on their Virtual PC stuff
they received when they acquired Connectix early in 2003. It requires
that you have Windows XP Pro SP2 (for "non-production" work), Microsoft
Windows Server 2003 Standard Edition/Enterprise Edition/Datacenter
Edition, or Microsoft Small Business Server 2003 standard and premium
(link dead, sorry )
Recently they released Microsoft Virtual Server R2. The new things with
this item is that now it is offered as a no-cost download that you can
add to those supported platforms. Also the more remarkable item is that
Microsoft is now officially supporting deploying Redhat or Suse Linux on
it. Previously it was possible to install Linux systems on a virtual
server, but it was a unsupported configuration.
(link dead, sorry)
This is obviously a result of increased interest in the virtualization
in the enterprise environments and in response to the efforts from
Vmware and Xen. Maybe between Xen and MS VS they are hoping to put a
nice big damper on Vmware's parade.
Microsoft currently plans to offer their own hypervisor virtual server
as part of the R2 release of Longhorn server. Longhorn server itself
isn't due out until 2007 and the R2 isn't probably going to be out until
2009 or so (link dead, sorry).
So that's how that goes.
Funny how Microsoft trying to develop hardware extensions in a attempt
to lock down users even further has allowed things like Xen to open up
more possibilities to end users while Microsoft seemed to have dropped
it's original Palladium stuff off the map.
Reminds me of a quote...
"The more you tighten your grip, Tarkin, the more star systems will slip
through your fingers."
-- Princess Leia to Grand Moff Tarken, Imperial Governer and Commander
of the Death Star. Star Wars 1977.
Quotes: Star Wars: Episode IV - A New Hope
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Drag Sidious
© 2011-06-29 Drag Sidious