[okl4-developer] Difference between hypercells and address spaces
XavierL
Xavier.LANGELLIER at fr.thalesgroup.com
Tue Mar 24 20:50:58 EST 2009
I post here the answers from Geoff Revill to my first question because it's still not clear.
If anyone has an idea about the question:
OK, I can see your confusion, because this confuses me too. This diagram and explanation does not correspond to the definition on the web site, which seemed crystal clear to me. a SHC is not a partition/memory space according to that definition.
Even if it was, I cannot see how/why you'd have 2 memory spaces within a partition anyway.
Lemme look into this some more. In the meantime I suggest you raise the question on the forum, because to me the web page definition is simple and clear, and this slide seems to contradict that definition.
Xavier.LANGELLIER at fr.thalesgroup.com wrote:
Thanks for your effort,
It is in the presentation called Overview of the OKL4 3.0 API on the Open Kernel Labs' wiki.
On the slide 54, there is a diagram showing 2 hypercells, the first with only one address space in it and the second with two.
This is the point that confuse me because I don't see the need for different address spaces since we already have hypercells to isolate.
Xavier.
-----Message d'origine-----
De : Geoff Revill [mailto:geoff at marketbroad.com]
Envoyé : lundi 23 mars 2009 16:51
À : Xavier.LANGELLIER at fr.thalesgroup.com
Objet : Re: [okl4-developer] Difference between hypercells and address sp aces
not sure I understand the question....but here is an answer to A question...just not sure if this is your question :)
Within any memory space (or secured partition) you can have multiple threads of execution, because of course you can have a complete Linux OS within a OKL4 managed memory space. From an OKL4 point of view though it will be scheduling a context for a memory space which is thus a single thread of execution. For example you may have 2 memory partitions being managed by OKL4, one is running Linux the other is running Windows. From an OKL4 perspective this is 2 threads of execution. From any application perspective within those memory partitions there may indeed be many threads of execution being managed by the virtualized OS.
Or to put it another way....be very careful when you read a piece of text discussing a thread and make sure you are looking at that type of thread from the same point of view as the person writing about it. When you get this close to the hardware silicon vendors sometimes talk about threads when they really mean contexts; add in a virtualizing microkernel like OKL4 and you get another way of thinking about threads that's in addition to the threads being executed within a managed memory partition.
That said...the text you seem to have read may indeed be wrong....so can you send a ref to the info that has got you confused? Then I might be able to be more specific.
Geoff
Xavier.LANGELLIER at fr.thalesgroup.com wrote:
Thank you for the answer,
I think I understand the concept of SHC/partitions but i don't see the purpose of the address spaces if there is already a mean to isolate threads.
Xavier
-----Message d'origine-----
De : Geoff Revill [mailto:geoff at marketbroad.com]
Envoyé : lundi 23 mars 2009 15:59
À : Xavier.LANGELLIER at fr.thalesgroup.com
Objet : Re: [okl4-developer] Difference between hypercells and address spaces
see
http://www.ok-labs.com/products/product-strategy/secure-hypercell-technology
Which I think provides a pretty crystal clear definition of Secure HyperCell.
In effect the environment provided by OKL4 is the Secure Hypercell, as thus as an architecture there is only one Secure HyperCell, SHC is the technology environment not the definition of a secured cell.
Any Hypervisor can provide partitioned cells/memory spaces, as does OKL4, where OKL4 is different is its ability to provide the capability to build a secured systems with each of these partitions still able to communicate through the secured IPC mechanisms supported by the fact that only OKL4 runs in privileged mode and architected to be as small as possible (minimal Trusted compute base) and still provide these integration/build services.
This is about as far as you can go to build software securely in an embedded design, the rest of the secure solution is of course to ensure you select a processor and memory management environment that does not create any additional security attack points.
Geoff
Xavier.LANGELLIER at fr.thalesgroup.com wrote:
Hi,
I don't understand why there are 2 concepts to isolate programs in OKL4.
Why is it possible to have more than one address space in a hypercell?
Can someone explain me the purpose of each concept or give me a link to some documentation?
Best regards
Xavier Langellier.
_______________________________________________
Developer mailing list
Developer at okl4.org
https://lists.okl4.org/mailman/listinfo/developer
--
Geoff Revill
Partner
Work: +44 1647 253011
Email: geoff at marketbroad.com
IM: geoffrevill (Skype)
http://www.linkedin.com/in/geoffrevill
Marketbroad
See who we know in common Want a signature like this?
--
Geoff Revill
Partner
Work: +44 1647 253011
Email: geoff at marketbroad.com
IM: geoffrevill (Skype)
http://www.linkedin.com/in/geoffrevill
Marketbroad
See who we know in common Want a signature like this?
--
Geoff Revill
Partner
Work: +44 1647 253011
Email: geoff at marketbroad.com
IM: geoffrevill (Skype)
http://www.linkedin.com/in/geoffrevill
Marketbroad
See who we know in common Want a signature like this?
Hi,
I don't understand why there are 2 concepts to isolate programs in OKL4.
Why is it possible to have more than one address space in a hypercell?
Can someone explain me the purpose of each concept or give me a link to some documentation?
Best regards
Xavier Langellier.
_______________________________________________
Developer mailing list
Developer at okl4.org
https://lists.okl4.org/mailman/listinfo/developer
--
View this message in context: http://n2.nabble.com/Difference-between-hypercells-and-address-spaces-tp2520153p2525621.html
Sent from the OKL4 Community Forum mailing list archive at Nabble.com.
More information about the Developer
mailing list