On the dangers Virtual Machines pose to freedom
| From: | "Martin C. Atkins" <martin-AT-mca-ltd.com> | |
| To: | lwn-AT-lwn.net | |
| Subject: | Articlelet: On the dangers Virtual Machines pose to freedom | |
| Date: | Thu, 4 Aug 2005 18:47:29 +0530 |
--- Start ---
On the dangers Virtual Machines pose to freedom
Martin C. Atkins
There has been much enthusiasm surrounding the recent rise of Xen as
the OpenSource Virtual Machine Monitor (VMM, or hypervisor), most of
which I have joined in.
There have also been several comments along the lines of "Virtual
machines are the ultimate weapon against DRM/NGSCB/etc", since we
will just virtualise the controlled devices along with the virtual
processor. I used to think that too.
However, I recently realised that there are some significant dangers
lurking in these developments, especially when Intel's Vanderpool,
and AMD's Pacifica come into the picture.
How long will it be before Intel, or a BIOS manufacturer, puts a VMM
into the BIOS of a motherboard designed for a Vanderpool/Pacifica-capable
processor? This has many attractions, in addition to the "normal"
ones (multiple simultaneous OSs), for example, one would be able to
access BIOS/etc functionality, such as DVD playing, independently of any
OS, and without stopping the other operating systems that are already
running. One could also standardise many device interfaces, etc...
However, it is only a small step to a BIOS/VMM that *only* allows OSs
to run in virtual machines! Suddenly the VMM has immense power, and
the company who controls the VMM also has immense power! The VMM
becomes the natural seat for DRM technologies, and we wouldn't even
be able to argue that we couldn't boot Linux (or whatever) - but the
capabilities of any "untrusted" operating system could be severely
curtailed.
The next obvious step would be to put the VMM into ROM, rather than
flash memories, making it even more difficult to replace with a
"normal" BIOS. Ultimately, the VMM ROMS could be built into the CPU
chips, and we have (almost) completely unhackable computers, with a
semblance (but only a semblance) of openness. Complete control over
how we use the computer would rest in the CPU manufacturers'
hands [see also note2].
Lesser risks also include things like: does the VMM provide the
facilities I need?. An example would be: does the VMM guarantee
real-time responsiveness? If it does not, and you need guarantees,
well tough! Go and find another computer/architecture/planet!
Another potential risk is simply the quality (or lack of) of the VMM
code.
If you think this is far fetched, ponder for a moment the PS3, which
apparently always runs "applications", such as games and Linux, in a
virtual machine. To quote Ken Kutaragi in [1] "The kernel runs on
Cell (Cell OS hypervisor) and it takes the style in which multiple
OSes as applications run on top of that (virtual machine)". The
future is with us today!
I'm also reliably informed that IBM pSeries and iSeries mainframes
are already configured this way. I am told that the IBM hypervisor
(pHype) is (virtually) impossible to remove (no pun intended!).
Fortunately, DRM hasn't been high on the feature lists of these
machines thus far.
Executive summary: Virtual Machine Monitors are very nice, but we
need to have a real choice about whether or not to boot one and/or
which one to boot. Whoever controls this choice, controls the machine!
Notes:
[Note1] I've found that [2] touched on these ideas back in 2003, but
didn't, in my opinion, go nearly far enough.
[Note2] A more viable alternative might be to build a BIOS ROM
signature check into the CPU, so that only BIOSs signed by the CPU
manufacturer would run. This would allow field updates, bug fixes,
etc., but still make it (nearly) impossible to substitute a less
restrictive BIOS/VMM.
References:
[1] http://nixdoc.net/files/forum/about41506.html
[2] http://lwn.net/Articles/52189/
--- END ---
Posted Aug 11, 2005 13:57 UTC (Thu)
by smitty_one_each (subscriber, #28989)
[Link] (4 responses)
Posted Aug 12, 2005 5:10 UTC (Fri)
by mcatkins (guest, #4270)
[Link]
Posted Aug 13, 2005 11:18 UTC (Sat)
by job (guest, #670)
[Link] (2 responses)
Where content ("big media") goes, the consumer goes. No questions asked. There are big economic forces involved here. The same would happend with PCs the same second as the big movie companies starts pay-by-view over broadband, provided you have the NextGeneration-certified computers.
Of course, cartels in a practical sense is not unheard of either. It normally enforced by patent law. Good examples are the DVD Forum (not allowed to play DVDs unless using equipment from a member) and the Sony Playstation (not allowed to produce content unless becoming a member). They are not called cartels in an economic sense but serve the same purpose for the members.
Posted Aug 14, 2005 16:50 UTC (Sun)
by jevgen (guest, #31825)
[Link] (1 responses)
Posted Aug 15, 2005 0:48 UTC (Mon)
by bignose (subscriber, #40)
[Link]
Posted Aug 11, 2005 22:20 UTC (Thu)
by vonbrand (subscriber, #4458)
[Link] (3 responses)
I just fail to see any cualitative difference between a "hardware environment" somehow faked in software and a real one.
As long as I can run whatever I want on my (real or fake) hardware, I'm fine.
The point being that the contents of the comment are fine,
but this is certainly not (just) a hypervisor problem.
Posted Aug 12, 2005 3:36 UTC (Fri)
by zblaxell (subscriber, #26385)
[Link] (1 responses)
The VMM can decide "your OS doesn't have a signature signed by a PKI certificate from Microsoft, so I'm going to turn off your video port now, using the same mechanism you would normally use to prevent a remote root exploit on your web server virtual machine from breaking out of its confinement. As long as you're willing to run Linux headless, you can use Linux as much as you like. Oh, and by the way, we'll also be looking for encrypted control packets arriving on the Ethernet adapter, in case we need the firmware to be updated remotely by the manufacturer, or in case we are asked by the FBI to provide the contents of your RAM to someone with a warrant for them, or asked by the MPAA to make a few cosmetic modifications to your P2P filesharing software."
Speaking of network cards...who knows what the firmware in your WiFi card is programmed to do when it receives certain packets? It does have access to all of your computer's RAM, so if anyone ever figures out some attack like a buffer overrun exploit against the WiFi card's firmware, they can go shopping through your laptop's RAM from a distance, leaving no trace behind...maybe put something in the RAM too, so whatever security features your OS does have can be disabled.
Playstations already do some of this--to run Linux on them, you first load a Sony-provided disc, which prepares the VMM for Linux, and incidentally tells the VMM that it won't be needing a number of features of the video card, internal optical drive, or memory card interfaces any more. Linux cannot use these features of the hardware not because the hardware interfaces are undocumented, but because the VMM does not provide them to Linux at all.
The usual trick of reverse engineering the video driver in this case won't work on a firmware-VMM-enabled machine, because the VMM authenticates the code and will pretend the video card doesn't exist at all unless the software you are running is approved by someone who is not you. You would have to attack and successfully compromise the VMM just to get access to the video registers...and then you'd have to reverse engineer the driver to make it actually work.
Posted Aug 12, 2005 5:06 UTC (Fri)
by mcatkins (guest, #4270)
[Link]
As I said, you get the appearance of freedom (you are "allowed" to run Linux in the VMM), but no real freedom (in your examples, you are not allowed to use the video card from within Linux, or the DVDROM drive on the Playstation).
One big worry is that the appearance of freedom might be enough to make many people relax, and not notice the real absence of freedom.
Your thoughts about sniffing the network card are also very interesting!
However, It is not a question of having to run signed code, like Linux on the Playstation - running in a virtual machine the hardware you want might not be addressable even from kernel-mode! There would be absolutely no way around this - boot any sequence of bits you want!
See also http://lwn.net/Articles/147156/ posted today about the Xbox, to see how people are trying to do the first steps (badly, so far, thankfully). However, I gather they are trying more VMM-wise.
It is very instructive to re-read this article wondering how easy it would have been to break into the Xbox if the hidden ROM had been *inside* the CPU! (and why shouldn't it be, technically speaking?)
Posted Aug 12, 2005 6:11 UTC (Fri)
by mcatkins (guest, #4270)
[Link]
You can try to run anything you want on fake hardware - but someone else gets to decide if you are allowed!
Posted Aug 18, 2005 19:16 UTC (Thu)
by dmag (guest, #17775)
[Link]
On the other hand, appliances (like game consoles) will go in this direction. It's just another step in the long cat-and-mouse copy-protection game. As long as people are willing to pop open their cases, there will be a way to hack it.
As for the PS2/3 running Linux in a VMM: So what? The XBOX didn't have that option and it was still hacked. How can more choices be bad?
So, do you foresee industry forming a cartel to preclude selling traditional motherboards, instead of these motherfsckerboards?On the dangers Virtual Machines pose to freedom
Or, does society split, between the middle of the normal distribution that doesn't care about freedom, and a right tail that buys new hardware, and goes home for a ritual purge where various evil chips are de-soldered?
Good cyberpunk story in there somewhere...
-Chris
That depends entirely on whether each market is big enough to be interesting (profitable enough) to manufacturers, to support. [Economics 101]On the dangers Virtual Machines pose to freedom
No need for a cartel. Here's a bit of homework: Buy a laptop without buying Windows. Buy a PC without the BIOS program. Buy a good 3D card with free drivers for Linux. None of this is possible, and without any cartels involved (as far as we know).On the dangers Virtual Machines pose to freedom
Well, at least at one pint you are not right. You can buy a Windows-free laptop in many places. Will not provide links for ads, but google is always available. buying laptop without Windows
Note that the homework assignment must be accomplished without buying Windows (i.e. without paying for a Windows license), regardless of whether the software is actually on the laptop at some point in time.buying laptop without Windows
On the dangers Virtual Machines pose to freedom
The problem is that there can be a qualititative difference between virtual and physical hardware in a firmware-controlled VMM.On the dangers Virtual Machines pose to freedom
Exactly.On the dangers Virtual Machines pose to freedom
The reason why this is specifically a hypervisor problem, is that this is the only approach I know, that allows users to boot an arbitrary (unsigned) binary OS, but still restricts/controls what it can do.On the dangers Virtual Machines pose to freedom
The 'small step' from "being able to check software signature" to "requiring software signatures" is actually a big step. Would you buy a computer isn't backwards compatiable? You may as well be buying a Macintosh or Amiga. TPM doesn't try to stop people from running random stuff, only detecting when they do.On the dangers Virtual Machines pose to freedom