Negative rings and the processor inside the PC CPU

From the point of view of IT companies, the fact that the platform is reliable has nothing to do with what we traditionally understand as IT security, but has to do with control methodologies based on ensuring the legitimacy of the environment. In other words, the user is using the operating system, and the applications he has purchased are not pirated.

Negative run rings

Running rings and their function

When the need arose to introduce multitasking operating systems, processors evolved to include MMUs, which were responsible for controlling access to RAM for both the operating system and applications.

To isolate sensitive parts of memory, starting with 80386, execution rings have been added that delimit four levels of software privilege, which go from level 0 to level 3 and from higher to lower privilege ranks.

Anillos Ehekusion

Each process executed by the CPU has an associated privilege level such that if the CPU is executing a process with privilege level 3, then it will not be able to access the memory addresses associated with rings 2, 1 and 0. But on the other hand, a process that runs on ring 0, will be able to access rings 0, 1, 2, and 3 due to its larger range of privileges.

Rings 1 and 2 as a curiosity are usually not used in Windows and Linux, these operating systems only use 0 and 3, and some virtualization programs such as VirtualBox, VMWare and the like usually take rings 1 and 2 for themselves.

Recommended
Will the 11-inch iPad Pro disappear? Analysis

Negative run rings

CPU Seguridad

In fact, there are no negative rings, in the case of execution ring -1 it is an alias assigned to the CPU virtualization function that allows you to run a hypervisor capable of running multiple operating systems at the same time.

As for the executive ring -2, it refers to the system control mode, which is an operating mode existing from 80396 onwards, it is executed when a special type of interrupt called SMI occurs and then when it is executed. break, all related code runs in highest privilege mode.

As it can be used to execute malicious software, as it is only necessary to activate such an interrupt and run the said software in the middle of this interrupt. It is actually not easy to do, but the opportunity exists, and it forced both Intel and AMD to find a solution to the problem.

The computer inside your computer’s CPU: AMD PSP and Intel ME

The solution they came up with? Create an additional control, a separate processor in charge of verifying that all software that is signed in between is causing a lot of nonsense in the PC world, where software development and distribution is completely free and open source, but this “Prevents” remote control of our computers from the side of malicious elements, which, in turn, leads to another loophole.

These processors can be found on all PCs in the world with x86 architecture, they have privileges corresponding to the -3 ring within the system, and therefore have the highest hierarchy of privileges, in the case of AMD this processor is called PSP (Platform Secure Processor), and in the case of Intel is ME (Intel Management Engine).

Recommended
How to activate service mode on a Samsung TV: keys and combinations

AMD PSP

The privileges and functions of both PSP and ME are mainly as follows:

  • They have full access to system RAM regardless of the main processor
  • They have direct access to the TCP / IP stack and network interfaces.
  • You can send / receive packets over the network, even if it is prohibited in the OS.
  • It is active when the computer is in hibernation mode and when the rest of the system is turned off.
  • You can control your computer remotely over the Internet if you have control over it.

However, while they both perform a similar function, they are two different hardware implementations. While the AMD PSP is a Cortex A5 processor, ME is the classic Intel Pentium, meaning we’re talking x86 inside your x86.

In fact, they work as spies inside our computers, which are not directly accessible in normal mode due to the fact that both PSP and ME completely block access from other system execution rings to their area. privileged. It is assumed that there are ways to deactivate them, and we say that this is assumed because we cannot check when these units are active.

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.