Walter did yo realy go Ohhhh?

[Georg Wrede]

Don wrote:
> Nick Sabalausky wrote:
> 
>> What's the difference between that x86 page protection and whatever 
>> that new feature is (something about process protection I think?) that 
>> CPUs have just been starting to get?  (boy, I'm out of the loop on 
>> this stuff) 
> 
> The page protection is implemented by the OS, and only applies to user 
> apps, not kernel drivers.
> 
>  From reading the AMD64 System Programming manual, it seems that the 
> 'secure virtual machine' feature is roughly the same thing, except at an 
> even deeper level: it prevents the OS kernel from accessing specific 
> areas of memory or I/O. So it even allows you to sandbox the kernel (!)

Gawhhhhh.

But seriously, that is the way to let you run virtual machines where 
there could be several kernels, possibly of several operating systems.

So, when processors evolve, and operating systems increasingly take 
advantage of the features of the existing processors, having the /next/ 
processor generation have yet another level of "priority" guarantees 
that the operating systems for the previous processor can all be 
virtualised with 100% accuracy, 100% efficiency, and 100% security.

Without this it would be virtually (no pun intended) impossible.

---

Now, with the majority of operating systems today (at least most Linuxes 
are compiled with the 386 as the target while it's about 5 years since 
"anybody ever" has tried to run Linux on a 386 -- dunno about Windows, 
but I assume most Windows versions are theoretically runnable on a 386, 
too), this would not be a priority.

Actually it is a matter of Prudent Development. The only way you (as a 
processor manufacturer) can literally guarantee that the previous 
processor can be fully virtualised, is to add yet another layer of 
privilege.