1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method, apparatus, and computer instructions for processing data. Still more particularly, the present invention relates to a method, apparatus, and computer instructions for managing operating systems in a logical partitioned data processing system.
2. Description of Related Art
Increasingly large symmetric multi-processor data processing systems, such as IBM eServer P690, available from International Business Machines Corporation, DHP9000 Superdome Enterprise Server, available from Hewlett-Packard Company, and the Sunfire 15K server, available from Sun Microsystems, Inc. are not being used as single large data processing systems. Instead, these types of data processing systems are being partitioned and used as smaller systems. These systems are configured as multi-partition enabled systems. In other words, a single physical data processing system has multiple partitions in which each partition has an operating system. These partitions may execute concurrently.
When the partitions are made in a logical manner, these systems are also referred to as logical partitioned (LPAR) data processing systems. A logical partitioned functionality within a data processing system allows multiple copies of a single operating system or multiple heterogeneous operating systems to be simultaneously run on a single data processing system platform. A partition, within which an operating system image runs, is assigned a non-overlapping subset of the platforms resources. These platform allocatable resources include one or more architecturally distinct processors with their interrupt management area, regions of system memory, and input/output (I/O) adapter bus slots. The partition's resources are represented by the platform's firmware to the operating system image.
Each distinct operation system or image of an operating system running within a platform is protected from each other such that software errors on one logical partition cannot affect the correct operations of any of the other partitions. This protection is provided by allocating a disjointed set of platform resources to be directly managed by each operating system image and by providing mechanisms for insuring that the various images cannot control any resources that have not been allocated to that image. Furthermore, software errors in the control of an operating system's allocated resources are prevented from affecting the resources of any other image. Thus, each image of the operating system or each different operating system directly controls a distinct set of allocatable resources within the platform.
With respect to hardware resources in a logical partitioned data processing system, these resources are disjointly shared among various partitions. These resources may include, for example, input/output (I/O) adapters, memory DIMMs, non-volatile random access memory (NVRAM), and hard disk drives. Each partition within an LPAR data processing system may be booted and shut down over and over without having to power-cycle the entire data processing system.
Currently, a system administrator can load operating systems for a logical partitioned data processing system, but is unable to know whether the operating system is a rogue or unauthorized operating system, one that has been illegally modified. In logical partitioned data processing systems that have been enabled to run multiple operating systems simultaneously, it is critical that a rogue or unauthorized operating system is not allowed to load and execute. This requirement is especially important with operating systems that support simultaneous multithreading (SMT) and sub-processor partitioning (SPP). If an unauthorized operating system is allowed to load, this operating system has automatic privilege levels that are sufficient to allow calls into the platform firmware.
With these privileges, an unauthorized operating system may attempt to penetrate the system and at the very least cause a loss of resources through denial of service attack attempts. The problem with an unauthorized operating system is more critical in SMT and SPP enabled systems because the unauthorized operating system may share processor facilities, rather than using isolated processors, and may be able to influence the other partitions to a greater extent.
Currently, no mechanisms are present to limit the loading of unauthorized operating systems. Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for preventing an unauthorized operating system from loading and executing in a logical partitioned data processing system.