1. Field of the Invention
The present invention concerns operating system environments in general, and a technique for migrating code in a pre-operating system environment into the operating system runtime environment with trust and integrity guarantees in particular.
2. Background Information
Modern firmware interface standards, such as extensible firmware interface (EFI) 1.0, provide a programmatic interface that operating system (OS) loaders use to bootstrap an OS kernel. This requires an operating system interface to interact with firmware interfaces that are mapped into a kernel virtual address at runtime. The kernel-mode nature of these firmware services means that an errant pointer or programming error in the firmware service can undermine the safety and security of the entire operating system (e.g., no memory protection between privileged agents “co-located” or both operating in supervisor mode or Ring 0), unless the entire kernel, in turn, is contained in something like a virtual machine monitor. This type-safety described herein is the root of a system security and fault-tolerance policy.
Currently, there are several techniques that purport to guarantee type-safety and consistency through use of such a virtual machine monitor scheme. For example, Microsoft's .NET's C# and Sun Microsystem's Java programming languages are new high-level languages that are used to generate a type-safe intermediate encoding (Common Language Runtime (CLR) and Java Virtual Machine Language (JVML), respectively) that is implemented at runtime. In order to guarantee safety at runtime (such as prevent aberrant, illegal behaviors that imperial the OS, including buffer overruns, illegal casts, etc.), these languages are pre-verified and then interpreted.
While the foregoing techniques provide for some level of safety, they have several drawbacks. For example, while the pre-verification is a one-time operation whose engendered latency can be countenanced inasmuch as most program loads engender some delay (such as access to persistent media from which to effect the load), the runtime interpretation has proven to be a performance issue in systems that implement C# or Java. In order to address this performance issue, many platforms that support the CLR or JVML perform a Just-In-Time compilation of the intermediate encoding into the microprocessor's native encoding. The problem therein is that there is no standardized mechanism to guarantee that the safety properties of the code have been preserved across this transformation.