The co-filed and commonly assigned U.S. patent application Ser. No. 12/059,622, Sobel et al., entitled “VIRTUAL MACHINE FILE SYSTEM CONTENT PROTECTION SYSTEM AND METHOD” (The “VM FILE SYSTEM APPLICATION”), concerns shared, isolated, and secure file system content protection for virtualization platforms. The VM FILE SYSTEM APPLICATION is herein incorporated by reference in its entirety. The VM FILE SYSTEM APPLICATION addresses booting secured VMs as if they where booting from a network, so that they exclusively use a file system serviced by a hypervisor, such that all changes to the file system by secured VMs are fully controlled. Embodiments of the technology described by the VM FILE SYSTEM APPLICATION works very well under circumstances in which the vendor of the operating system that is booted on the VMs supports network booting. Embodiments of technology described by the VM FILE SYSTEM APPLICATION can be efficiently implemented by assuming control over the virtual BIOS of a secured VM, such that a custom and efficient interface can be used to effect network booting.
PXE is a well established standard for network booting of computing devices, and has been available since 1998. It is part of the Wired for Management (“WfM”) initiative spearheaded by Intel. Under PXE, a client computer boots from a network by transferring a boot image file from a network server. The boot image can be in the form of the operating system to be booted on the client computer, or in the form of a pre-operating system agent that performs management tasks. PXE is not operating system specific; the transferred image file can implement any function that can be performed by other runtime code on the client computer.
In addition to a PXE component on the client, several PXE server components are also part of the system. The PXE process is started by the client sending a specially crafted Dynamic Host Configuration Protocol (DHCP) request to the PXE server. (DHCP is a protocol used by networked clients to obtain various parameters for operation on an Internet Protocol (IP) network.) The special DHCP request indicates to the PXE server that this DHCP request comprises a request by a PXE client to boot remotely. The PXE server responds by assigning the client to an IP address to use for PXE communication. After some handshaking using the assigned IP address, the PXE server uses Trivial File Transfer Protocol (TFTP) to transfer the boot image to the PXE client. PXE provides the glue that enables network booting of any operating system. However, PXE does not specifically provide any support for VMs, and does not support controlling the boot process on secured VMs.
It would be desirable to be able extend the control of network booting for secured VMs of the VM FILE SYSTEM APPLICATION to operating systems that do not support network booting, and to virtualization platforms over which a party does not have full control.