[netwatch.git] / README

NetWatch!

	This is NetWatch, a system for remote system-management-mode-based
control of a machine without support from or awareness by the OS. It works by
taking over a second network card to provide a standard VNC server, such that
a machine elsewhere on the network can see the text or graphics console of the
machine and inject keystrokes as needed.

	<description of SMM and what we do with it>.

	<benchmarks here>.

	Because NetWatch is invisible to the OS, its CPU usage is difficult to
monitor; we do so by comparing the MD5 throughput of the system with NetWatch
running versus without. The only way that the OS could detect this performance
drain is by spinning tightly and watching for a sudden jump in the CPU's time
stamp counters.

	Although it would be possible to start up NetWatch after an OS kernel
has already loaded, it is easier and more useful to load it from GRUB before
the OS boots, such that even the bootloader itself can be controlled over the
network. We do this by providing a stub loader (grubload/) which can be invoked
from GRUB, and takes care of loading the main NetWatch ELF image. Once this is
done and NetWatch is up and running, the loader returns to real mode and
reinvokes GRUB via the BIOS.

	Our current development platform, the Intel ICH2, does not allow SMM
traps on arbitrary PCI accesses. This makes stealing the network card from the
OS somewhat difficult, since there is nothing SMM code can do to cleanly block
access. NetWatch simply chooses its desired network card, and then repeatedly
clobbers the PCI base address registers. Although Linux resets the BARs to sane
values when it probes the PCI bus, by the time it attempts to actually load
the network driver, the card will no longer be accessible; fortunately, the 
driver quickly gives up, and Linux no longer attempts to access the card.

	The northbridge can be configured to invoke a system management
interrupt every 64 milliseconds, and so the bulk of NetWatch's work is done
from this interrupt: checking the network card for incoming packets, invoking
lwIP, and sending any response packets necessary. SMM entry also occurs when
when the OS reads from the keyboard I/O ports, to inject scan codes as needed.

	Much of NetWatch is very hardware-dependent, and although we've tried
to maintain clean interface separation to allow for easy porting, the current
implementation requires:

  - Intel ICH2 system chipset
  - 3C509 Ethernet card to be used by NetWatch, plus another card of
    any type for the OS
  - BIOS which does not set the D_LCK bit. Any system old enough to be
    based on the ICH2 is very likely to have a suitable BIOS.

	Current open issues are listed in the TODO file.
Commit	Line	Data
c00c1c15 JP	1	NetWatch!
	2
	3	This is NetWatch, a system for remote system-management-mode-based
	4	control of a machine without support from or awareness by the OS. It works by
	5	taking over a second network card to provide a standard VNC server, such that
	6	a machine elsewhere on the network can see the text or graphics console of the
	7	machine and inject keystrokes as needed.
	8
	9	<description of SMM and what we do with it>.
	10
	11	<benchmarks here>.
	12
	13	Because NetWatch is invisible to the OS, its CPU usage is difficult to
	14	monitor; we do so by comparing the MD5 throughput of the system with NetWatch
	15	running versus without. The only way that the OS could detect this performance
	16	drain is by spinning tightly and watching for a sudden jump in the CPU's time
	17	stamp counters.
	18
	19	Although it would be possible to start up NetWatch after an OS kernel
	20	has already loaded, it is easier and more useful to load it from GRUB before
	21	the OS boots, such that even the bootloader itself can be controlled over the
	22	network. We do this by providing a stub loader (grubload/) which can be invoked
	23	from GRUB, and takes care of loading the main NetWatch ELF image. Once this is
	24	done and NetWatch is up and running, the loader returns to real mode and
	25	reinvokes GRUB via the BIOS.
	26
	27	Our current development platform, the Intel ICH2, does not allow SMM
	28	traps on arbitrary PCI accesses. This makes stealing the network card from the
	29	OS somewhat difficult, since there is nothing SMM code can do to cleanly block
	30	access. NetWatch simply chooses its desired network card, and then repeatedly
	31	clobbers the PCI base address registers. Although Linux resets the BARs to sane
	32	values when it probes the PCI bus, by the time it attempts to actually load
	33	the network driver, the card will no longer be accessible; fortunately, the
	34	driver quickly gives up, and Linux no longer attempts to access the card.
	35
	36	The northbridge can be configured to invoke a system management
	37	interrupt every 64 milliseconds, and so the bulk of NetWatch's work is done
	38	from this interrupt: checking the network card for incoming packets, invoking
	39	lwIP, and sending any response packets necessary. SMM entry also occurs when
	40	when the OS reads from the keyboard I/O ports, to inject scan codes as needed.
	41
	42	Much of NetWatch is very hardware-dependent, and although we've tried
	43	to maintain clean interface separation to allow for easy porting, the current
	44	implementation requires:
	45
	46	- Intel ICH2 system chipset
	47	- 3C509 Ethernet card to be used by NetWatch, plus another card of
	48	any type for the OS
	49	- BIOS which does not set the D_LCK bit. Any system old enough to be
	50	based on the ICH2 is very likely to have a suitable BIOS.
	51
	52	Current open issues are listed in the TODO file.