]> Joshua Wise's Git repositories - netwatch.git/blame_incremental - README
Add TSC checks to measure how much time we spend in SMM.
[netwatch.git] / README
... / ...
CommitLineData
1NetWatch!
2
3This is NetWatch, a system for remote system-management-mode-based control
4of a machine without support from or awareness by the OS. It works by
5taking over a second network card to provide a standard VNC server, such
6that a machine elsewhere on the network can see the text or graphics console
7of the machine and inject keystrokes as needed.
8
9System management mode, introduced with the 386SL, essentially allows system
10driver code to run outside of OS control, caused by a special interrupt pin
11on the CPU. This was originally intended for applications such as laptop
12fan control; it is also the mechanism by which USB legacy keyboard emulation
13occurs. When a system management interrupt occurs, the northbridge remaps
14portions of memory to expose previously-hidden code, and asserts an SMI#
15signal, causing the CPU to save all its state into system management RAM and
16vector to a magic entry point.
17
18This is somewhat slow, and so there is a moderate performance impact caused
19by running NetWatch, more significant when a VNC session is open. Because
20NetWatch is invisible to the OS, its CPU usage is difficult to monitor; we
21do so by comparing the MD5 throughput of the system with NetWatch running
22versus without. The only way that the OS could detect this performance
23drain is by spinning tightly and watching for a sudden jump in the CPU's
24time stamp counters.
25
26Although it would be possible to start up NetWatch after an OS kernel has
27already loaded, it is easier and more useful to load it from GRUB before the
28OS boots, such that even the bootloader itself can be controlled over the
29network. We do this by providing a stub loader (grubload/) which can be
30invoked from GRUB, and takes care of loading the main NetWatch ELF image.
31Once this is done and NetWatch is up and running, the loader returns to real
32mode and reinvokes GRUB via the BIOS.
33
34Our current development platform, the Intel ICH2, does not allow SMM traps
35on arbitrary PCI accesses. This makes stealing the network card from the OS
36somewhat difficult, since there is nothing SMM code can do to cleanly block
37access. NetWatch simply chooses its desired network card, and then
38repeatedly clobbers the PCI base address registers. Although Linux resets
39the BARs to sane values when it probes the PCI bus, by the time it attempts
40to actually load the network driver, the card will no longer be accessible;
41fortunately, the driver quickly gives up, and Linux no longer attempts to
42access the card.
43
44The northbridge can be configured to invoke a system management interrupt
45every 64 milliseconds, and so the bulk of NetWatch's work is done from this
46interrupt: checking the network card for incoming packets, invoking lwIP,
47and sending any response packets necessary. SMM entry also occurs when when
48the OS reads from the keyboard I/O ports, to inject scan codes as needed.
49
50Much of NetWatch is very hardware-dependent, and although we've tried to
51maintain clean interface separation to allow for easy porting, the current
52implementation requires:
53
54 * Intel ICH2 system chipset
55 * 3C509 Ethernet card to be used by NetWatch, plus another card of
56 any type for the OS
57 * BIOS which does not set the D_LCK bit. Any system old enough to be
58 based on the ICH2 is very likely to have a suitable BIOS.
59
60Current open issues are listed in the TODO file. See GUIDE for an overview
61of which source files do what.
This page took 0.027123 seconds and 4 git commands to generate.