Editing Hypervisor

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
The PS5 utilizes a presumably custom hypervisor (HV) to protect the non-secure kernel. The hypervisor is a virtual machine monitor (VMM), where kernel and usermode applications such as games run in a guest OS. Hardware, as well as the x86 kernel, talks to the Hypervisor through "hypercalls" and [https://en.wikipedia.org/wiki/Memory-mapped_I/O memory-mapped I/O (MMIO)]. It can be considered the highest privilege level for x86 on the system.
The more conventional use of a hypervisor is to run separate virtual machines on a host machine that are isolated from each other and can run their own guest operating systems. In the PS5 case, it is used primarily for Virtualization Based Security (VBS) to protect the kernel integrity.
The PS5 Hypervisor protects the integrity of the [https://en.wikipedia.org/wiki/Control_register Control Registers (CRs)], which by extension includes Write Protection (WP) and other protections such as [https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention Supervisor Mode Access/Execution Prevention (SMAP/SMEP)]. It also protects the kernel page table entries through the use of nested paging via [http://developer.amd.com/wordpress/media/2012/10/NPT-WP-1%201-final-TM.pdf Second Level Address Translation (SLAT)]. By looking at the hypercalls, it seems Sony has also moved the I/O memory management unit (IOMMU) to the Hypervisor from the kernel.
== Hypercalls ==
== Hypercalls ==
The PS5 Hypervisor has very few hypercalls compared to the PS3's. Little information is known about them as of yet beyond the call names.


{| class="wikitable"
{| class="wikitable"
Line 47: Line 39:
|}
|}


== In-Kernel Hypervisor (<= 2.70) ==
== In-Kernel Hypervisor (<= 2.50) ==


On PS5 System Software 2.70 and lower, the Hypervisor is integrated as part of the kernel binary. Later versions have the Hypervisor as a separately loaded component.
On 2.50 and lower, the hypervisor is integrated as part of the kernel binary. This is the "first iteration" of the hypervisor, later versions have the hypervisor as a separately loaded component. The hypervisor's main goals are to protect kernel code integrity and enforce <code>xotext</code> (aka. eXecute Only Memory or "XOM") on the kernel.


The hypervisor's main goals are to protect kernel code integrity and enforce <code>xotext</code> (aka. eXecute Only Memory or "XOM") on the kernel. To accomplish this, Sony takes advantage of various features provided by AMD Secure Virtual Machine (SVM), such as; Nested Page Tables (NPT), Guest Mode Execute Trap (GMET), and intercepting reads/writes to Control Registers (CRs) as well as Machine State Registers (MSRs). Furthermore, xotext seems to be hardware-backed as a collaboration with AMD, named "nda feature". The hypervisor also manages the I/O Memory Management Unit (IOMMU), as hinted by the fact that it exposes various hypercalls for configuring it.
To accomplish this, Sony takes advantage of various features provided by AMD Secure Virtual Machine (SVM), such as; Nested Page Tables (NPT), Guest Mode Execute Trap (GMET), and intercepting reads/writes to Control Registers (CRs) as well as Machine State Registers (MSRs). Furthermore, xotext seems to be hardware-backed as a collaboration with AMD, named "nda feature". The hypervisor also manages the I/O Memory Management Unit (IOMMU), as hinted by the fact that it exposes various hypercalls for configuring it.


It is worth noting the hypervisor is very small, especially when compared to that of the PS3. It only supports a handful of hypercalls and mainly exists to protect the kernel. It does not run multiple VMs or use nested virtualization. It only virtualizes the kernel/usermode, which Sony calls "GameOS".
It's worth noting the hypervisor is very small, especially when compared to that of the PS3. It only supports a handful of hypercalls and mainly exists to protect the kernel. It doesn't run multiple VMs or use nested virtualization, it only virtualizes the kernel/userspace, which Sony calls "GameOS".


=== Page Tables ===
=== Page Tables ===
Line 96: Line 88:
| 21 || SMAP || Supervisor Mode Access Protection
| 21 || SMAP || Supervisor Mode Access Protection
|-
|-
| 20 || SMEP || Supervisor Mode Execution Prevention
| 20 || SMEP || Supervisor Mode Execution Preventino
|-
|-
| 0 || VME || Virtual 8086 Mode Extensions
| 0 || VME || Virtual 8086 Mode Extensions
Please note that all contributions to PS5 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS5 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)