dan_f14 wrote:Ok, just so I can understand this and it may be going a little offtopic so I will keep it brief. As I understand it the geohot hack enables him to kick the 7th SPU which is the hypervisor. If he did that then the hypervisor wouldn't be running so it wouldn't be mimicking a standard pc which means that ydl or any other linux distro wouldn't work. And just as a side note how come the hypervisor didn't mimick a stadard arcitecture? It would be far easier configuring things such as flash.
Sorry this is a bit offtopic, feel free to move.
Dan
Of course, nothing is ever quite that simple.
The 7th SPE is not actually the hypervisor, per se. According to
geohot's blog post, "The hypervisor is complicated, it is written in C++ and is PPC" which means it's running on the PPE.
What the 7th SPE is doing is more interesting.
I'm going to post a link to an article:
http://www.ibm.com/developerworks/power ... lsecurity/Now - this article is pretty technical. But - Kanna Shimizu is the architect of the Cell's security, and she summarizes the three main security features in the Cell:
1. "The Secure Processing Vault" - This means you can give an SPE some code to execute, then "lock" it away in a vault. Once it enters this "vault", it runs independently from the rest of the system - in hardware. There's no way to look at its local store (LS) memory or see what it's doing - you can only talk to it via its own interface or kick it out of the system.
As the article states: "Because of this hardware isolation, even the operating system and the hypervisor cannot access the locked up LS or take control of the SPE core"
This is what the 7th SPE does - it is running Sony encryption/decryption software locked in the Secure processing vault. This 7th SPE is providing the security for the GameOS.
2. "Runtime secure boot" - When an SPE enters isolation, it fetches a key from hardware and verifies the code is still encrypted correctly. It can do this multiple times, removing the ability to tamper and run unsigned code.
3. "Hardware Root Of Secrecy" - Finally, the master, root encryption key of the system is kept in hardware in the core of the Cell itself. It cannot be accessed via software and is invoked when an SPE enters isolation mode. A non-isolation SPE cannot access the root master key.
So - in summary - the 7th SPE is used by the system for encryption/decryption and the keys are contained within the Cell hardware. When Geohot says he can "kick" the 7th SPE, what he means is that he can take it out of Secure Processing Vault mode and make it available
as a regular SPE to the system. He's not talking about the hypervisor per se. That's still running, but he can control it.
Finally - to clarify - the hypervisor does mimic a standard architecture -
read the article in my previous post to see how much it makes the PS3 conform to standard Linux.
What you're really asking is "Why doesn't the hypervisor mimic an Intel processor?" Unfortunately, there would be a massive speed penalty for this - it would be translating x86 or x86_64 code into ppc code, like QEMU does. It would be far simpler to have Adobe release a native PowerPC version, than try to run an x86 linux in software emulation on a PowerPC.
Cheers,
Paul