[cap-talk] Secure Restart or Trusted Recovery?

[Jed Donnelley]

At 02:00 PM 1/5/2007, Valerio Bellizzomi wrote:
>On 04/01/2007, at 18.33, Jed Donnelley wrote:
>...
> >1.  Cold start - build only an initial set of systems processes as if
> >after a base system build to the disk.  Fairly safe, but of course even
> >the code for the kernel and the base system processes could have
> >been corrupted on disk.
> >
> >2.  Warm start - recover all processes that have no components
> >in memory.  Process state is checked for minimal consistency
> >(e.g. memory mapping, etc. when pulled in from disk - this happens
> >in any case).  Processes that had contents in memory are faulted.
> >Processes whose state was entirely on the disk can begin to run.
> >
> >This "recovery" might be considered to do it's best to check
> >and recover from process state on disk.
>
> >3.  Hot start - a system initializer paws through what's in
> >memory (overlaying lower memory where the kernel code
> >resides), checking for consistency with process state that's
> >on disk and tries to write out the memory content to the appropriate
> >process states on disk.  Any processes successfully recovered
> >can begin to run right away as well as those whose state was entirely
> >on rotating storage.
>
> >This "recovery" can be considered to do it's best to check
> >and recover from process state on disk and from process
> >state in memory.
>
>I know the two terms above differently:
>
>Cold start: when the machine has power turned off, load OS after machine
>power on,
>and
>Warm start: when the machine has power turned on, load OS after machine
>reset.

The above Cold/Warm distinction seems nearly vacuous to me.  I guess in
principle the Warm start as above could recover content from memory, but
did it?  Are the above two means to the same end?

While we're at terminology I'll mention a term that's floated around the
supercomputer "industry", "Checkpoint/Restart".  This term is also a
bit ambiguous.  For example, there is this:

http://computing-dictionary.thefreedictionary.com/checkpoint%2Frestart

that seems to apply to a whole system, though it seems to ignore
changes to rotating storage that happen after a checkpoint.

Here's a notion that's a bit more familiar to me:

http://ftg.lbl.gov/CheckpointRestart/CheckpointRestart.shtml

as I know some of the people who worked on that scheme for a time.

Here's another per application notion of Checkpoint/Restart:

http://publib.boulder.ibm.com/infocenter/pdthelp/v1r1/index.jsp?topic=/com.ibm.entcobol4.doc/cpchk02.htm

I spent a bit of time looking back through this thread and some of
the historical links that it derived from.

May I ask, independent of the name: "Secure Restart" or "Trusted Recovery",
what mechanism is actually being discussed?  Does it relate in any
way to the recovery of processes from disk or recovery of processes
from memory (presumably after a "crash" or other system fault)?  I guess
it goes without saying, but after a clean shutdown of our NLTSS system
all processes returned to their state before the shutdown - except of
course that a large chunk of time disappeared.   The "warm start" described
was essentially the dual of the clean shut down.  A "cold start" started
the system without running processes other than those initialized by
a new system build.

What I describe above as a "hot start" was the most ambitious.  This could
be used after some sort of system failure (e.g. a crash, hardware fault,
etc.) when main memory was still in tact.  An initialization/recovery
program would overlay where the system kernel would eventually be
placed and it would look through memory for process state that could
be written to disk to allow processes that were running at the time of a
crash to be recovered and restarted after the subsequent continuation
that had the effect of a "warm start" (system load, processes recovered
from disk).

Is it either of these sorts of actions that's being discussed as
"Secure Restart" or "Trusted Recovery" or perhaps something
quite different?

--Jed http://www.webstart.com/jed/