[cap-talk] kernel object knowledge
Jonathan S. Shapiro
shap at eros-os.com
Wed May 30 13:25:19 EDT 2007
On Wed, 2007-05-30 at 10:03 -0700, Charles Landau wrote:
> In KeyKOS, Processes store capabilities only in Nodes (for example,
> the key registers node). The kernel must implement Nodes, but need
> not implement Processes (at least, not for that reason).
I was trying to restrict myself to the context of Jed's original
question.
More generally, the kernel must implement those objects that contain
sensitive or privileged state. Capabilities are merely an example case.
More precisely, these must be implemented by universally trusted code.
It is conceivable to implement a system in which the kernel performs
only communication operations, and the code that we would normally think
of as a kernel is implemented by a supervisor-mode process. However,
this is merely an implementation technique. It doesn't change the
essential requirement.
shap
More information about the cap-talk
mailing list