A ring inside a ring inside a ring

Modern processors such as the Pentium ][ and newer, have always had a supervisory mode that they could switch on. They don't wake up that way, primarily because a CPU that doesn't have any software to support it is a dead duck in the marketplace, so INTeL, and several others, implemented the antiquated instruction set of the earliest INTeL i8086 microprocessor inside their new top of the line models. The Non-INTeL tribes often resorted to either sub-licensing the old standard instruction set from INTeL or implemented it as an emulated extension in the BIOS firmware. Here you have a totally foreign processor running on a machine, yet acting like a genuine INTeL Pentium, complete in its detail to the inclusion of an antiquated instruction set that would correctly run the by then ancient M$-DOS, running in i8086 mode. The emulation was so perfect, and complete that when modern operating systems treated it like the Pentium it appeared to be, and switched on supervisory mode, this foreigner faked the Pentium instruction set so perfectly, bugs and all, that it ran all the software an end user expected it to. If not for the deliberate inclusion of an intensional flaw in the design of the emulation program to enable specially written software running in Pentium supervisory mode, to activate the processors true instruction set, it would be indistinguishable from a real INTeL Pentium, except maybe timing issues might provide a hint, and then again maybe not if that too were also diligently adhered to. Think of it, an INTeL Pentium, faked in firmware, running on a processor made by some Chinese company! This clever fakery, afforded by the BIOS, is called Ring minus one technology. The implication here is that you as a computer program, can't even detect that you are not running on a real INTeL Pentium, AND you are completely unaware of any other activity that is going on in Ring minus one. It is as if any activity that happens there was done in real hardware, it is totally and completely invisible to you as a program running at Ring zero. Imagine a target, drawn in a two dimensional world, when you live in this two dimensional world, and you look at this target from the outside, it looks to you like a circle. You have no way to know of any concentric rings inside the target. Nor do you have any possibility of knowing about any of the goings on inside those concentric rings. What if some really vicious malware were hidden there, a key logger for instance, how could ANY antimalware program detect, let alone eradicate such a menace. Simple answer, is it can't. This is especially true if the menace is exceptionally well written. Todays BIOSes are flashable, and many motherboard makers leave the feature turned on by default. Can you say Bad Idea! You could reformat the hard drive, even re-flash the BIOS, and the malware would allow you to believe that you had eradicated the evil menace, while no such thing happened in reality. Scary isn't it. There is a company whose Lap-Tops "phone home" to the mother ship, this has been observed by many sysadmins while doing routine network traffic analysis. The Lap-Top initiates the conversation, and it does this regardless of the operating system installed, so it has to be in the BIOS. As far as anybody knows they are shipped from the factory this way. Since we as users are not in control of this firmware, all we can really do is observe and since these Lap-Tops might not lay out all their tricks for us to see, we may never know what all they are telling the mothership about us, scary huh? But if you think this is bad, the world of Cell phones is orders of magnitude worse than this. So how can you defend against this sort of thing? Well for starters there is an Open Source BIOS project, and since BIOSes tend to setup a machine in a way to make all features of the machine usable by what ever operating system might ever conceivably use them, and with all hardware that might ever conceivably be plugged into the busses, the normal BIOS a machine comes with, is burdened with so many tests that never get implemented that when an Open Source BIOS is installed it can boot Linux in less than one second. Pretty cool huh. Finally your machine belongs to you!