The hypervisor and its implications
Date: Tuesday, November 29 @ 16:40:43 UTC
Topic: Xbox Hacking
We're taking an in-depth technical look at one of the Xbox 360's features, its hypervisor. The Xbox 360 contains a hypervisor which provides security for the system--good news for Microsoft, bad news for hackers, as Microsoft has included it as part of its plans for a hack-proof 360. What are the implications of this for gamers and for those who wish to experiment with their console?
Firstly, a look at how the processor executes code on the 360. The Xbox 360's CPU is based around the PowerPC architecture, which is well-suited to virtualisation. The hypervisor is a program on the system which can provide the operating system with virtual hardware or limit its access to memory, so a program running on top of a hypervisor thinks it is running inside a single virtual machine and talking directly to the hardware, rather than within another operating system.
On the Xbox 360, the hypervisor program is the bottom line, running in kernel mode (which means it has unlimited access to the system's hardware). The operating system runs on top of the hypervisor in user mode, and its access is meted out by the hypervisor. This means that the hypervisor can emulate the original Xbox without the 360's operating system being involved.
The security implications are unfortunately clear: nothing is going to get past the hypervisor unless it's vetted by Microsoft, and the hypervisor's security is most likely built in to the boot sequence with cryptographic signing to prevent tampering.
However, as a feature, the hypervisor holds interesting implications--if it becomes possible to tap into the boot sequence and load alternative operating systems, then it will be easy to switch between them at will, neither affecting the state of the other. For gaming, the entire virtual machine could be saved to disc thus pausing the game exactly--and the saved machine could be modified (yes, for cheating). Different consoles could be virtualised as well as different sets of hardware, so gamers could try out other game platforms and operating systems.
In conclusion, the architecture developed for the 360, including its hypervisor, contains some exciting possibilities--the easily-virtualised PowerPC can be fully taken advantage of by the hypervisor. However, Microsoft have locked down the 360 and it's not going to be easy for third parties to get inside the console's security, so end users are denied the opportunity to fully take advantage of the console's hardware.