Page 11

Tech Note #110: Concept for a Secure Network Computer

Tuesday, 11 January 2000

http://www.tatanka.com

[tn0110]

Page 11 of 18

Booting the Host Computer

Once the SNC connects to an information domain, the SNC enforces isolation from any other
domain. The only source for the HC’s programs (operating system and application) is from
within the current domain. The next step after connection is to boot the HC by loading an
operating system into it.

Based on configuration, and possibly on the user’s identity and credentials, the user may be
given a choice of operating systems, or may be restricted to a single possibility. If there is a
choice, then the user may be prompted to select the operating system to boot. This may be done
using a first-level boot program running in the HC, or may be done by the SM using the user i/o
device.

In any case, some operating systems (such as Unix and its variants) are network-aware to the
extent that they can be booted without a disk, while others (such as Windows) must have disk
support. To accommodate both kinds of operating system, the HC’s BIOS must offer two
possibilities:

•

Option 1: Using some combination of the HC BIOS and the SM software, emulate a disk
drive. The virtual disk would be a file on a server in the remote enclave.

•

Option 2: Provide a network boot facility, as is found on many workstations. (The usual
protocols are those of tftp or nfs.)

Because the SM already contains a protocol stack, the ISMCPU hosts any network operations
associated with the boot process.

Once to HC’s operating system is booted, it will use its own network features, if any, to
communicate with the other machines of the information domain. The HC’s operating system
will view the SM as a network card. The INA can be designed to emulate a standard network
adapter, or it can have a novel interface and a custom driver can be written for the HC’s
operating system.