Trusted Recovery

Trusted Recovery：

 

An operating system’s response to a type of failure can be classified as one of the
following:
• System reboot
• Emergency system restart
• System cold start

 

1、system reboot ：（可控的，可靠的）

A system reboot takes place after the system shuts itself down in a controlled manner
in response to a kernel (trusted computing base) failure. If the system finds inconsistent
object data structures or if there is not enough space in some critical tables, a system
reboot may take place. This releases resources and returns the system to a more stable
and safer state.

 

2、emergency system restart ：（不可控的）

An emergency system restart takes place after a system failure happens in an uncontrolled
manner. This could be a kernel or media failure caused by lower-privileged user
processes attempting to access memory segments that are restricted. The system sees
this as an insecure activity that it cannot properly recover from without rebooting. The
kernel and user objects could be in an inconsistent state, and data could be lost or corrupted.
The system thus goes into a maintenance mode and recovers from the actions
taken. Then it is brought back up in a consistent and stable state.

 

3、system cold start ：（不可控，通常需要人工干预）

A system cold start takes place when an unexpected kernel or media failure happens
and the regular recovery procedure cannot recover the system to a more consistent state.
The system, kernel, and user objects may remain in an inconsistent state while the system
attempts to recover itself, and intervention may be required by the user or administrator
to restore the system.

 

本文出自 “木鸟” 博客，谢绝转载！