• Save
ARM Linux Embedded memory protection techniques
Upcoming SlideShare
Loading in...5
×
 

ARM Linux Embedded memory protection techniques

on

  • 1,786 views

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

Statistics

Views

Total Views
1,786
Views on SlideShare
1,786
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ARM Linux Embedded memory protection techniques ARM Linux Embedded memory protection techniques Presentation Transcript

  • Prabindh SundaresonMemory Protection Features in ARM and Linux
  • Contents• Security features in ARM HW– Memory Protection• Memory Protection Status in Software– Linux– Android• External security frameworks
  • Memory Protection Features in ARM• Derived from Page Table entries, applicable to different types of pages– pages, sections …• Consists of Read-Only (RO), and Execute Never (XN)• This is available in ARMv6 and above systems, only with MMU enabled• Memory protection is a combination of HW, Kernel usage of HWfeatures, and information embedded in userland applications bytoolchain for region protection
  • Execute Never (XN)• Part of First and Second Level Page Table Entries• A15 adds an extra entity - PXN (Privileged XN)
  • Read Only (RO)• Part of AP and APX Data Access Permissions in Page Table entry
  • ARM First Level Descriptor
  • ARM Second Level Descriptor
  • Linux handling of Page Tables• Linux standardises Page Table across architectures, independent ofspecific HW – x86, ARM or other– Linux bit encodings are different from that of ARM Page Table entries, butmapping is straightforward to an extent
  • Native Linux – Memory Protection StatusNote –1. All object files in an application have to be built with noexecstack, including assembly.Even if one file is not built with this, the entire application is built without XN for the stack2. Xorg, some media players in Linux are reported to have issues with XN in stack3. This status is as of Sep 2012Desired Mapping x86 Linux Kernel ARM Linux Kernel User Applications TI ConfirmedKernel Code (.text) RO Yes (CONFIG_DEBUG_RODATA) No NA -Kernel Read Only Data RO Yes (CONFIG_DEBUG_RODATA) No NA -Kernel Stack XN Yes (CONFIG_DEBUG_RODATA) No NA -User Stack XN NA NAApplications to berebuilt withnoexecstack (all.obj files, includingassembly)gcc4.1x, glibc 2.5.noexecstack isdefault in gcc4.xtoolchains -IO Region (Device) XN (MT_DEVICE) Yes Yes NA Norelro (Read-Onlyrelocations for sharedlibraries) RO NA NANeeds to beexplicitly enabledin application build.Linker makes textread-only aftercorrect relocation -gcc4.1x, glibc 2.5 NoStack LayoutRandomisation randomisation Yes Yes - NoString Vulnerability String checks NA NAformat-security tobe added toapplication buildsexplicitly No
  • Other Security Techniques• Commonly used are - grsecurity, PaX• These are not in mainline Linux kernel including for ARM, and need tobe applied separately• grsecurity provides kernel hardening features (ex devmem, ports)• PaX provides memory protection features (including XN emulation)• These also include patches for toolchains to ensure protection mapping
  • Android Status• Starting from Android 2.3 onwards, Android adds– Address space layout (ASLR) randomisations– Support for XN– Other features described in (http://source.android.com/tech/security/)
  • References• MT_DEVICE ioremap– http://lkml.indiana.edu/hypermail/linux/kernel/1108.2/02745.html• GCC patch for GNU-STACK– https://android.googlesource.com/toolchain/gcc/+/f68bf0c483879d30c4d97b9eaf8f9eb558ea1c45%5E1..f68bf0c483879d30c4d97b9eaf8f9e• Russell King on .text RO– http://www.spinics.net/lists/arm-kernel/msg120951.html• Bypassing XN/ ASLR– http://www.phrack.org/issues.html?issue=58&id=4#article• Grsecurity Patchset for 3.x– http://mirrors.muarf.org/grsecurity/stable/grsecurity-2.9-3.2.18-201206011935.patch.gz• Gentoo Hardened– http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml• Ubuntu Security– https://wiki.ubuntu.com/Security• ROM filesystems and booting– http://elinux.org/images/b/b1/Filesystems-for-embedded-linux.pdf– http://lugatgt.org/content/booting.inittools/downloads/presentation.pdf– http://processors.wiki.ti.com/index.php/Creating_a_Root_File_System_for_Linux_on_OMAP35x#Configure_the_Linux_Kernel_for_RAMDISK_support• Loadable Kernel Modules - introduction– http://www.ibm.com/developerworks/linux/library/l-lkm
  • Linux Kernel References• ELF loading– arch/arm/kernel/elf.c b/arch/arm/kernel/elf.c, fs/binfmt_elf.c• Contains elf loading and protection settings based on elf information• Page Table operations• archarmincludeasmpgtable-2level-types.h• archarmincludeasmpgtable-2level-hwdef.h• archarmincludeasmpgtable.h• archarmmmmmu.c