Your SlideShare is downloading. ×
ARM Linux Embedded memory protection techniques
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ARM Linux Embedded memory protection techniques

2,488
views

Published on

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,488
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Prabindh SundaresonMemory Protection Features in ARM and Linux
  • 2. Contents• Security features in ARM HW– Memory Protection• Memory Protection Status in Software– Linux– Android• External security frameworks
  • 3. Memory Protection Features in ARM• Derived from Page Table entries, applicable to different types of pages– pages, sections …• Consists of Read-Only (RO), and Execute Never (XN)• This is available in ARMv6 and above systems, only with MMU enabled• Memory protection is a combination of HW, Kernel usage of HWfeatures, and information embedded in userland applications bytoolchain for region protection
  • 4. Execute Never (XN)• Part of First and Second Level Page Table Entries• A15 adds an extra entity - PXN (Privileged XN)
  • 5. Read Only (RO)• Part of AP and APX Data Access Permissions in Page Table entry
  • 6. ARM First Level Descriptor
  • 7. ARM Second Level Descriptor
  • 8. Linux handling of Page Tables• Linux standardises Page Table across architectures, independent ofspecific HW – x86, ARM or other– Linux bit encodings are different from that of ARM Page Table entries, butmapping is straightforward to an extent
  • 9. Native Linux – Memory Protection StatusNote –1. All object files in an application have to be built with noexecstack, including assembly.Even if one file is not built with this, the entire application is built without XN for the stack2. Xorg, some media players in Linux are reported to have issues with XN in stack3. This status is as of Sep 2012Desired Mapping x86 Linux Kernel ARM Linux Kernel User Applications TI ConfirmedKernel Code (.text) RO Yes (CONFIG_DEBUG_RODATA) No NA -Kernel Read Only Data RO Yes (CONFIG_DEBUG_RODATA) No NA -Kernel Stack XN Yes (CONFIG_DEBUG_RODATA) No NA -User Stack XN NA NAApplications to berebuilt withnoexecstack (all.obj files, includingassembly)gcc4.1x, glibc 2.5.noexecstack isdefault in gcc4.xtoolchains -IO Region (Device) XN (MT_DEVICE) Yes Yes NA Norelro (Read-Onlyrelocations for sharedlibraries) RO NA NANeeds to beexplicitly enabledin application build.Linker makes textread-only aftercorrect relocation -gcc4.1x, glibc 2.5 NoStack LayoutRandomisation randomisation Yes Yes - NoString Vulnerability String checks NA NAformat-security tobe added toapplication buildsexplicitly No
  • 10. Other Security Techniques• Commonly used are - grsecurity, PaX• These are not in mainline Linux kernel including for ARM, and need tobe applied separately• grsecurity provides kernel hardening features (ex devmem, ports)• PaX provides memory protection features (including XN emulation)• These also include patches for toolchains to ensure protection mapping
  • 11. Android Status• Starting from Android 2.3 onwards, Android adds– Address space layout (ASLR) randomisations– Support for XN– Other features described in (http://source.android.com/tech/security/)
  • 12. References• MT_DEVICE ioremap– http://lkml.indiana.edu/hypermail/linux/kernel/1108.2/02745.html• GCC patch for GNU-STACK– https://android.googlesource.com/toolchain/gcc/+/f68bf0c483879d30c4d97b9eaf8f9eb558ea1c45%5E1..f68bf0c483879d30c4d97b9eaf8f9e• Russell King on .text RO– http://www.spinics.net/lists/arm-kernel/msg120951.html• Bypassing XN/ ASLR– http://www.phrack.org/issues.html?issue=58&id=4#article• Grsecurity Patchset for 3.x– http://mirrors.muarf.org/grsecurity/stable/grsecurity-2.9-3.2.18-201206011935.patch.gz• Gentoo Hardened– http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml• Ubuntu Security– https://wiki.ubuntu.com/Security• ROM filesystems and booting– http://elinux.org/images/b/b1/Filesystems-for-embedded-linux.pdf– http://lugatgt.org/content/booting.inittools/downloads/presentation.pdf– http://processors.wiki.ti.com/index.php/Creating_a_Root_File_System_for_Linux_on_OMAP35x#Configure_the_Linux_Kernel_for_RAMDISK_support• Loadable Kernel Modules - introduction– http://www.ibm.com/developerworks/linux/library/l-lkm
  • 13. Linux Kernel References• ELF loading– arch/arm/kernel/elf.c b/arch/arm/kernel/elf.c, fs/binfmt_elf.c• Contains elf loading and protection settings based on elf information• Page Table operations• archarmincludeasmpgtable-2level-types.h• archarmincludeasmpgtable-2level-hwdef.h• archarmincludeasmpgtable.h• archarmmmmmu.c

×