Successfully reported this slideshow.
Your SlideShare is downloading. ×

ARM Linux Embedded memory protection techniques

Ad

Prabindh Sundareson
Memory Protection Features in ARM and Linux

Ad

Contents
• Security features in ARM HW
– Memory Protection
• Memory Protection Status in Software
– Linux
– Android
• Exte...

Ad

Memory Protection Features in ARM
• Derived from Page Table entries, applicable to different types of pages
– pages, secti...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Upcoming SlideShare
Linux SMEP bypass techniques
Linux SMEP bypass techniques
Loading in …3
×

Check these out next

1 of 13 Ad
1 of 13 Ad

ARM Linux Embedded memory protection techniques

Download to read offline

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

ARM Linux embedded memory protection techniques. Also refer to http://www.slideshare.net/prabindh/enabling-two-level-translation-tables-in-armv7-mmu

More Related Content

ARM Linux Embedded memory protection techniques

  1. 1. Prabindh Sundareson Memory Protection Features in ARM and Linux
  2. 2. Contents • Security features in ARM HW – Memory Protection • Memory Protection Status in Software – Linux – Android • External security frameworks
  3. 3. Memory Protection Features in ARM • Derived from Page Table entries, applicable to different types of pages – pages, sections … • Consists of Read-Only (RO), and Execute Never (XN) • This is available in ARMv6 and above systems, only with MMU enabled • Memory protection is a combination of HW, Kernel usage of HW features, and information embedded in userland applications by toolchain for region protection
  4. 4. Execute Never (XN) • Part of First and Second Level Page Table Entries • A15 adds an extra entity - PXN (Privileged XN)
  5. 5. Read Only (RO) • Part of AP and APX Data Access Permissions in Page Table entry
  6. 6. ARM First Level Descriptor
  7. 7. ARM Second Level Descriptor
  8. 8. Linux handling of Page Tables • Linux standardises Page Table across architectures, independent of specific HW – x86, ARM or other – Linux bit encodings are different from that of ARM Page Table entries, but mapping is straightforward to an extent
  9. 9. Native Linux – Memory Protection Status Note – 1. All object files in an application have to be built with noexecstack, including assembly. Even if one file is not built with this, the entire application is built without XN for the stack 2. Xorg, some media players in Linux are reported to have issues with XN in stack 3. This status is as of Sep 2012 Desired Mapping x86 Linux Kernel ARM Linux Kernel User Applications TI Confirmed Kernel Code (.text) RO Yes (CONFIG_DEBUG_RODATA) No NA - Kernel Read Only Data RO Yes (CONFIG_DEBUG_RODATA) No NA - Kernel Stack XN Yes (CONFIG_DEBUG_RODATA) No NA - User Stack XN NA NA Applications to be rebuilt with noexecstack (all .obj files, including assembly) gcc4.1x, glibc 2.5. noexecstack is default in gcc4.x toolchains - IO Region (Device) XN (MT_DEVICE) Yes Yes NA No relro (Read-Only relocations for shared libraries) RO NA NA Needs to be explicitly enabled in application build. Linker makes text read-only after correct relocation - gcc4.1x, glibc 2.5 No Stack Layout Randomisation randomisation Yes Yes - No String Vulnerability String checks NA NA format-security to be added to application builds explicitly No
  10. 10. Other Security Techniques • Commonly used are - grsecurity, PaX • These are not in mainline Linux kernel including for ARM, and need to be applied separately • grsecurity provides kernel hardening features (ex devmem, ports) • PaX provides memory protection features (including XN emulation) • These also include patches for toolchains to ensure protection mapping
  11. 11. Android Status • Starting from Android 2.3 onwards, Android adds – Address space layout (ASLR) randomisations – Support for XN – Other features described in (http://source.android.com/tech/security/)
  12. 12. References • MT_DEVICE ioremap – http://lkml.indiana.edu/hypermail/linux/kernel/1108.2/02745.html • GCC patch for GNU-STACK – https://android.googlesource.com/toolchain/gcc/+/f68bf0c483879d30c4d97b9eaf8f9eb558ea1c45%5E1..f68bf0c483879d30c4d97b9eaf8f9e • Russell King on .text RO – http://www.spinics.net/lists/arm-kernel/msg120951.html • Bypassing XN/ ASLR – http://www.phrack.org/issues.html?issue=58&id=4#article • Grsecurity Patchset for 3.x – http://mirrors.muarf.org/grsecurity/stable/grsecurity-2.9-3.2.18-201206011935.patch.gz • Gentoo Hardened – http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml • Ubuntu Security – https://wiki.ubuntu.com/Security • ROM filesystems and booting – http://elinux.org/images/b/b1/Filesystems-for-embedded-linux.pdf – http://lugatgt.org/content/booting.inittools/downloads/presentation.pdf – http://processors.wiki.ti.com/index.php/Creating_a_Root_File_System_for_Linux_on_OMAP35x#Configure_the_Linux_Kernel_f or_RAMDISK_support • Loadable Kernel Modules - introduction – http://www.ibm.com/developerworks/linux/library/l-lkm
  13. 13. Linux Kernel References • ELF loading – arch/arm/kernel/elf.c b/arch/arm/kernel/elf.c, fs/binfmt_elf.c • Contains elf loading and protection settings based on elf information • Page Table operations • archarmincludeasmpgtable-2level-types.h • archarmincludeasmpgtable-2level-hwdef.h • archarmincludeasmpgtable.h • archarmmmmmu.c

×