Viller Hsiao presents on mbed-OS uvisor, a self-contained software hypervisor that creates independent secure domains on ARM Cortex-M3 and M4 microcontrollers. It protects resources by implementing access control lists and private box contexts to isolate domains. Secure function calls are enabled through a secure gateway that executes functions from the context of a secure box. Low-level APIs provide interrupt management across boxes. Memory is laid out to separate box contexts protected by an MPU. uvisor aims to provide security and sandboxing for applications on ARM microcontrollers.

1. Introduction to mbed-OS uvisor
Viller Hsiao <villerhsiao@gmail.com>
Oct. 18, 2015

2. 10/18/15 2/19
Who am I ?
Viller Hsiao
Embeded Linux / RTOS engineer
http://image.dfdaily.com/2012/5/4/634716931128751250504b050c1_nEO_IMG.jpg

3. 10/18/15 3/19
mbed OS
ARM® mbed™ OS is an open source embedded
operating system designed specifically for the
"things" in the Internet of Things (IoT). [1]

4. 10/18/15 4/19
mbed OS
●
Modulized packages
●
Managed by yotta

5. 10/18/15 5/19
mbed-OS uvisor
●
self-contained software hypervisor that
●
creates independent secure domains on ARM
Cortex-M3 and M4 microcontrollers
●
Like a sandbox
●
Still in beta version now

6. 10/18/15 6/19
Modules Relationship
uvisor uvisor-lib
application
module
compile
Full
uvisor
source
Linked
uvisor
object
object
●
User links objects in uvisor-lib module
●
uvisor module contains full source

7. 10/18/15 7/19
uvisor Funtionalities
●
Protect resources
●
Secure function call
●
Low level APIs
●
Interrupt management
●
register level security [4]

8. 10/18/15 8/19
Memory Layout under uvisor
https://github.com/ARMmbed/uvi
sor/blob/master/k64f/docs/memo
ry_layout.png

9. 10/18/15 9/19
Protect Resources
●
Access Control Lists (ACLs)
●
Private box contexts
uvisor
Box 1
UARTTIMERFLASHRAM I2C
Access not permitted
Box 2 Box n
General
ACLs
device
Box 1
context
Box 2
context
Box n
context

10. 10/18/15 10/19
Implementation of ACLs
MPUBox1 view Box2 view
Generic
ACLs
Box1
context
Box2
context
●
ACLs and Box contexts isolation are
implementd by MPU

11. 10/18/15 11/19
Secure Fucntion Call
●
Secure gateway
●
Critical functions are executed from the context of
the secure box
Non-secure Box Secure Box
func(args)
secure
gateway
return

12. 10/18/15 12/19
Secure Gateway (Cont.)
●
Secure Gateway Internals
uvisor
Box 1 Box 2
func()
svc svc
secure_gateway (func, args)
return
unpriviledge
svc handler

13. 10/18/15 13/19
Low Level APIs – Interrupt Management
●
Interrupt management
●
vIRQ_SetVectorX()
●
vIRQ_GetVector()
●
vIRQ_EnableIRQ()
●
vIRQ_DisableIRQ()
●
vIRQ_ClearPendingIRQ()
●
vIRQ_SetPendingIRQ()
●
vIRQ_GetPendingIRQ()
●
vIRQ_SetPriority()
●
vIRQ_GetPriority()
●
vIRQ_GetLevel()

14. 10/18/15 14/19
Low Level APIs – Interrupt Management
uvisor
Box Context
svc
vIRQ_xxxxxxxx ( args)
NVIC_xxxxxxxx ( args)

15. 10/18/15 15/19
To be continue

16. 10/18/15 16/19
Q & A

17. 10/18/15 17/19
Reference
[1] ARM® mbed™ (beta) site
[2] mbed-os uvisor repository
[3] mbed-os uvisor-lib repository
[4] uvisor-helloworld issue #20, “
uvisor-helloworld could not work on STM32F429I-Discovery ”

18. 10/18/15 18/19
●
ARM are trademarks or registered trademarks of ARM Holdings.
●
mbed™ OS is an open source embedded operating system designed specifically for the
"things" in the Internet of Things (IoT). It is developed by ARM® and target for a connected
product based on an ARM Cortex-M microcontroller.
●
Other company, product, and service names may be trademarks or service marks
of others.
●
The license of each graph belongs to each website listed individually.
●
The others of my work in the slide is licensed under a CC-BY-SA License.
●
License text: http://creativecommons.org/licenses/by-sa/4.0/legalcode
Rights to Copy
copyright © 2015 Viller Hsiao

19. 10/18/15 Viller Hsiao
THE END