Introduce Hardware-Level Device Isolation to Zephyr.pdf

1、#EMBEDDEDOSSUMMITIntroduce Hardware-Level Device Isolation to ZephyrJaxson Han&Huifeng Zhang Arm GitHub:https:/ HanHuifeng ZhangIntroduce Hardware-Level Device Isolation to ZephyrAuthors Background SMMU Zephyr device model Zephyr HW-level device isolation ConclusionContents An observation:o The numb

2、er of DMA devices on Low-power platforms is increasing.IoT industry o More RTOS on high-performance platforms with variety of DMA devices Automotive Industry(high-performance&safety)New challenges for Zephyr:DMA device bypass the system access control?How to restrict DMA devices?More and more DMA de

3、vice drivers on RTOScoreDMA deviceDMA deviceDMA deviceMemoryBackground DMA devices can break the systemo WiFi chip bug1,2,3 permission leaks remote controlo DMA attack4,5,6 steal data or cryptographic keys install or run spyware and other exploits modify the system to allow backdoors or other malwar

4、e More DMA drivers added into ZephyrDMA devices might be buggy or even maliciousHow to restrict DMA devices on Zephyr?1 https:/ https:/ https:/ https:/web.archive.org/web/20160304055745/http:/www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation5 https:/ htt

5、ps:/en.wikipedia.org/wiki/DMA_attackBackground Zephyr uses MMU/MPU to isolate the thread memory regions to protect the system.Why HW-level device isolation is neededCPUThread#1Thread#2MMU/MPUMemoryThread#1 regionsThread#2 regionscontext switchThread#1 memoryThread#2 memoryCPUThread#1Thread#2MMU/MPUM

6、emoryThread#1 regionsThread#2 regionscontext switchThread#1 memoryThread#2 memoryAccess without granted will be deniedBackground However,MMU/MPU can only restrict memory accesses from CPUs.Memory accesses from DMA are NOT protected by MMU/MPU May cause system crash or security issuesWhy HW-level dev