Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
RTOS is running with uVisor privileges #235
When we integrated uVisor and an RTOS in the 'dev' branch, we did not yet de-privilege the RTOS. All RTOS-specific code, like mutexes, the scheduler, timers, and so forth currently run with uVisor privileges. Some uVisor-to-RTOS glue code in uvisor-lib also runs with uVisor privileges. This is not final and we must fix it.
Ideally, no code would run privileged outside the reproducibly built uVisor binary. This enables us to make security promises because all privileged code would run inside a the reproducible uVisor binary.
Furthermore, removing uVisor privileges from the RTOS will reduce the attack surface of systems built with uVisor.
This is particularly critical because much of the RTOS makes no effort at security whatsoever. For example, SVC_Handler trusts r12 as a function pointer to branch to while privileged. PoC below.