TBF Header Permissions #28
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alistair Francis <[email protected]>
2 tasks
bors bot
added a commit
to tock/tock
that referenced
this pull request
May 11, 2021
2172: TBF Header Permissions r=hudson-ayers a=alistair23 ### Pull Request Overview This PR is a second attempt at my [original `app_id` PR](tock/elf2tab#27). This is similar to an old PR: #1300 This PR adds a permission section to the TBF header. This permission section will contain a list of syscalls that the app is allowed and going to perform. This only allows apps to interact with approved capsules. There are cases where we only want a single app to use a capsule. Take for example a Root of Trust (RoT) that uses I2C to control other devices. In this case we only want 1 approved app to have that control, while other (possibly malicious) apps are blocked from accessing the hardware. We also then have a 64-bit bit mask of the commands that are allowed. Currently some capsules have large command numbers (like 100, 200 ect) and they will need to be updated in order to work with a bit mask. The options can also be auto generated for apps. I can currently auto-generate them based on the compiled code for libtock-rs. ### Security From a thread model perspective this isn't ideal as we don't expect to always trust the TBF, see: https://github.com/tock/tock/blob/master/doc/threat_model/TBF_Headers.md For secure applications though we can have the loader enforce/double check the permissions. ### Testing Strategy ~~I have tested this by adding support to Elf2tab and by auto-generating the list in libtock-rs.~~ ~~See tock/elf2tab#28 for Elf2tab details.~~ ### TODO or Help Wanted A implementation in Tock after this is approved. ### Documentation Updated - [X] Updated the relevant files in `/docs`, or no updates are required. ### Formatting - [X] Ran `make prepush`. Co-authored-by: Alistair Francis <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
b3c1e83 to
f973b3c
Compare
|
Now that tock/tock#2172 has been merged this is ready to go. I have updated this to handle the changes in tock/tock#2172 |
alistair23
added a commit
to alistair23/libtock-rs
that referenced
this pull request
May 13, 2021
Update the `flash.sh` script to automatically generate the app permissions. This requires the elf2tab PR: tock/elf2tab#28 to accept the --permissions argument. This script will parse the output to determine what capsules are being used in the app. It then allows all of the commands in libtock-rs that can be used by those capsules. Signed-off-by: Alistair Francis <[email protected]>
|
Is the interface |
|
No, it's |
|
Which can be auto generated, see here for doing it in libtock-rs: tock/libtock-rs#300 |
|
Ping! |
1 similar comment
|
Ping! |
bradjc
approved these changes
Jun 21, 2021
ppannuto
approved these changes
Jul 21, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See: tock/tock#2172 for more details