InterZone overwrites messages

hex-five / multizone-sdk

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi

https://hex-five.com/multizone-security-tee-riscv/

Other

82 stars 24 forks source link

InterZone overwrites messages #34

Closed borancar closed 5 years ago

borancar commented 5 years ago

Description

InterZone seems to overwrite the posted message before it was received under certain circumstances.

Reported on: https://github.com/hex-five/multizone-sdk/commit/ba86fd33c96b9385922cd852f7c4ca3a5233d056 Bitstream: E31 v3p0

Steps to reproduce

Clone or apply https://github.com/warpBytes/multizone-sdk/commit/d711d17efb776a151bdae4cb06999760847c2553
Connect UART
Compile and upload

Expected results

Sent message to zone 2

Actual results

Sent message to zone 2
Sent message to zone 2

borancar commented 5 years ago

I've replaced the printf in zone2 (receiver zone) with a load that will cause a trap and the issue still persists - https://github.com/warpBytes/multizone-sdk/commit/9f5e1f1a7cf83b935a452a0bee08fcdc918e427e

Talking with Cesare, seems that the 2 things need to happen - a preemption (or multiple) and a trap in the receiver zone to trigger this issue.

borancar commented 5 years ago

Further simplifications done in https://github.com/warpBytes/multizone-sdk/commit/e5b224add0075c0c517fe6a85ea3c17476ebcfc5:

Use volatile for loop variable instead of modifying Makefiles
Put the wait loop directly inside main rather than a function call

cgarlati commented 5 years ago

Fixed in cd441ae hexfive-kern 5225687 hexfive-conf 0e3df93