OS is given more access to memory than it needs

keystone-enclave / riscv-pk

Security monitor for Keystone Enclave (mirror of riscv-pk). Will be deprecated when openSBI port is ready

Other

36 stars 14 forks source link

OS is given more access to memory than it needs #23

Open dkohlbre opened 5 years ago

dkohlbre commented 5 years ago

Currently, we give the OS access to all of memory, and then blacklist regions (ex: where the sm lives).

We should reduce its default access to the smallest amount we can, likely 0x8000_0000 and higher only.

Considering many memory mapped configuration registers live at lower addresses, (ex: L2 controller on Hifive Unleashed is at 0x0201_0000) this will then keep them protected from the OS by default.

dayeol commented 5 years ago

Note that this will be coming along with TOR decoded PMP range support.

dayeol commented 5 years ago

We realized that the OS should access a lot of the addresses below 0x80000000 (e.g., device tree). We are going to handle this with platform-specific PMPs. Assigning @dkohlbre