mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-04-20 05:21:59 -04:00
Implement secure stack sealing as per ARM's recommendation
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit is contained in:
Gaurav Aggarwal
Gaurav-Aggarwal-AWS
parent
61f7560243
commit
06ea7275b3
|
|
@ -51,6 +51,16 @@
|
||||||
*/
|
*/
|
||||||
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Size of stack seal values in bytes.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_SIZE 8
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Stack seal value as recommended by ARM.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Maximum number of secure contexts.
|
* @brief Maximum number of secure contexts.
|
||||||
*/
|
*/
|
||||||
|
|
@ -204,18 +214,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
|
||||||
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
||||||
{
|
{
|
||||||
/* Allocate the stack space. */
|
/* Allocate the stack space. */
|
||||||
pucStackMemory = pvPortMalloc( ulSecureStackSize );
|
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
|
||||||
|
|
||||||
if( pucStackMemory != NULL )
|
if( pucStackMemory != NULL )
|
||||||
{
|
{
|
||||||
/* Since stack grows down, the starting point will be the last
|
/* Since stack grows down, the starting point will be the last
|
||||||
* location. Note that this location is next to the last
|
* location. Note that this location is next to the last
|
||||||
* allocated byte because the hardware decrements the stack
|
* allocated byte for stack (excluding the space for seal values)
|
||||||
* pointer before writing i.e. if stack pointer is 0x2, a push
|
* because the hardware decrements the stack pointer before
|
||||||
* operation will decrement the stack pointer to 0x1 and then
|
* writing i.e. if stack pointer is 0x2, a push operation will
|
||||||
* write at 0x1. */
|
* decrement the stack pointer to 0x1 and then write at 0x1. */
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
||||||
|
|
||||||
|
/* Seal the created secure process stack. */
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
|
||||||
/* The stack cannot go beyond this location. This value is
|
/* The stack cannot go beyond this location. This value is
|
||||||
* programmed in the PSPLIM register on context switch.*/
|
* programmed in the PSPLIM register on context switch.*/
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,16 @@
|
||||||
*/
|
*/
|
||||||
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Size of stack seal values in bytes.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_SIZE 8
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Stack seal value as recommended by ARM.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Maximum number of secure contexts.
|
* @brief Maximum number of secure contexts.
|
||||||
*/
|
*/
|
||||||
|
|
@ -204,18 +214,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
|
||||||
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
||||||
{
|
{
|
||||||
/* Allocate the stack space. */
|
/* Allocate the stack space. */
|
||||||
pucStackMemory = pvPortMalloc( ulSecureStackSize );
|
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
|
||||||
|
|
||||||
if( pucStackMemory != NULL )
|
if( pucStackMemory != NULL )
|
||||||
{
|
{
|
||||||
/* Since stack grows down, the starting point will be the last
|
/* Since stack grows down, the starting point will be the last
|
||||||
* location. Note that this location is next to the last
|
* location. Note that this location is next to the last
|
||||||
* allocated byte because the hardware decrements the stack
|
* allocated byte for stack (excluding the space for seal values)
|
||||||
* pointer before writing i.e. if stack pointer is 0x2, a push
|
* because the hardware decrements the stack pointer before
|
||||||
* operation will decrement the stack pointer to 0x1 and then
|
* writing i.e. if stack pointer is 0x2, a push operation will
|
||||||
* write at 0x1. */
|
* decrement the stack pointer to 0x1 and then write at 0x1. */
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
||||||
|
|
||||||
|
/* Seal the created secure process stack. */
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
|
||||||
/* The stack cannot go beyond this location. This value is
|
/* The stack cannot go beyond this location. This value is
|
||||||
* programmed in the PSPLIM register on context switch.*/
|
* programmed in the PSPLIM register on context switch.*/
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,16 @@
|
||||||
*/
|
*/
|
||||||
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Size of stack seal values in bytes.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_SIZE 8
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Stack seal value as recommended by ARM.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Maximum number of secure contexts.
|
* @brief Maximum number of secure contexts.
|
||||||
*/
|
*/
|
||||||
|
|
@ -204,18 +214,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
|
||||||
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
||||||
{
|
{
|
||||||
/* Allocate the stack space. */
|
/* Allocate the stack space. */
|
||||||
pucStackMemory = pvPortMalloc( ulSecureStackSize );
|
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
|
||||||
|
|
||||||
if( pucStackMemory != NULL )
|
if( pucStackMemory != NULL )
|
||||||
{
|
{
|
||||||
/* Since stack grows down, the starting point will be the last
|
/* Since stack grows down, the starting point will be the last
|
||||||
* location. Note that this location is next to the last
|
* location. Note that this location is next to the last
|
||||||
* allocated byte because the hardware decrements the stack
|
* allocated byte for stack (excluding the space for seal values)
|
||||||
* pointer before writing i.e. if stack pointer is 0x2, a push
|
* because the hardware decrements the stack pointer before
|
||||||
* operation will decrement the stack pointer to 0x1 and then
|
* writing i.e. if stack pointer is 0x2, a push operation will
|
||||||
* write at 0x1. */
|
* decrement the stack pointer to 0x1 and then write at 0x1. */
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
||||||
|
|
||||||
|
/* Seal the created secure process stack. */
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
|
||||||
/* The stack cannot go beyond this location. This value is
|
/* The stack cannot go beyond this location. This value is
|
||||||
* programmed in the PSPLIM register on context switch.*/
|
* programmed in the PSPLIM register on context switch.*/
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,16 @@
|
||||||
*/
|
*/
|
||||||
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Size of stack seal values in bytes.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_SIZE 8
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Stack seal value as recommended by ARM.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Maximum number of secure contexts.
|
* @brief Maximum number of secure contexts.
|
||||||
*/
|
*/
|
||||||
|
|
@ -204,18 +214,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
|
||||||
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
||||||
{
|
{
|
||||||
/* Allocate the stack space. */
|
/* Allocate the stack space. */
|
||||||
pucStackMemory = pvPortMalloc( ulSecureStackSize );
|
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
|
||||||
|
|
||||||
if( pucStackMemory != NULL )
|
if( pucStackMemory != NULL )
|
||||||
{
|
{
|
||||||
/* Since stack grows down, the starting point will be the last
|
/* Since stack grows down, the starting point will be the last
|
||||||
* location. Note that this location is next to the last
|
* location. Note that this location is next to the last
|
||||||
* allocated byte because the hardware decrements the stack
|
* allocated byte for stack (excluding the space for seal values)
|
||||||
* pointer before writing i.e. if stack pointer is 0x2, a push
|
* because the hardware decrements the stack pointer before
|
||||||
* operation will decrement the stack pointer to 0x1 and then
|
* writing i.e. if stack pointer is 0x2, a push operation will
|
||||||
* write at 0x1. */
|
* decrement the stack pointer to 0x1 and then write at 0x1. */
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
||||||
|
|
||||||
|
/* Seal the created secure process stack. */
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
|
||||||
/* The stack cannot go beyond this location. This value is
|
/* The stack cannot go beyond this location. This value is
|
||||||
* programmed in the PSPLIM register on context switch.*/
|
* programmed in the PSPLIM register on context switch.*/
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,16 @@
|
||||||
*/
|
*/
|
||||||
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Size of stack seal values in bytes.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_SIZE 8
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Stack seal value as recommended by ARM.
|
||||||
|
*/
|
||||||
|
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Maximum number of secure contexts.
|
* @brief Maximum number of secure contexts.
|
||||||
*/
|
*/
|
||||||
|
|
@ -204,18 +214,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
|
||||||
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
|
||||||
{
|
{
|
||||||
/* Allocate the stack space. */
|
/* Allocate the stack space. */
|
||||||
pucStackMemory = pvPortMalloc( ulSecureStackSize );
|
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
|
||||||
|
|
||||||
if( pucStackMemory != NULL )
|
if( pucStackMemory != NULL )
|
||||||
{
|
{
|
||||||
/* Since stack grows down, the starting point will be the last
|
/* Since stack grows down, the starting point will be the last
|
||||||
* location. Note that this location is next to the last
|
* location. Note that this location is next to the last
|
||||||
* allocated byte because the hardware decrements the stack
|
* allocated byte for stack (excluding the space for seal values)
|
||||||
* pointer before writing i.e. if stack pointer is 0x2, a push
|
* because the hardware decrements the stack pointer before
|
||||||
* operation will decrement the stack pointer to 0x1 and then
|
* writing i.e. if stack pointer is 0x2, a push operation will
|
||||||
* write at 0x1. */
|
* decrement the stack pointer to 0x1 and then write at 0x1. */
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
|
||||||
|
|
||||||
|
/* Seal the created secure process stack. */
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
|
||||||
|
|
||||||
/* The stack cannot go beyond this location. This value is
|
/* The stack cannot go beyond this location. This value is
|
||||||
* programmed in the PSPLIM register on context switch.*/
|
* programmed in the PSPLIM register on context switch.*/
|
||||||
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue