epagris/FreeRTOS-Kernel-CustomTag
1
0
Fork 0
forked from epagris/FreeRTOS-Kernel
Code Pull Requests Activity

Implement secure stack sealing as per ARM's recommendation

Browse Source 
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit is contained in:
Gaurav Aggarwal 2021-08-18 17:36:55 -07:00
parent f87404b56f
commit faa92f7df2
5 changed files with 95 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
portable/ARMv8M/secure/context/secure_context.c
View File

@ -50,6 +50,16 @@
*/
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
/**
* @brief Size of stack seal values in bytes.
*/
#define securecontextSTACK_SEAL_SIZE 8
/**
* @brief Stack seal value as recommended by ARM.
*/
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
/**
* @brief Maximum number of secure contexts.
*/
@ -203,18 +213,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{
/* Allocate the stack space. */
pucStackMemory = pvPortMalloc( ulSecureStackSize );
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
if( pucStackMemory != NULL )
{
/* Since stack grows down, the starting point will be the last
* location. Note that this location is next to the last
* allocated byte because the hardware decrements the stack
* pointer before writing i.e. if stack pointer is 0x2, a push
* operation will decrement the stack pointer to 0x1 and then
* write at 0x1. */
* allocated byte for stack (excluding the space for seal values)
* because the hardware decrements the stack pointer before
* writing i.e. if stack pointer is 0x2, a push operation will
* decrement the stack pointer to 0x1 and then write at 0x1. */
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
/* Seal the created secure process stack. */
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
/* The stack cannot go beyond this location. This value is
* programmed in the PSPLIM register on context switch.*/
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;

24
portable/GCC/ARM_CM23/secure/secure_context.c
View File

@ -50,6 +50,16 @@
*/
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
/**
* @brief Size of stack seal values in bytes.
*/
#define securecontextSTACK_SEAL_SIZE 8
/**
* @brief Stack seal value as recommended by ARM.
*/
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
/**
* @brief Maximum number of secure contexts.
*/
@ -203,18 +213,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{
/* Allocate the stack space. */
pucStackMemory = pvPortMalloc( ulSecureStackSize );
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
if( pucStackMemory != NULL )
{
/* Since stack grows down, the starting point will be the last
* location. Note that this location is next to the last
* allocated byte because the hardware decrements the stack
* pointer before writing i.e. if stack pointer is 0x2, a push
* operation will decrement the stack pointer to 0x1 and then
* write at 0x1. */
* allocated byte for stack (excluding the space for seal values)
* because the hardware decrements the stack pointer before
* writing i.e. if stack pointer is 0x2, a push operation will
* decrement the stack pointer to 0x1 and then write at 0x1. */
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
/* Seal the created secure process stack. */
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
/* The stack cannot go beyond this location. This value is
* programmed in the PSPLIM register on context switch.*/
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;

24
portable/GCC/ARM_CM33/secure/secure_context.c
View File

@ -50,6 +50,16 @@
*/
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
/**
* @brief Size of stack seal values in bytes.
*/
#define securecontextSTACK_SEAL_SIZE 8
/**
* @brief Stack seal value as recommended by ARM.
*/
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
/**
* @brief Maximum number of secure contexts.
*/
@ -203,18 +213,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{
/* Allocate the stack space. */
pucStackMemory = pvPortMalloc( ulSecureStackSize );
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
if( pucStackMemory != NULL )
{
/* Since stack grows down, the starting point will be the last
* location. Note that this location is next to the last
* allocated byte because the hardware decrements the stack
* pointer before writing i.e. if stack pointer is 0x2, a push
* operation will decrement the stack pointer to 0x1 and then
* write at 0x1. */
* allocated byte for stack (excluding the space for seal values)
* because the hardware decrements the stack pointer before
* writing i.e. if stack pointer is 0x2, a push operation will
* decrement the stack pointer to 0x1 and then write at 0x1. */
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
/* Seal the created secure process stack. */
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
/* The stack cannot go beyond this location. This value is
* programmed in the PSPLIM register on context switch.*/
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;

24
portable/IAR/ARM_CM23/secure/secure_context.c
View File

@ -50,6 +50,16 @@
*/
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
/**
* @brief Size of stack seal values in bytes.
*/
#define securecontextSTACK_SEAL_SIZE 8
/**
* @brief Stack seal value as recommended by ARM.
*/
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
/**
* @brief Maximum number of secure contexts.
*/
@ -203,18 +213,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{
/* Allocate the stack space. */
pucStackMemory = pvPortMalloc( ulSecureStackSize );
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
if( pucStackMemory != NULL )
{
/* Since stack grows down, the starting point will be the last
* location. Note that this location is next to the last
* allocated byte because the hardware decrements the stack
* pointer before writing i.e. if stack pointer is 0x2, a push
* operation will decrement the stack pointer to 0x1 and then
* write at 0x1. */
* allocated byte for stack (excluding the space for seal values)
* because the hardware decrements the stack pointer before
* writing i.e. if stack pointer is 0x2, a push operation will
* decrement the stack pointer to 0x1 and then write at 0x1. */
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
/* Seal the created secure process stack. */
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
/* The stack cannot go beyond this location. This value is
* programmed in the PSPLIM register on context switch.*/
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;

24
portable/IAR/ARM_CM33/secure/secure_context.c
View File

@ -50,6 +50,16 @@
*/
#define securecontextCONTROL_VALUE_UNPRIVILEGED 0x03
/**
* @brief Size of stack seal values in bytes.
*/
#define securecontextSTACK_SEAL_SIZE 8
/**
* @brief Stack seal value as recommended by ARM.
*/
#define securecontextSTACK_SEAL_VALUE 0xFEF5EDA5
/**
* @brief Maximum number of secure contexts.
*/
@ -203,18 +213,22 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{
/* Allocate the stack space. */
pucStackMemory = pvPortMalloc( ulSecureStackSize );
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
if( pucStackMemory != NULL )
{
/* Since stack grows down, the starting point will be the last
* location. Note that this location is next to the last
* allocated byte because the hardware decrements the stack
* pointer before writing i.e. if stack pointer is 0x2, a push
* operation will decrement the stack pointer to 0x1 and then
* write at 0x1. */
* allocated byte for stack (excluding the space for seal values)
* because the hardware decrements the stack pointer before
* writing i.e. if stack pointer is 0x2, a push operation will
* decrement the stack pointer to 0x1 and then write at 0x1. */
xSecureContexts[ ulSecureContextIndex ].pucStackStart = pucStackMemory + ulSecureStackSize;
/* Seal the created secure process stack. */
*( uint32_t * )( pucStackMemory + ulSecureStackSize ) = securecontextSTACK_SEAL_VALUE;
*( uint32_t * )( pucStackMemory + ulSecureStackSize + 4 ) = securecontextSTACK_SEAL_VALUE;
/* The stack cannot go beyond this location. This value is
* programmed in the PSPLIM register on context switch.*/
xSecureContexts[ ulSecureContextIndex ].pucStackLimit = pucStackMemory;