© Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015...
-
Upload
ronald-fletcher -
Category
Documents
-
view
212 -
download
0
Transcript of © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015...
![Page 1: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/1.jpg)
© Imagination Technologies Internal Only – Not to be released externally p1www.imgtec.com
David LauJune 2015
Debugging & MIPS VZ
![Page 2: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/2.jpg)
© Imagination Technologies Internal Only – Not to be released externally p2
Debugging for non-Virtualized Systems How it’s normally done
App or Lib(non-privileged)
OS Kernel(privileged)
App or Lib(non-privileged)
SWDebugger(e.g. GDB)
User-Mode debugging(only have access to 1 process)
App or Lib(non-privileged)
SW Debugger
(e.g. GDB)
OS Kernel(privileged)
PrintK
HWProbe(e.g.
ICE/JTAG)
Kernel Debugger
(e.g. KGDB)
OR
OR
Kernel-Mode or Bare-Iron debugging (potentially can see everything)
OS Kernel invisible to App
Full System
![Page 3: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/3.jpg)
© Imagination Technologies Internal Only – Not to be released externally p3
Debugging for MIPS VZ - Guests SW Debugging of Guests stay the same
Guest App or Lib(non-privileged)
Guest Kernel(privileged)
Guest App or Lib
(non-privileged)
SWDebugger(e.g. GDB)
Guest-User-Mode debugging(only have access to 1 process)
App or Lib(non-privileged)
SW Debugger
(e.g. GDB)
OS Kernel(privileged)
PrintK Kernel Debugger
(e.g. KGDB) OR
Kernel-Mode or Bare-Iron debugging (potentially can see everything for Guest, but not Root)
Root App or Lib(non-privileged)
Root Kernel(privileged)
Guest Kernel invisible to Guest App
Root SW invisible to Guest Root SW invisible to Guest-kernel
OK, no security hole
OK, no security hole
HW Probe discussed later
Full System
![Page 4: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/4.jpg)
© Imagination Technologies Internal Only – Not to be released externally p4
Debugging for MIPS VZ - Root SW Debugging of Root
Guest App or Lib(non-privileged)
Guest Kernel(privileged)
Root App or Lib(non-privileged)
SWDebugger(e.g. GDB)
Root App or Lib(non-privileged)
Root Kernel(privileged) Root Kernel invisible to Root-User
App or Lib(non-privileged)
SW Debugger
(e.g. GDB)
Hypervisor
PrintK
HWProbe(e.g.
ICE/JTAG)
DebuggerIn
hypervisor
OR
OR
Can’t see Other Guests, as have to ask Hypervisor
Guest Kernel(privileged)
Root App or Lib(non-privileged)
Hypervisor debugging
OK, no security hole
Potential SecurityHole – might wantto grant access to Subset of Guests
Root-User Debugging
![Page 5: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/5.jpg)
© Imagination Technologies Internal Only – Not to be released externally p5
Debugging for MIPS VZ – limiting scope Graphical view of the problem
Guest1 App(non-privileged)
Guest1 Kernel(privileged)
Root App3 (non-privileged)
Root Kernel - hypervisor(privileged)
Guest2 App(non-privileged)
Guest2 Kernel(privileged)
Full System
Container1 Container2 Container3
Guest1 App(non-privileged)
Guest1 Kernel(privileged)
Root Kernel - hypervisor(privileged)
Container2
What we want to be visible
Make Guest2 InvisibleTo debugger
Currently Not Possible
Make Root App3 InvisibleTo debugger
![Page 6: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/6.jpg)
© Imagination Technologies Internal Only – Not to be released externally p6
Debug HW Probe controls the CPUNo SW can prevent the Debug HW Probe from taking over the system
Instruction Fetch Unit
Execution Pipelines
“Regular” Memory System
Data Register
EJTAG Control Register
Instructions
Mux
Debug Test Access PortTAP
HWDebugProbe
JTAGData SerialPin
Above registers Not accessible to CPU, Only accessible to Debug Probe
EJTAG DisablePin Execution
Logic
DebugMode
Debug Memory Segment
Debug Interrupt
Debug Interrupt Has no Disable
ProbeTrap
ProbeEn
Malicious codeEnters here
Assume Malicious User hooks up Probe
Assume EJTAG disable pin not used
![Page 7: © Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ.](https://reader035.fdocuments.net/reader035/viewer/2022072011/56649e205503460f94b0b4bd/html5/thumbnails/7.jpg)
© Imagination Technologies Internal Only – Not to be released externally p7
Problem(s) Statement
Problem1 - When debugging in Root-Kernel mode Want the ability to restrict visibility/debugability to only certain Guests Currently in MIPS VZ Architecture, visibility/debugability is given to all
Guests
Problem2 – HW Probe can’t be disabled by SW in MIPS VZ Architecture HW Probe controls where CPU is getting instructions – including
getting instructions from the HW probe There is only EJTAG HW disable pin. No TAP/ICE at the Guest Level; only TAP/ICE at Root-Kernel level
Security holes when debugging in Root-Mode