© Imagination Technologies Internal Only – Not to be released externally p1www.imgtec.com

David LauJune 2015

Debugging & MIPS VZ

© Imagination Technologies Internal Only – Not to be released externally p2

Debugging for non-Virtualized Systems How it’s normally done

App or Lib(non-privileged)

OS Kernel(privileged)

App or Lib(non-privileged)

SWDebugger(e.g. GDB)

User-Mode debugging(only have access to 1 process)

App or Lib(non-privileged)

SW Debugger

(e.g. GDB)

OS Kernel(privileged)

PrintK

HWProbe(e.g.

ICE/JTAG)

Kernel Debugger

(e.g. KGDB)

OR

OR

Kernel-Mode or Bare-Iron debugging (potentially can see everything)

OS Kernel invisible to App

Full System

© Imagination Technologies Internal Only – Not to be released externally p3

Debugging for MIPS VZ - Guests SW Debugging of Guests stay the same

Guest App or Lib(non-privileged)

Guest Kernel(privileged)

Guest App or Lib

(non-privileged)

SWDebugger(e.g. GDB)

Guest-User-Mode debugging(only have access to 1 process)

App or Lib(non-privileged)

SW Debugger

(e.g. GDB)

OS Kernel(privileged)

PrintK Kernel Debugger

(e.g. KGDB) OR

Kernel-Mode or Bare-Iron debugging (potentially can see everything for Guest, but not Root)

Root App or Lib(non-privileged)

Root Kernel(privileged)

Guest Kernel invisible to Guest App

Root SW invisible to Guest Root SW invisible to Guest-kernel

OK, no security hole

OK, no security hole

HW Probe discussed later

Full System

© Imagination Technologies Internal Only – Not to be released externally p4

Debugging for MIPS VZ - Root SW Debugging of Root

Guest App or Lib(non-privileged)

Guest Kernel(privileged)

Root App or Lib(non-privileged)

SWDebugger(e.g. GDB)

Root App or Lib(non-privileged)

Root Kernel(privileged) Root Kernel invisible to Root-User

App or Lib(non-privileged)

SW Debugger

(e.g. GDB)

Hypervisor

PrintK

HWProbe(e.g.

ICE/JTAG)

DebuggerIn

hypervisor

OR

OR

Can’t see Other Guests, as have to ask Hypervisor

Guest Kernel(privileged)

Root App or Lib(non-privileged)

Hypervisor debugging

OK, no security hole

Potential SecurityHole – might wantto grant access to Subset of Guests

Root-User Debugging

© Imagination Technologies Internal Only – Not to be released externally p5

Debugging for MIPS VZ – limiting scope Graphical view of the problem

Guest1 App(non-privileged)

Guest1 Kernel(privileged)

Root App3 (non-privileged)

Root Kernel - hypervisor(privileged)

Guest2 App(non-privileged)

Guest2 Kernel(privileged)

Full System

Container1 Container2 Container3

Guest1 App(non-privileged)

Guest1 Kernel(privileged)

Root Kernel - hypervisor(privileged)

Container2

What we want to be visible

Make Guest2 InvisibleTo debugger

Currently Not Possible

Make Root App3 InvisibleTo debugger

© Imagination Technologies Internal Only – Not to be released externally p6

Debug HW Probe controls the CPUNo SW can prevent the Debug HW Probe from taking over the system

Instruction Fetch Unit

Execution Pipelines

“Regular” Memory System

Data Register

EJTAG Control Register

Instructions

Mux

Debug Test Access PortTAP

HWDebugProbe

JTAGData SerialPin

Above registers Not accessible to CPU, Only accessible to Debug Probe

EJTAG DisablePin Execution

Logic

DebugMode

Debug Memory Segment

Debug Interrupt

Debug Interrupt Has no Disable

ProbeTrap

ProbeEn

Malicious codeEnters here

Assume Malicious User hooks up Probe

Assume EJTAG disable pin not used

© Imagination Technologies Internal Only – Not to be released externally p7

Problem(s) Statement

Problem1 - When debugging in Root-Kernel mode Want the ability to restrict visibility/debugability to only certain Guests Currently in MIPS VZ Architecture, visibility/debugability is given to all

Guests

Problem2 – HW Probe can’t be disabled by SW in MIPS VZ Architecture HW Probe controls where CPU is getting instructions – including

getting instructions from the HW probe There is only EJTAG HW disable pin. No TAP/ICE at the Guest Level; only TAP/ICE at Root-Kernel level

Security holes when debugging in Root-Mode