SlideShare une entreprise Scribd logo

ARM uVisor Debug Refinement Project(debugging facility improvements)

家榮 張
家榮 張

台灣SITCON投影片,by張家榮(Jared)。 mbed OS是ARM為了物聯網所推出的作業系統,號稱IOT界的Android,IOT無所不在,記錄大量的個人資料,於是安全性便顯得十分關鍵。 uVisor位於mbed最底層,為一專門負責安全的hypervisor,管理整個系統的記憶體安全;掌握了記憶體,就掌握了所有的輸入、輸出,就能確保程式碼、記憶體不會被任意執行、修改、竊取。 目前uVisor的完成度也相當低,開發進度緩慢,主要的原因是uVisor基於安全的考量,不允許I/O的直接存取,也就無法顯示任何訊息。 此計畫期望藉由整合多項開放原始碼專案:CrashDebug、CrashCatcher、MRI到uVisor,改善將來在mbed OS上開發App的開發者,可以在不影響到作業系統或其他box的情況下,順利除錯。

Technologie
1  sur  17
Télécharger pour lire hors ligne
ARM uVisor Debug Refinement Project STUDENTS’ INFORMATION TECHNOLOGY CONFERENCE 2016,TAIWAN 張家榮 Jared jaredcjr.tw@gmail.com National Cheng Kung University Department of Engineering Science
• A university student wants to have a representative work before graduating. • I used to develop embedded applications. (Once won the championship in the Realtek Semiconductor Ameba IOT competition) • Try to know more about system software. • Then…I found jserv… Who and Why?
Before knowing uVisor, we need to know mbed OS source:http://www.slideshare.net/FoolsDelight/resilient-iot-security-the-end-of-flat-security-models The green block used for controlling hardware for security is where we will discuss in this slide.
Security Issue • mbed OS allows user to develop applications over web • Developer may read or write memory over its address space mindlessly. • Some tricky bug is hard to find. • IOT devices expose to Network/public • Attack through I/O • Cortex-M is Memory-mapped I/O • All configurations , including read and write through I/O are Memory issues. • Ex. USART1_DR = 0x40011000 in STM32F429i • All data go through USART1 need to access this address. photo source:http://www.slideshare.net/FoolsDelight/resilient-iot-security-the-end-of-flat-security-models
uVisor Design Philosophy • Many IoT security problems can be solved with standarized building blocks • HARDWARE-ENFORCED COMPARTMENTS (SANDBOXES) • For individual code blocks by limiting access to memories and peripherals using the existing hardware security features of the Cortex-M microcontrollers. • ARM CORTEX-M MPU • Sets up a hardware protected environment by using a Memory Protection Unit • ALLOWS INTERACTION FROM THE UNPRIVILEGED CODE BY EXPOSING SVCALL- BASED APIS. photo reference:http://www.idea-sandbox.com/assets/images/sandbox_graphic_baby_blue.png
SandBox v.s. MPU • MPU IN ARM V7-CORTEX-M • Set Memory regions • Minimum size: 32 bytes • Maximum size: 4GB • Set as XN • XN=Execute Never • cause MemManage Fault • Read/Write • Privileged/Unprivileged • Read Only • Read/Write • No access • Denying access cause MemManage Fault • Accessing MPU relative registers in unprivileged mode cause Bus Fault. reference:https://github.com/ARMmbed/uvisor
HOW TO PROTECT? reference: http://www.slideshare.net/vh21/introductiontombedosuvisor?related=1 uVisor SPIUSARTFLASHRAM BOX 2BOX 1 • ACCESS CONTROL LISTS(ACLS) • Each color represents for one “user” • Each of them can only access its “belonings” • Otherwise,the MPU will cause it to get into “MemManage Fault”
SECURE GATEWAY for communication between boxes uVisor BOX 1 secure_gateway(func,args) BOX 2 func() SVC SVC return unprivileged privileged reference: http://www.slideshare.net/vh21/introductiontombedosuvisor?related=1
Current debugging • LED PATTERN • Hard to know what caused this issue. • May difficult to reappear the condition. • SEMI-HOST • Based on SVC • Output/Input through GDB • ON-CHIP DEBUGGER • ST-LINK/J-Link • wired Error reason RED LED blinks PERMISSION_DENIED 1 SANITY_CHECK_FAILED 2 NOT_IMPLEMENTED 3 NOT_ALLOWED 4 FAULT_MEMMANAGE 5 FAULT_BUS 6 FAULT_USAGE 7 FAULT_HARD 8 FAULT_DEBUG 9
(gdb) b main.cpp:44 Breakpoint 1 at 0x8000a5e: file main.cpp, line 44. (gdb) where #0 us_ticker_read () at ../../external/mbed/libraries/mbed/targets/hal/TARGET_STM/TARGET_STM32F4/us_ticker.c:50 #1 0x0800379e in wait_us (us=500000) at ../../external/mbed/libraries/mbed/common/wait_api.c:29 #2 0x08003766 in wait (s=0.5) at ../../external/mbed/libraries/mbed/common/wait_api.c:20 #3 0x08000a5e in main () at main.cpp:43 (gdb) c Continuing. Breakpoint 1, main () at main.cpp:44 44 myled = 0; (gdb) p/x i $1 = 0x1 GDB • WITH GNU DEBUGGER,YOU CAN… Look up Memory registers … Control execution Singel Step Single Instruction Breakpoint Watchpoint …
How to improve it? • CRASHDEBUG • Tool to enable post-mortem debugging of Cortex-M crashes with GDB. • CRASHCATCHER • Catch Hard Faults on Cortex-M devices and save out a crash dump to be used by CrashDebug. • MRI(MONITOR FOR REMOTE INSPECTION) • The gdb compatible debug monitor for Cortex-M devices. • Running over any of the UART ports on the device. • Get rid of On-Chip debugger. • Wireless debug at any time and any where. photo reference:http://shop.myavr.com/pic/articles/STM32F429-disco_g.png Reference hardware: STM32F429i-Discovery
CrashCatcher • SAVE THE MEMORY CONTENT IN THE HARDFAULT_HANDLER • Used by GDB+CrashDebug • Send the content to remote host or save in the local flash memory. • THE FORMAT MUST BE READABLE BY GDB WITH CRASHDEBUG • Little-Edian • registers content • StartAddress-EndAddress • Content 63430200 00000000 740200200000000000ED00E000000000 00000000000000000000000000000000 00000000000000000000000000000000 02000000 D0FF0220 950A0008A80B000800000021 03000020 0000002000C00120 00000320A15D0008ED5D0008FD0C0008 2B1F00082D1F00082F1F000800000000 000000000000000000000000ED5D0008 331F000800000000ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ... Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
(gdb) c Continuing. Can't send signals to this remote system. SIGSEGV not sent. **Hard Fault** Status Register: 0x40000000 Forced **Usage Fault** Status Register: 0x08 Coprocessor Access Program received signal SIGSEGV, Segmentation fault. 0x08000ba8 in dbg_vprintf (fmt=0x8000a3f <dbg_put_dec(uint32_t, int, char)+102> "", va=...) at MyImplementationIO/usart:535 CrashDebug • POST-MORTEM DEBUG • With the crashed dump memory content,we can • Let the GDB view it as an alive target. • Use GDB commands. • Seeing the critical variable value. • View the location that causing the situation. • backtrace • HELP US TO KNOW WHAT HAPPENED. Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
Monitor for Remote Inspection (MRI) • ALLOWING TO USE GDB REMOTE DEBUGGING THROUGH ANY COMMUNICATION METHOD(WIRELESS IS POSSIBLE) • Replace On-Chip debugger • Currently support USART in STM32F429i-Discovery Cortex-M4 devices. • GDB REMOTE SERIAL PROTOCOL • Communicating with host GDB. • Get commands by modifying USART handler. • According to the commands sent from host GDB • MRI sets the debug monitor in Cortex-M devices. • DEBUG MONITOR • One of the two debugging methods in Cortex-M devices. • Halt mode • debug monitor • Based on exception handler photo reference:https://www.segger.com/cms/admin/uploads/imageBox/J-Link-PRO_left_shadow_350x.jpg Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
Ad-Hoc Debugging future framework between debugger and debuggee Reference hardware: STM32F429i-Discovery dashed line represents for any communication way,such as USART or Bluetooth. Debug Box CrashCatcher MRI System 1 remote GDB System 2 Save CrashCatcher dump GDB with CrashDebug uVisor Application BOX(s) with access permission in the ACLs of the Debug Box
Q&A
THANKS FOR LISTENING! Especially thanks for (The order does not represent for any significance) jserv jserv.tw@gmail.com George Kang georgekang03@gmail.com Adam Green http://mbed.org/users/AdamGreen/ Milosch Meriac https://meriac.com/

Recommandé

Kernel Recipes 2014 - Testing Video4Linux Applications and Drivers
Kernel Recipes 2014 - Testing Video4Linux Applications and DriversKernel Recipes 2014 - Testing Video4Linux Applications and Drivers
Kernel Recipes 2014 - Testing Video4Linux Applications and DriversAnne Nicolas
 
Kernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelKernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelAnne Nicolas
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VRISC-V International
 
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLinaro
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 

Recommandé

Kernel Recipes 2014 - Testing Video4Linux Applications and Drivers
Kernel Recipes 2014 - Testing Video4Linux Applications and DriversKernel Recipes 2014 - Testing Video4Linux Applications and Drivers
Kernel Recipes 2014 - Testing Video4Linux Applications and DriversAnne Nicolas
 
Kernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelKernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelAnne Nicolas
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VRISC-V International
 
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLinaro
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmMorello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmKTN
 
Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN
 
Project ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN
 
Project ACRN GPIO mediator introduction
Project ACRN GPIO mediator introductionProject ACRN GPIO mediator introduction
Project ACRN GPIO mediator introductionProject ACRN
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, ArmMorello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, ArmKTN
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2qqlan
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
 
Project ACRN I2C mediator introduction
Project ACRN I2C mediator introductionProject ACRN I2C mediator introduction
Project ACRN I2C mediator introductionProject ACRN
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE Linaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloudqqlan
 
A versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from SundanceA versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from SundanceFlemming Christensen
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
What are TULIPP starter kits?
What are TULIPP starter kits?What are TULIPP starter kits?
What are TULIPP starter kits?Tulipp. Eu
 
Stm32 f4 first touch
Stm32 f4 first touchStm32 f4 first touch
Stm32 f4 first touchBenux Wei
 
WOver
WOverWOver
WOverWO Community
 
Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Alexander Bolshev
 

Contenu connexe

Tendances

Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmMorello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmKTN
 
Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN
 
Project ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN
 
Project ACRN GPIO mediator introduction
Project ACRN GPIO mediator introductionProject ACRN GPIO mediator introduction
Project ACRN GPIO mediator introductionProject ACRN
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, ArmMorello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, ArmKTN
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2qqlan
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
 
Project ACRN I2C mediator introduction
Project ACRN I2C mediator introductionProject ACRN I2C mediator introduction
Project ACRN I2C mediator introductionProject ACRN
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE Linaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloudqqlan
 
A versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from SundanceA versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from SundanceFlemming Christensen
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
What are TULIPP starter kits?
What are TULIPP starter kits?What are TULIPP starter kits?
What are TULIPP starter kits?Tulipp. Eu
 
Stm32 f4 first touch
Stm32 f4 first touchStm32 f4 first touch
Stm32 f4 first touchBenux Wei
 

Tendances (20)

Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmMorello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
 
Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN EtherCAT 101
Project ACRN EtherCAT 101
 
Project ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN USB mediator introduction
Project ACRN USB mediator introduction
 
Project ACRN GPIO mediator introduction
Project ACRN GPIO mediator introductionProject ACRN GPIO mediator introduction
Project ACRN GPIO mediator introduction
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, ArmMorello Software and Toolchain Work in Arm - Mark Nicholson, Arm
Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
 
Project ACRN I2C mediator introduction
Project ACRN I2C mediator introductionProject ACRN I2C mediator introduction
Project ACRN I2C mediator introduction
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
 
A versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from SundanceA versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
A versatile PC/104 Power Supply with Power-over-Ethernet from Sundance
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
What are TULIPP starter kits?
What are TULIPP starter kits?What are TULIPP starter kits?
What are TULIPP starter kits?
 
Stm32 f4 first touch
Stm32 f4 first touchStm32 f4 first touch
Stm32 f4 first touch
 

Similaire à ARM uVisor Debug Refinement Project(debugging facility improvements)

Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Alexander Bolshev
 
FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02Libor GECNUK
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
embedded-systems-for-beginners
embedded-systems-for-beginnersembedded-systems-for-beginners
embedded-systems-for-beginnersmohamed gaber
 
4 Introduction to Arduino.pdf
4 Introduction to Arduino.pdf4 Introduction to Arduino.pdf
4 Introduction to Arduino.pdfRynefelElopre2
 
Hands On Workshop on IoT: From Arduino to JRC Board
Hands On Workshop on IoT: From Arduino to JRC BoardHands On Workshop on IoT: From Arduino to JRC Board
Hands On Workshop on IoT: From Arduino to JRC BoardRedwan Ferdous
 
Workshop on IoT and Basic Home Automation_BAIUST.pptx
Workshop on IoT and Basic Home Automation_BAIUST.pptxWorkshop on IoT and Basic Home Automation_BAIUST.pptx
Workshop on IoT and Basic Home Automation_BAIUST.pptxRedwan Ferdous
 
Feasibility of Security in Micro-Controllers
Feasibility of Security in Micro-ControllersFeasibility of Security in Micro-Controllers
Feasibility of Security in Micro-Controllersardiri
 
Digging for Android Kernel Bugs
Digging for Android Kernel BugsDigging for Android Kernel Bugs
Digging for Android Kernel BugsJiahong Fang
 
Developing micro controller applications
Developing micro controller applicationsDeveloping micro controller applications
Developing micro controller applicationsSteve Mylroie
 
快速創新的模組化設計
快速創新的模組化設計快速創新的模組化設計
快速創新的模組化設計MAKERPRO.cc
 
JavaScript all the things - JavaScript fwdays 2018
JavaScript all the things - JavaScript fwdays 2018JavaScript all the things - JavaScript fwdays 2018
JavaScript all the things - JavaScript fwdays 2018Jan Jongboom
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitSulamita Garcia
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...ryancox
 
S2C China ICCAD 2010 Presentation
S2C China ICCAD 2010 PresentationS2C China ICCAD 2010 Presentation
S2C China ICCAD 2010 Presentationsrpollock
 
Microcontroller from basic_to_advanced
Microcontroller from basic_to_advancedMicrocontroller from basic_to_advanced
Microcontroller from basic_to_advancedImran Sheikh
 

Similaire à ARM uVisor Debug Refinement Project(debugging facility improvements) (20)

WOver
WOverWOver
WOver
 
Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...
 
FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
embedded-systems-for-beginners
embedded-systems-for-beginnersembedded-systems-for-beginners
embedded-systems-for-beginners
 
4 Introduction to Arduino.pdf
4 Introduction to Arduino.pdf4 Introduction to Arduino.pdf
4 Introduction to Arduino.pdf
 
Introduction of Arduino Uno
Introduction of Arduino UnoIntroduction of Arduino Uno
Introduction of Arduino Uno
 
Hands On Workshop on IoT: From Arduino to JRC Board
Hands On Workshop on IoT: From Arduino to JRC BoardHands On Workshop on IoT: From Arduino to JRC Board
Hands On Workshop on IoT: From Arduino to JRC Board
 
Workshop on IoT and Basic Home Automation_BAIUST.pptx
Workshop on IoT and Basic Home Automation_BAIUST.pptxWorkshop on IoT and Basic Home Automation_BAIUST.pptx
Workshop on IoT and Basic Home Automation_BAIUST.pptx
 
Feasibility of Security in Micro-Controllers
Feasibility of Security in Micro-ControllersFeasibility of Security in Micro-Controllers
Feasibility of Security in Micro-Controllers
 
Digging for Android Kernel Bugs
Digging for Android Kernel BugsDigging for Android Kernel Bugs
Digging for Android Kernel Bugs
 
Developing micro controller applications
Developing micro controller applicationsDeveloping micro controller applications
Developing micro controller applications
 
快速創新的模組化設計
快速創新的模組化設計快速創新的模組化設計
快速創新的模組化設計
 
JavaScript all the things - JavaScript fwdays 2018
JavaScript all the things - JavaScript fwdays 2018JavaScript all the things - JavaScript fwdays 2018
JavaScript all the things - JavaScript fwdays 2018
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer Kit
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
 
Training2 ppt
Training2 pptTraining2 ppt
Training2 ppt
 
S2C China ICCAD 2010 Presentation
S2C China ICCAD 2010 PresentationS2C China ICCAD 2010 Presentation
S2C China ICCAD 2010 Presentation
 
Microcontroller from basic_to_advanced
Microcontroller from basic_to_advancedMicrocontroller from basic_to_advanced
Microcontroller from basic_to_advanced
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

ARM uVisor Debug Refinement Project(debugging facility improvements)

  • 1. ARM uVisor Debug Refinement Project STUDENTS’ INFORMATION TECHNOLOGY CONFERENCE 2016,TAIWAN 張家榮 Jared jaredcjr.tw@gmail.com National Cheng Kung University Department of Engineering Science
  • 2. • A university student wants to have a representative work before graduating. • I used to develop embedded applications. (Once won the championship in the Realtek Semiconductor Ameba IOT competition) • Try to know more about system software. • Then…I found jserv… Who and Why?
  • 3. Before knowing uVisor, we need to know mbed OS source:http://www.slideshare.net/FoolsDelight/resilient-iot-security-the-end-of-flat-security-models The green block used for controlling hardware for security is where we will discuss in this slide.
  • 4. Security Issue • mbed OS allows user to develop applications over web • Developer may read or write memory over its address space mindlessly. • Some tricky bug is hard to find. • IOT devices expose to Network/public • Attack through I/O • Cortex-M is Memory-mapped I/O • All configurations , including read and write through I/O are Memory issues. • Ex. USART1_DR = 0x40011000 in STM32F429i • All data go through USART1 need to access this address. photo source:http://www.slideshare.net/FoolsDelight/resilient-iot-security-the-end-of-flat-security-models
  • 5. uVisor Design Philosophy • Many IoT security problems can be solved with standarized building blocks • HARDWARE-ENFORCED COMPARTMENTS (SANDBOXES) • For individual code blocks by limiting access to memories and peripherals using the existing hardware security features of the Cortex-M microcontrollers. • ARM CORTEX-M MPU • Sets up a hardware protected environment by using a Memory Protection Unit • ALLOWS INTERACTION FROM THE UNPRIVILEGED CODE BY EXPOSING SVCALL- BASED APIS. photo reference:http://www.idea-sandbox.com/assets/images/sandbox_graphic_baby_blue.png
  • 6. SandBox v.s. MPU • MPU IN ARM V7-CORTEX-M • Set Memory regions • Minimum size: 32 bytes • Maximum size: 4GB • Set as XN • XN=Execute Never • cause MemManage Fault • Read/Write • Privileged/Unprivileged • Read Only • Read/Write • No access • Denying access cause MemManage Fault • Accessing MPU relative registers in unprivileged mode cause Bus Fault. reference:https://github.com/ARMmbed/uvisor
  • 7. HOW TO PROTECT? reference: http://www.slideshare.net/vh21/introductiontombedosuvisor?related=1 uVisor SPIUSARTFLASHRAM BOX 2BOX 1 • ACCESS CONTROL LISTS(ACLS) • Each color represents for one “user” • Each of them can only access its “belonings” • Otherwise,the MPU will cause it to get into “MemManage Fault”
  • 8. SECURE GATEWAY for communication between boxes uVisor BOX 1 secure_gateway(func,args) BOX 2 func() SVC SVC return unprivileged privileged reference: http://www.slideshare.net/vh21/introductiontombedosuvisor?related=1
  • 9. Current debugging • LED PATTERN • Hard to know what caused this issue. • May difficult to reappear the condition. • SEMI-HOST • Based on SVC • Output/Input through GDB • ON-CHIP DEBUGGER • ST-LINK/J-Link • wired Error reason RED LED blinks PERMISSION_DENIED 1 SANITY_CHECK_FAILED 2 NOT_IMPLEMENTED 3 NOT_ALLOWED 4 FAULT_MEMMANAGE 5 FAULT_BUS 6 FAULT_USAGE 7 FAULT_HARD 8 FAULT_DEBUG 9
  • 10. (gdb) b main.cpp:44 Breakpoint 1 at 0x8000a5e: file main.cpp, line 44. (gdb) where #0 us_ticker_read () at ../../external/mbed/libraries/mbed/targets/hal/TARGET_STM/TARGET_STM32F4/us_ticker.c:50 #1 0x0800379e in wait_us (us=500000) at ../../external/mbed/libraries/mbed/common/wait_api.c:29 #2 0x08003766 in wait (s=0.5) at ../../external/mbed/libraries/mbed/common/wait_api.c:20 #3 0x08000a5e in main () at main.cpp:43 (gdb) c Continuing. Breakpoint 1, main () at main.cpp:44 44 myled = 0; (gdb) p/x i $1 = 0x1 GDB • WITH GNU DEBUGGER,YOU CAN… Look up Memory registers … Control execution Singel Step Single Instruction Breakpoint Watchpoint …
  • 11. How to improve it? • CRASHDEBUG • Tool to enable post-mortem debugging of Cortex-M crashes with GDB. • CRASHCATCHER • Catch Hard Faults on Cortex-M devices and save out a crash dump to be used by CrashDebug. • MRI(MONITOR FOR REMOTE INSPECTION) • The gdb compatible debug monitor for Cortex-M devices. • Running over any of the UART ports on the device. • Get rid of On-Chip debugger. • Wireless debug at any time and any where. photo reference:http://shop.myavr.com/pic/articles/STM32F429-disco_g.png Reference hardware: STM32F429i-Discovery
  • 12. CrashCatcher • SAVE THE MEMORY CONTENT IN THE HARDFAULT_HANDLER • Used by GDB+CrashDebug • Send the content to remote host or save in the local flash memory. • THE FORMAT MUST BE READABLE BY GDB WITH CRASHDEBUG • Little-Edian • registers content • StartAddress-EndAddress • Content 63430200 00000000 740200200000000000ED00E000000000 00000000000000000000000000000000 00000000000000000000000000000000 02000000 D0FF0220 950A0008A80B000800000021 03000020 0000002000C00120 00000320A15D0008ED5D0008FD0C0008 2B1F00082D1F00082F1F000800000000 000000000000000000000000ED5D0008 331F000800000000ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ED5D0008ED5D0008ED5D0008ED5D0008 ... Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
  • 13. (gdb) c Continuing. Can't send signals to this remote system. SIGSEGV not sent. **Hard Fault** Status Register: 0x40000000 Forced **Usage Fault** Status Register: 0x08 Coprocessor Access Program received signal SIGSEGV, Segmentation fault. 0x08000ba8 in dbg_vprintf (fmt=0x8000a3f <dbg_put_dec(uint32_t, int, char)+102> "", va=...) at MyImplementationIO/usart:535 CrashDebug • POST-MORTEM DEBUG • With the crashed dump memory content,we can • Let the GDB view it as an alive target. • Use GDB commands. • Seeing the critical variable value. • View the location that causing the situation. • backtrace • HELP US TO KNOW WHAT HAPPENED. Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
  • 14. Monitor for Remote Inspection (MRI) • ALLOWING TO USE GDB REMOTE DEBUGGING THROUGH ANY COMMUNICATION METHOD(WIRELESS IS POSSIBLE) • Replace On-Chip debugger • Currently support USART in STM32F429i-Discovery Cortex-M4 devices. • GDB REMOTE SERIAL PROTOCOL • Communicating with host GDB. • Get commands by modifying USART handler. • According to the commands sent from host GDB • MRI sets the debug monitor in Cortex-M devices. • DEBUG MONITOR • One of the two debugging methods in Cortex-M devices. • Halt mode • debug monitor • Based on exception handler photo reference:https://www.segger.com/cms/admin/uploads/imageBox/J-Link-PRO_left_shadow_350x.jpg Original Project Developer : Adam Green(http://mbed.org/users/AdamGreen/) Reference hardware: STM32F429i-Discovery
  • 15. Ad-Hoc Debugging future framework between debugger and debuggee Reference hardware: STM32F429i-Discovery dashed line represents for any communication way,such as USART or Bluetooth. Debug Box CrashCatcher MRI System 1 remote GDB System 2 Save CrashCatcher dump GDB with CrashDebug uVisor Application BOX(s) with access permission in the ACLs of the Debug Box
  • 16. Q&A
  • 17. THANKS FOR LISTENING! Especially thanks for (The order does not represent for any significance) jserv jserv.tw@gmail.com George Kang georgekang03@gmail.com Adam Green http://mbed.org/users/AdamGreen/ Milosch Meriac https://meriac.com/