One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8393306 |
| Date de publication | 2023-10-09 12:30:13 (vue: 2023-10-09 17:06:51) |
| Titre | Rust à métal nu dans Android Bare-metal Rust in Android |
| Texte | Posted by Andrew Walbran, Android Rust Team
Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (running under Linux), but these are not the only components typically written in memory-unsafe languages. Many security-critical components of an Android system run in a “bare-metal” environment, outside of the Linux kernel, and these are historically written in C. As part of our efforts to harden firmware on Android devices, we are increasingly using Rust in these bare-metal environments too.
To that end, we have rewritten the Android Virtualization Framework\'s protected VM (pVM) firmware in Rust to provide a memory safe foundation for the pVM root of trust. This firmware performs a similar function to a bootloader, and was initially built on top of U-Boot, a widely used open source bootloader. However, U-Boot was not designed with security in a hostile environment in mind, and there have been numerous security vulnerabilities found in it due to out of bounds memory access, integer underflow and memory corruption. Its VirtIO drivers in particular had a number of missing or problematic bounds checks. We fixed the specific issues we found in U-Boot, but by leveraging Rust we can avoid these sorts of memory-safety vulnerabilities in future. The new Rust pVM firmware was released in Android 14.
As part of this effort, we contributed back to the Rust community by using and contributing to existing crates where possible, and publishing a number of new crates as well. For example, for VirtIO in pVM firmware we\'ve spent time fixing bugs and soundness issues in the existing virtio-drivers crate, as well as adding new functionality, and are now helping maintain this crate. We\'ve published crates for making PSCI and other Arm SMCCC calls, and for managing page tables. These are just a start; we plan to release more Rust crates to support bare-metal programming on a range of platforms. These crates are also being used outside of Android, such as in Project Oak and the bare-metal section of our Comprehensive Rust course.
Training engineers
Many engineers have been positively surprised by how p |
| Envoyé | Oui |
| Condensat | 220 460 able about abstraction abstractions access accessing added adding adopting advantages agreed all allocated allowed allows also always among andrew android anecdotally another any application applications apply architectural architectures are arm around array assumption attendees avoid avoiding awkward back backgrounds bare because been behaviour being better binary boot bootloader borrow both bounds break bring bugs builds built but c++ caller calls can care careful case; cases cases; cause chain challenges challenging check checker checks circumstances cleanly code come community comparable compared comparison compile compiler compiling completed components comprehensive concern concerns concurrency constants continue contracts contributed contributing copy cores correctness corruption course crate crates creating critical currently deal demand dependencies designed despite device devices disabled disagreement dispatch down drivers dsp due dynamic earlier easily efficient effort efforts encapsulate encapsulated encapsulation end engineers ensure entirely environment environments esoteric even example exception exceptions execution existing experienced extremely facilities fair far fashion faults features fewer fields firmware fixed fixing flexibility form formatting found foundation framework from fully function functionality future general generally get had handlers hard harden has have haven heap help helped helpful helping helps hexagon high historically hostile how however implement implementation implications implicit important improve improvement included including increasingly indices initially integer interface interrupt introduced invalid issue issues its just kernel keymint lacking languages last leaking len level leveraging lifetimes like limitations limited linux locks lot low machinery made maintain make making managing manipulating many mapped mapping may memory mentioned metal metal” mind missing mistakes mmio more most moving mutable native necessary need needs new nice niceties nightly not noted novice now number numerous oak object offset often one only open operations optimization optimizing oriented other others out outside over overall overhead page pages part particular particularly parts people performs phones pixel plan platforms pleasant pointers polymorphism positively possible posted practical practically preconditions problematic productive productivity program programmer programmers programming programs project projects protected provide providing psci ptr published publishing pvm qualcomm quickly raised range raw reason reference references release released rely remove require resolved resulted results rewritten risc root run running runtime rust safe safeties safety same say: scope section sections security see seen services shared should significant similar size slice smccc socs some somewhat sorts soundness source space specific speed spent stabilisation stable stack start; state statically strategies string struct structs such support supported surprised survey syntax system table tables take team tends terms then there these time too tools top training traits tried trust trusted trusty type types typically undefined under underflow unmapping unsafe use used useful userspace using usually values version virtio virtualization vtables vulnerabilities walbran way well weren where wherever which whole widely will without work working worth would wrappers write writes written wrote year yet “bare |
| Tags | Tool Vulnerability |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.