Hi Soby Mathew,
Thanks for your reply.
IMHO, the isolate pagetable is much more heavy. It looks like a big idea.
And if we have a dynamic mapping function, which map the service's needed memory in the service's call can also mitigate this. But this can be more slower.
For accessing limited resource, what's your idea?
-Feng
On 2019/7/9 4:27 下午, Soby Mathew wrote:
Hi Feng, Thanks for your email. This is an interesting topic and this is an active area of work for us but in a slightly different manner. Could you please send this message to the mailing list tf-a@lists.trustedfirmware.org , so we can continue conversation on the list ?
The mailing list info can be found here : https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Thanks & Regards Soby Mathew
-----Original Message----- From: feng chen puck.chen@foxmail.com Sent: 08 July 2019 16:24 To: Dan Handley Dan.Handley@arm.com; Soby Mathew Soby.Mathew@arm.com; Sandrine Bailleux Sandrine.Bailleux@arm.com; Alexei Fedorov Alexei.Fedorov@arm.com; Paul Beesley Paul.Beesley@arm.com; John Tsichritzis John.Tsichritzis@arm.com Subject: [RFC] isolate the memory into different pagetable for TF-A
Hello maintainers,
Is it possible for mapping the memory into different page-tables for TF-A?
Since the ATF is running in EL3 mode, which is the highest level of ARM SoCs.
And for security reason, once one service provided in TF has some vulnerabilities, It can access all the memory TF mapped. And it could be more acceptable.
Thinking about the userland goto kernelland, the process use isolated page tables.
So I want to implement this for TF-A, different memory-mapping for different service, and it can also use a shared mem-mapping space which all the service need to use.
I want to know how do you think about this? Does this make sense to you?
Cherrs,
Feng
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.