ARMSecurityFeatures

Summary

A few generic Linux kernel security features are not currently implemented for ARM, such as SECCOMP, CONFIG_CC_STACKPROTECTOR, Address Space Layout Randomisation and /dev/mem protection.

The work carried out under this spec will investigate feasibility and implement support for these features, where appropriate.

Features to which this Spec Applies

* Security features on ARM (https://wiki.ubuntu.com/SecurityTeam/Roadmap/ARM)

Release Note

Note: This section is a placeholder for the text which will go into the release note at release time.

On ARM platforms, a full set of Linux kernel security features are now supported, including: *** TODO: determine final list based on what is implemented ***

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

Assumptions

It is assumed that there are no significant blocking issues preventing the implementation of the features for ARM. This will be determined further by investigative work done under this specification.

Implementation

Assignees and tasks are documented in the blueprint whiteboard area. See the top of this page for a link.

Code Changes

Only the Linux kernel trees for ARM are affected. It is expected that the proposed changes will be non-invasive and non-platform-specific: because if this, we should definitely mainline the changes at the earliest opportunity.

Migration

There should be no migration impact. This specification simply proposes to enable some features already supported by Ubuntu but not yet supported on ARM targets in particular.

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

Kees already has testcases for these features: it should be a straightforward matter of removing the XFAIL checks for ARM.

Unresolved issues

TBD

BoF agenda and discussion

Kernel Security Features Missing from the ARM Trees

Agenda

  • identify specific security features to implement for M
  • assign feature development tasks
  • discuss any exceptional issues relating to security updates for ARM

Features Under Discussion

  • PR_SET_SECCOMP
    • Amitk has a SoC patch, will post to bug lp #375183 for testing
  • Address Space Layout Randomisation
    • ARM VM layout similar to x86, but ARM has configurable user/kernel split
    • potentially useful existing implementation for ASLR exists in grsecurity:
  • /dev/mem protection
    • SoC-specific drivers may poke device regs and mem from userspasce, but not typically through dev/mem directly(?)
    • We sould turn it off and see if someone uses it
  • VDSO
    • Not relevant for ARM
    • vector page exists, but does not appear to be security sensitive
  • CONFIG_CC_STACKPROTECTOR
  • Might be nice to have a generic driver for accessing the trust zone areas
    • not really a sane stable api from device to device

Action Items from BoF

  • [dave-martin-arm] follow up with tools guys about how the GCC stack protector works for ARM
  • [dave-martin-arm] follow up with Catalin Marinas and Nicolas Pitre on kernel details relating to ASLR
  • [npitre] investigate CC_STACKPROTECTOR and ASLR
  • [amitk] test SECCOMP patch and push upstream
  • [kees] turn off /dev/mem

(See the launchpad blueprint page for the authoritative, current list and status.)


CategorySpec

Specs/M/ARMSecurityFeatures (last edited 2010-05-28 13:15:12 by dave-martin-arm)