2012-10-21 01:14:50 +00:00
|
|
|
|
<!doctype html>
|
2016-03-20 17:50:14 +00:00
|
|
|
|
<html>
|
2020-01-03 03:54:04 +00:00
|
|
|
|
|
|
|
|
|
<head>
|
|
|
|
|
<meta charset="utf-8">
|
|
|
|
|
|
|
|
|
|
<title>Paying It Forward: Documenting your Hardware</title>
|
|
|
|
|
|
|
|
|
|
<meta name="description" content="A framework for easily creating beautiful presentations using HTML">
|
|
|
|
|
<meta name="author" content="Sean "xobs" Cross">
|
|
|
|
|
|
|
|
|
|
<meta name="apple-mobile-web-app-capable" content="yes">
|
|
|
|
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
|
|
|
|
|
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="css/reveal.css">
|
|
|
|
|
<link rel="stylesheet" href="css/theme/lca2020.css" id="theme">
|
|
|
|
|
|
|
|
|
|
<!-- Theme used for syntax highlighting of code -->
|
|
|
|
|
<link rel="stylesheet" href="lib/css/zenburn.css">
|
|
|
|
|
|
|
|
|
|
<!-- Printing and PDF exports -->
|
|
|
|
|
<script>
|
|
|
|
|
var link = document.createElement('link');
|
|
|
|
|
link.rel = 'stylesheet';
|
|
|
|
|
link.type = 'text/css';
|
|
|
|
|
link.href = window.location.search.match(/print-pdf/gi) ? 'css/print/pdf.css' : 'css/print/paper.css';
|
|
|
|
|
document.getElementsByTagName('head')[0].appendChild(link);
|
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
<!--[if lt IE 9]>
|
|
|
|
|
<script src="lib/js/html5shiv.js"></script>
|
|
|
|
|
<![endif]-->
|
|
|
|
|
|
|
|
|
|
<style>
|
|
|
|
|
/*********************************************
|
|
|
|
|
* ZOOM REVERSE TRANSITION (i.e. zoom out)
|
|
|
|
|
*********************************************/
|
|
|
|
|
.reveal .slides section[data-transition=zoomrev],
|
|
|
|
|
.reveal.zoomrev .slides section:not([data-transition]) {
|
|
|
|
|
transition-timing-function: ease;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
.reveal .slides > section[data-transition=zoomrev].past,
|
|
|
|
|
.reveal .slides > section[data-transition~=zoomrev-out].past,
|
|
|
|
|
.reveal.zoomrev .slides > section:not([data-transition]).past {
|
|
|
|
|
visibility: hidden;
|
|
|
|
|
-webkit-transform: scale(0.2);
|
|
|
|
|
transform: scale(0.2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
.reveal .slides > section[data-transition=zoomrev].future,
|
|
|
|
|
.reveal .slides > section[data-transition~=zoomrev-in].future,
|
|
|
|
|
.reveal.zoomrev .slides > section:not([data-transition]).future {
|
|
|
|
|
visibility: hidden;
|
|
|
|
|
-webkit-transform: scale(16);
|
|
|
|
|
transform: scale(16);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
.reveal .slides > section > section[data-transition=zoomrev].past,
|
|
|
|
|
.reveal .slides > section > section[data-transition~=zoomrev-out].past,
|
|
|
|
|
.reveal.zoomrev .slides > section > section:not([data-transition]).past {
|
|
|
|
|
-webkit-transform: translate(0, 150%);
|
|
|
|
|
transform: translate(0, 150%);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
.reveal .slides > section > section[data-transition=zoomrev].future,
|
|
|
|
|
.reveal .slides > section > section[data-transition~=zoomrev-in].future,
|
|
|
|
|
.reveal.zoomrev .slides > section > section:not([data-transition]).future {
|
|
|
|
|
-webkit-transform: translate(0, -150%);
|
|
|
|
|
transform: translate(0, -150%);
|
|
|
|
|
}
|
|
|
|
|
</style>
|
|
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
|
|
<!-- Start of main presentation -->
|
|
|
|
|
<div class="reveal">
|
|
|
|
|
<div class="footer">
|
|
|
|
|
<a class="url" href="https://p.xobs.io/lca20-bt/">p.xobs.io/lca20-pif</a>
|
|
|
|
|
<span class="theme">Who’s Watching</span><span class="hashtag"> | #LCA2020</span><span class="twitter"> |
|
|
|
|
|
@linuxconfau</span>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="slides">
|
|
|
|
|
<section data-background-image="css/theme/lca2019-title-bg-transparent.svg">
|
2020-01-03 03:57:55 +00:00
|
|
|
|
<h2 style="background-color: transparent;">Betrusted: Being Secure</h2>
|
|
|
|
|
<h5 style="background-color: transparent;">That's no Blackberry, it's a chat client!</h5>
|
2020-01-03 03:54:04 +00:00
|
|
|
|
<p align="right">
|
|
|
|
|
<small>Sean Cross - <a href="https://xobs.io/">https://xobs.io/</a> - @xobs</small>
|
|
|
|
|
</p>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<section>
|
|
|
|
|
<h2>Xous: Why another kernel?</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
A big question that gets asked is -- why another kernel? Why don't we just
|
|
|
|
|
put Linux on it and be done with it? Or something else like Minix, TockOS,
|
|
|
|
|
or FreeRTOS?
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h2>Betrusted Goals</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
With Betrusted, we wanted to reduce the code footprint. This will allow
|
|
|
|
|
us to run with less RAM -- ideally 4 MB or less. We also wanted to have
|
|
|
|
|
a full MMU, which is somewhat unusual in the embedded microcontroller
|
|
|
|
|
space, where a more limited Memory Protection Unit is preferred.
|
|
|
|
|
|
|
|
|
|
We would like to have full process isolation, so even if one process is
|
|
|
|
|
compromised, attackers will have a harder time boring through the system
|
|
|
|
|
to gain a more complete takeover.
|
|
|
|
|
|
|
|
|
|
Therefore, we would like Betrusted to run a Microkernel-style operating
|
|
|
|
|
system, with "servers" that provide features such as the display,
|
|
|
|
|
keyboard, and even basic task switching. These should all run in
|
|
|
|
|
userspace with the bare minimum permissions required to get the job done.
|
|
|
|
|
|
|
|
|
|
Finally, we would like to have the operating system written in a safe
|
|
|
|
|
systems language.
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h2>Rust: Safety, Speed, Concurrency</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
The Rust programming language promises the holy trifecta: Safety, Speed,
|
|
|
|
|
Concurrency. Pick any three. If you're going to start over on a systems-
|
|
|
|
|
level project, choose Rust. There will be a lot of wailing and gnashing
|
|
|
|
|
of teeth to begin with, but the end result will be better.
|
|
|
|
|
|
|
|
|
|
When we started Betrusted, we decided that it should primarily use Rust
|
|
|
|
|
as the systems language. That way we can be sure that our code is sound.
|
|
|
|
|
Additionally, Rust has the ability to produce efficient binaries, and the
|
|
|
|
|
efficiency is only going to get better as time progresses.
|
|
|
|
|
|
|
|
|
|
This eliminates non-Rust choices such as Linux or Minix.
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h2>A Survey of Rust-based Operating Systems</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
Having decided to use Rust, we did a survey of Rust-based operating
|
|
|
|
|
systems. There are several available, in various states of completeness.
|
|
|
|
|
The two biggest candidates are Redox and Tock.
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h2>Rust-based Operating Systems: Tock</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
Tock is the most obvious choice, since it already has a RISC-V port
|
|
|
|
|
and is supported by a well-documented ABI. Tock supports multiple
|
|
|
|
|
tasks written in either Rust or C, which is a very nice feature.
|
|
|
|
|
|
|
|
|
|
However, Tock does not support an MMU. It would be possible to adapt
|
|
|
|
|
the MPU interface to work with an MMU, but a lot of design work has
|
|
|
|
|
gone into Tock to make it work well with only the standard MPU that
|
|
|
|
|
is present on most ARM chips. Using Tock would be asking it to do
|
|
|
|
|
something that it's not designed for. Instead, it's better to pick
|
|
|
|
|
the right tool for the job.
|
|
|
|
|
|
|
|
|
|
Additionally, the Tock message passing infrastructure assumes only
|
|
|
|
|
one server per process, which can limit flexibility.
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h2>Rust-based Operating Systems: Redox</h2>
|
|
|
|
|
<aside class="notes">
|
|
|
|
|
Redox is the other large Rust-based operating system, and is the most
|
|
|
|
|
compelling. Redox is currently limited to x86-64 (with a plan to
|
|
|
|
|
port it to AArch64), so we would need to port it ourselves to RISC-V.
|
|
|
|
|
|
|
|
|
|
The biggest problem with Redox is its size: It's a full Desktop
|
|
|
|
|
operating system, and supporting it on Betrusted would require us to
|
|
|
|
|
spend a lot of time cutting it down to just the bare microkernel,
|
|
|
|
|
at which point we can start to recreate everything ourselves. The
|
|
|
|
|
kernel itself is such a small part of Betrusted. Besides, we would
|
|
|
|
|
like the freedom to experiment, to randomize the syscall numbers and
|
|
|
|
|
have keepout areas of the screen and add IMEs to the input, which
|
|
|
|
|
would quickly introduce incompatibility with Redox.
|
|
|
|
|
|
|
|
|
|
In short, Tock is too small, and Redox is too big.
|
|
|
|
|
</aside>
|
|
|
|
|
</section>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div> <!-- class="reveal" -->
|
|
|
|
|
<!-- End of main presentation -->
|
|
|
|
|
|
|
|
|
|
<!-- Start of configuration section -->
|
|
|
|
|
<script src="lib/js/head.min.js"></script>
|
|
|
|
|
<script src="js/reveal.js"></script>
|
|
|
|
|
|
|
|
|
|
<script>
|
|
|
|
|
var presenter = !!Reveal.getQueryHash().s;
|
|
|
|
|
|
|
|
|
|
// More info https://github.com/hakimel/reveal.js#configuration
|
|
|
|
|
Reveal.initialize({
|
|
|
|
|
controls: presenter ? false : true,
|
|
|
|
|
progress: true,
|
|
|
|
|
history: true,
|
|
|
|
|
center: true,
|
|
|
|
|
controlsTutorial: presenter ? false : true,
|
|
|
|
|
|
|
|
|
|
slideNumber: presenter ? null : 'c/t',
|
|
|
|
|
|
|
|
|
|
// The "normal" size of the presentation, aspect ratio will be preserved
|
|
|
|
|
// when the presentation is scaled to fit different resolutions. Can be
|
|
|
|
|
// specified using percentage units.
|
|
|
|
|
width: "100%",
|
|
|
|
|
height: 700,
|
|
|
|
|
|
|
|
|
|
// Factor of the display size that should remain empty around the content
|
|
|
|
|
margin: 0.1,
|
|
|
|
|
|
|
|
|
|
multiplex: {
|
|
|
|
|
url: 'https://p.xobs.io/',
|
|
|
|
|
id: '631bb3db6fbaea78',
|
|
|
|
|
secret: Reveal.getQueryHash().s || null
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// Bounds for smallest/largest possible scale to apply to content
|
|
|
|
|
minScale: 0.02,
|
|
|
|
|
maxScale: 5.5,
|
|
|
|
|
|
|
|
|
|
transition: 'slide', // none/fade/slide/convex/concave/zoom
|
|
|
|
|
|
|
|
|
|
// More info https://github.com/hakimel/reveal.js#dependencies
|
|
|
|
|
dependencies: [
|
|
|
|
|
{ src: 'lib/js/classList.js', condition: function () { return !document.body.classList; } },
|
|
|
|
|
{ src: 'plugin/markdown/marked.js', condition: function () { return !!document.querySelector('[data-markdown]'); } },
|
|
|
|
|
{ src: 'plugin/markdown/markdown.js', condition: function () { return !!document.querySelector('[data-markdown]'); } },
|
|
|
|
|
{ src: 'plugin/highlight/highlight.js', async: true, callback: function () { hljs.initHighlightingOnLoad(); } },
|
|
|
|
|
{ src: 'plugin/search/search.js', async: true },
|
|
|
|
|
{ src: 'plugin/zoom-js/zoom.js', async: true },
|
|
|
|
|
{ src: 'plugin/notes/notes.js', async: true },
|
|
|
|
|
|
|
|
|
|
{ src: 'lib/js/socket.io.js', async: true },
|
|
|
|
|
{
|
|
|
|
|
src: presenter ?
|
|
|
|
|
'plugin/multiplex/master.js' :
|
|
|
|
|
'plugin/multiplex/client.js', async: true
|
|
|
|
|
},
|
|
|
|
|
]
|
|
|
|
|
});
|
|
|
|
|
</script>
|
|
|
|
|
</body>
|
|
|
|
|
|
2012-08-04 04:33:27 +00:00
|
|
|
|
</html>
|