More about A12 on board cores

By: Maynard Handley (name99.delete@this.name99.org), September 22, 2018 11:12 pm
Room: Moderated Discussions
There’s, as always, a lot of interesting stuff in the iOS12 Security White Paper, but this page is of particular interest:


Kernel Integrity Protection

After the iOS kernel completes initialization, Kernel Integrity Protection (KIP) is enabled to prevent modifications of kernel and driver code. The memory controller provides a protected physical memory region that iBoot uses to load the kernel and kernel extensions. After boot completes, the memory controller denies writes to the protected physical memory region. Additionally, the application processor's Memory Management Unit (MMU) is configured to prevent mapping privileged code from physical memory outside the protected memory region, and to prevent writeable mappings of physical memory within the kernel memory region.

The hardware used to enable KIP is locked after the boot process completes to prevent reconfiguration. KIP is supported on SoCs starting with the Apple A10 and S4.

System Coprocessor Integrity Protection

System coprocessors are CPUs on the same SoC as the application processor. System coprocessors are dedicated to a specific purpose, and the iOS kernel delegates many tasks to them. Examples include:

• Secure Enclave
• Image Sensor Processor
• Motion coprocessor

Because coprocessor firmware handles many critical system tasks, its security is a key part of the overall system's security.

System Coprocessor Integrity Protection (SCIP) uses a mechanism similar to Kernel Integrity Protection to prevent modification of coprocessor firmware. At boot time, iBoot loads each coprocessor's firmware into a protected memory region, reserved and separate from the KIP region. iBoot configures each coprocessor's memory management units to prevent:

• Executable mappings outside its part of the protected memory region
• Prevent writeable mappings inside its part of the protected memory region

The Secure Enclave Operating System is responsible for configuring the Secure Enclave's SCIP at boot time.

The hardware used to enable SCIP is locked after the boot process completes to prevent reconfiguration. SCIP is supported on SoCs starting with the A12 and S4.

Pointer Authentication Codes

Pointer authentication codes (PACs) are used to protect against exploitation of memory corruption bugs. System software and built-in apps use PAC to prevent modification of function pointers and return addresses (code pointers). Doing so increases the difficulty of many attacks. For example, a Return Oriented Programming (ROP) attack attempts to trick the device into executing existing code maliciously by manipulating function return addresses stored on the stack.

PAC is supported on A12 and S4 SoCs.


This clarifies
- how the hardware memory integrity works
- that there ARE multiple “minor” cores on the A12 (and S4...) and obviously SOME thought has gone into securing them

It remains unclear just how much has been (and is planned to be) delegated to these cores. You could imagine them each running essentially the “driver” for the relevant device (Metal driver, even file system on the IO core, up to TCP/IP stack on the inevitable RF core...)
This is clearly a cute win in terms of less interrupt pollution and cache pollution from these tasks, but who knows if those are their ambitions, or much simpler things like just initialization and power management? Of course there is a theoretical cost to such delegation in terms of data traffic, but if they all share the same L3 and a sensible NoC and addressing primitives...

Also this obviously primarily protects instructions for now, not data, as a higher priority and easier. But I expect data is being worked on (and a rapid adoption of ARMv8.5 authenticated data pointers).
 Next Post in Thread >
TopicPosted ByDate
More about A12 on board cores Maynard Handley2018/09/22 11:12 PM
  More about A12 on board cores Brett2018/09/23 09:17 AM
    More about A12 on board cores Doug S2018/09/23 11:08 AM
      More about A12 on board cores Maynard Handley2018/09/23 11:27 AM
      More about A12 on board cores Wilco2018/09/23 12:28 PM
  More about A12 on board cores Doug S2018/09/23 11:09 AM
    More about A12 on board cores Maynard Handley2018/09/23 11:37 AM
  More about A12 on board cores Etienne2018/09/24 05:47 AM
    More about A12 on board cores Doug S2018/09/24 02:45 PM
      More about A12 on board cores Maynard Handley2018/09/24 03:01 PM
        More about A12 on board cores Doug S2018/09/24 03:37 PM
          More about A12 on board cores Maynard Handley2018/09/24 04:48 PM
            Getting more from extra bitsPaul A. Clayton2018/09/24 07:52 PM
              Getting more from extra bitsBrett2018/09/24 08:43 PM
                Getting more from extra bitsDoug S2018/09/24 11:04 PM
                  Getting more from extra bitsBrett2018/09/25 09:19 AM
                    Getting more from extra bitsDoug S2018/09/25 12:21 PM
                      Getting more from extra bitsMichael S2018/09/25 12:56 PM
                      Getting more from extra bitsEtienne2018/09/26 02:33 AM
                        Getting more from extra bitsDoug S2018/09/26 03:53 AM
                          Getting more from extra bitsDavid Hess2018/09/26 06:49 PM
                            Getting more from extra bitsDoug S2018/09/27 12:24 PM
                              Getting more from extra bitsBlaine2018/09/27 03:12 PM
                                Getting more from extra bitsDavid Hess2018/09/27 08:36 PM
                              Getting more from extra bitsDavid Hess2018/09/27 05:14 PM
                                Getting more from extra bitsEtienne2018/09/28 01:19 AM
                                  Getting more from extra bitsDavid Hess2018/09/28 03:46 PM
                        Getting more from extra bitsDavid Hess2018/09/26 06:39 PM
              Getting more from extra bitsMaynard Handley2018/09/24 08:53 PM
              Getting more from extra bitsKevin G2018/09/25 10:54 AM
              ECC tricksA Holden2018/09/26 05:36 PM
                key === hardware provided metadataPaul A. Clayton2018/10/02 09:14 AM
          More about A12 on board cores David Hess2018/09/24 09:33 PM
        More about A12 on board cores Jukka Larja2018/09/25 06:33 AM
          More about A12 on board cores Maynard Handley2018/09/25 10:39 AM
          More about A12 on board cores Kevin G2018/09/25 11:02 AM
            More about A12 on board cores Michael S2018/09/25 11:52 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell green?