CN116305089A - Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture - Google Patents
Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture Download PDFInfo
- Publication number
- CN116305089A CN116305089A CN202310251652.1A CN202310251652A CN116305089A CN 116305089 A CN116305089 A CN 116305089A CN 202310251652 A CN202310251652 A CN 202310251652A CN 116305089 A CN116305089 A CN 116305089A
- Authority
- CN
- China
- Prior art keywords
- interrupt
- enclave
- monitor
- processing
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000002955 isolation Methods 0.000 title claims abstract description 30
- 238000012545 processing Methods 0.000 claims abstract description 105
- 230000001960 triggered effect Effects 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims abstract description 15
- 230000006870 function Effects 0.000 claims description 92
- 101000829705 Methanopyrus kandleri (strain AV19 / DSM 6324 / JCM 9639 / NBRC 100938) Thermosome subunit Proteins 0.000 description 3
- 239000013625 clathrin-independent carrier Substances 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007665 sagging Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for realizing interrupt isolation in a trusted execution environment of RISC-V architecture, comprising the following steps: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt. The invention ensures that each isolation area can only detect and process the interrupt belonging to the current isolation area by dynamically configuring the interrupt processing mode, namely the interrupt commission mentioned later, and can process the interrupt in the S mode as much as possible, thereby ensuring the safety and improving the performance; according to the method and the device, the pile processing function is constructed, so that the isolation area can automatically jump back to the position before interrupt triggering after interrupt processing is completed, and the interrupt processing process is transparent to the original business logic of different isolation areas.
Description
Technical Field
The present invention relates to the field of interrupt processing technology, and in particular, to a method and system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture.
Background
Two sections of memory mapping addresses exist in the CLIC interrupt controller, and are respectively provided for M mode and S mode. Each segment contains 1024 interrupt configurations, each having four one-byte interrupt configuration registers, clicintip [ i ], clicintie [ i ], clicinttr [ i ], clicintctl [ i ]. The processing mode of a specific numbered interrupt can be configured in the memory mapping area of the M mode, the program in the S mode can configure the interrupt through the S mode memory mapping area only when a certain interrupt is configured in the M mode area as the S mode which can be processed, and when the interrupt is temporary, if the privilege level is in the U/S mode, the interrupt is directly processed by the S mode.
An interrupt delegation mechanism is realized by using the CLIC interrupt controller; the memory mapped register area of the CLIC interrupt controller is logically distinguishable into an M-mode memory mapped area (hereinafter abbreviated as M-mode area) and an S-mode memory mapped area (hereinafter abbreviated as S-mode area). The security monitor in M mode is responsible for configuring M mode area, and in particular, it can determine whether an interrupt corresponding to an interrupt number is delivered to S mode processing, and also determine whether S mode can configure a register corresponding to the interrupt number in S mode area. Enclave in S mode, for interrupts exposed to itself, can handle the interrupt directly without sinking to M mode, and can configure the corresponding registers of the interrupt in the S mode region. The ability to interrupt processing and configuration is handed over from M mode to S mode, referred to as interrupt delegation.
The M mode may delegate the interrupt to the S mode, or may cancel the interrupt delegation of the S mode, and the specific configuration mode is as follows: in the M-mode region, clicinttr [ i ]. Mode is used to control the privilege level of an interrupt with interrupt number i, and when in M-mode, interrupt i can be delegated to S-mode by setting clicinttr [ i ]. Mode in M-region to the bit corresponding to S-mode. Otherwise, interrupt delegation is canceled by setting clicintattr [ i ]. Mode in M area as bit corresponding to M mode.
The above describes the manner in which the M-mode delegates a certain interrupt number to the S-mode processing, and cancels the interrupt delegation.
One of the design goals of a trusted execution environment is the isolation of resources between the various enclaves. In most cases, the trusted execution environment may include memory isolation, peripheral isolation, and other designs. However, some side channel attacks can utilize the timing of interrupt triggering to reduce the time cost of the attack and improve the success rate of the attack. Thus, ensuring that interrupts are only visible to a particular enclave (interrupt isolation) is also one of the design goals of a trusted execution environment.
Trusted execution environment on RISC-V: the trusted execution environment at RISC-V is typically implemented as follows. By utilizing the characteristic that the authority levels of the processor modes are different, the security monitor is deployed in the M mode with the highest authority level, and the security monitor is ensured to be the only component running in the M mode; the particular hardware resources in the computer system are configured and managed by the security monitor as to which software components and other hardware components can be accessed and used. On this basis, each set of software and hardware components that are isolated from each other can be considered an isolated execution environment. In this application, an isolated execution environment is equivalent to an Enclave.
In a computer system where trusted execution environments are deployed, software and hardware are partitioned into several isolated execution environments, so interrupt handling for different isolated execution environments also needs to be isolated from each other. Otherwise, triggering and handling of device interrupts may reveal information about software and hardware execution within the isolation environment, allowing malicious components in the computer system to deploy attacks, such as side-channel attacks, at a lower cost.
Patent document CN111831419a (application number 202010691742.9) discloses an interrupt control method for RISC-V architecture, which solves the problem of fast processing of emergency interrupt by MCU chip based on RISC-V architecture. In the process of processing a common interrupt program or a main program, once the processor receives a quick interrupt program distributed by the PLIC, the processor jumps to a quick interrupt processing flow; wherein the received fast interrupt program is written by using a compressed instruction set, so that the general purpose registers used by the fast interrupt program are limited in the range of x8-x 15; during the fast interrupt processing, 8 shadow registers sx8-sx15 are used for temporarily storing the data of the general registers x8-x15 before executing the interrupt processing function, and after the function processing is finished, the data stored in the 8 shadow registers sx8-sx15 are restored to the general registers x8-x15 used by the interrupt program, and the previous normal interrupt program or main program processing flow is continued.
The interrupt isolation mechanism of the present invention is applicable to RISC-V architectures.
Processor mode in RISC-V architecture: in the RISC-V architecture, a processor may support multiple operating modes, a User Mode (hereinafter referred to as a U-Mode), a privileged Mode (hereinafter referred to as an S-Mode), and a Machine Mode (hereinafter referred to as an M-Mode). In general, for a process supporting an S mode and a U mode, a general application is executed in the U mode, and the mode has relatively minimum authority; operating an operating system in an S mode; the logic associated with the firmware is run in M mode, which has the highest authority.
RISC-V interrupt handling mode: in processing that supports both S-mode and U-mode, if the interrupt controller supports relevant features, then relevant configuration software can configure whether a particular interrupt should be processed in M-mode or U-mode. If an interrupt is configured to be processed in the M mode, after the interrupt is triggered, the execution flow automatically jumps to an interrupt processing function in the M mode; in contrast, if an interrupt is configured to be handled in S-mode, then after the interrupt is triggered, the execution flow will automatically jump to the interrupt handling function in S-mode. Because the mode switching generally causes performance loss, the interrupt is processed in the S mode as much as possible, so that the delay of interrupt processing can be reduced, and the performance of the computer system for processing the interrupt can be improved.
In a computer system where trusted execution environments are deployed, if a configuration specific interrupt is triggered directly in S-mode, then there may be a case when it is triggered that the isolated execution environment currently being executed is not the execution environment to which the interrupt belongs, i.e. the guarantee of interrupt isolation is broken. Based on this information, if the current operating environment is malicious or has a vulnerability, then the event of interrupt triggering may be utilized to deploy an attack against the operating environment to which the interrupt originally belongs; if all interrupts are configured to trigger directly in M-mode, even if the isolated running environment to which the interrupt belongs is executing when the interrupt triggers, the current execution flow will still jump to M-mode to process the interrupt, resulting in performance loss.
Disclosure of Invention
In view of the drawbacks of the prior art, an object of the present invention is a method and system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture.
The invention provides a method for realizing interrupt isolation in a trusted execution environment of RISC-V architecture, which comprises the following steps: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
Preferably, when the interrupt triggers, the interrupt belonging to the interrupt is running, the interrupt delegation of the interrupt is started, and the execution flow automatically jumps to the interrupt processing function configured by the Enclave according to the definition of RISC-V architecture.
Preferably, in the Enclave self configuration, the interrupt handling function jump-in port is configured by modifying the value of the stvec register or the stvt register.
Preferably, when the interrupt triggers, if the interrupt of the interrupt home is not executed, the interrupt delegation of the interrupt is not started, and the monitor is responsible for switching the execution flow to the interrupt home, and the interrupt triggers at the moment when the monitor sags to the interrupt home, according to the RISC-V architecture definition.
Preferably, when an interrupt spans an Enclave, interrupt return is accomplished using a processing stub function that forwards the interrupt.
Preferably, the processing stub function employs: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before the forwarding interrupt is processed by Enclave, the monitor configures a memory area where the processing stub function is located as executable in a lower privilege mode; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor will switch to a lower privilege mode and simultaneously jump to the function entry that handles the stub function.
Preferably, if the interrupt of the interrupt attribution is not executed when the interrupt trigger is triggered, the interrupt delegation of the interrupt is not started, the monitor is responsible for switching the execution flow to the interrupt attribution, and the instant trigger of the interrupt sinking to the interrupt attribution by the monitor is adopted according to RISC-V architecture definition:
step S1: when the interrupt is triggered, if the interrupt attribution enclaspe is not executed, the execution flow falls down into the security monitor of the M mode;
step S2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
step S3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again;
step S4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of the general purpose registers x1-x31 of the processor during the Enclave running, the system register context comprises the values of the privileged registers mie, mip, mstatus, mepc, and the system register context of the interrupt attribution Enclave is restored;
step S5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
step S6: at the moment of switching to the lower privilege mode, the interrupt is triggered and is processed by an interrupt processing function specified by the interrupt attribution enclaspe itself; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
According to the present invention, there is provided a system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture, comprising: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
Preferably, when the interrupt is triggered, the interrupt belonging to the Enclave is running, the interrupt entrusting of the interrupt is started, and the execution flow automatically jumps to an interrupt processing function configured by the Enclave according to the definition of a RISC-V architecture;
in the Enclave self-configuration, configuring an interrupt processing function jump-in port by modifying the value of the stvec register or the stvt register;
when interrupt triggering is performed, if interrupt attribution Enclave is not executed, interrupt delegation of the interrupt is not started, the monitor is responsible for switching an execution flow to the interrupt attribution Enclave, and according to RISC-V architecture definition, the interrupt is triggered at the moment that the monitor sags to the interrupt attribution Enclave;
when the interrupt spans Enclave, completing interrupt return by using a processing stub function for forwarding the interrupt;
the processing pile function adopts: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before the forwarding interrupt is processed by Enclave, the monitor configures a memory area where the processing stub function is located as executable in a lower privilege mode; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor will switch to a lower privilege mode and simultaneously jump to the function entry that handles the stub function.
Preferably, if the interrupt of the interrupt attribution is not executed when the interrupt trigger is triggered, the interrupt delegation of the interrupt is not started, the monitor is responsible for switching the execution flow to the interrupt attribution, and the instant trigger of the interrupt sinking to the interrupt attribution by the monitor is adopted according to RISC-V architecture definition:
step S1: when the interrupt is triggered, if the interrupt attribution enclaspe is not executed, the execution flow falls down into the security monitor of the M mode;
step S2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
step S3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again;
step S4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of general purpose registers x1-x31 of the processor during the Enclave running, the system register context package mie, mip, mstatus, mepc and other privileged registers, and the system register context of the interrupt attribution Enclave is restored;
step S5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
step S6: at the moment of switching to the lower privilege mode, the interrupt is triggered and is processed by an interrupt processing function specified by the interrupt attribution enclaspe itself; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention ensures that each isolation area can only detect and process the interrupt belonging to the current isolation area by dynamically configuring the interrupt processing mode, namely the interrupt commission mentioned later, and can process the interrupt in the S mode as much as possible, thereby ensuring the safety and improving the performance;
2. according to the method and the device, the pile processing function is constructed, so that the isolation area can automatically jump back to the position before interrupt triggering after interrupt processing is completed, and the interrupt processing process is transparent to the original business logic of different isolation areas.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:
FIG. 1 is a flow chart of a method for implementing interrupt isolation in a RISC-V architecture.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.
Example 1
According to the present invention, a method for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture is provided, as shown in fig. 1, including: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave, so that extra subsidence is avoided to improve the performance; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
The monitor dynamically configures interrupt delegation to ensure that enclase can only perceive interrupts associated with itself; the interruption is prevented from being perceived by enclaspers which do not belong to the system, so that the overall safety of the system is improved; unnecessary sagging is reduced, and the performance loss of interrupt processing is reduced;
specifically, when interrupt triggering, interrupt attribution's Enclave is being run, interrupt delegation of interrupt is opened, and execution flow automatically jumps to an interrupt processing function configured by Enclave according to definition of RISC-V architecture.
Specifically, in the Enclave self configuration, the interrupt handling function jump-in port is configured by modifying the value of the stvec register or the stvt register.
Specifically, when the interrupt triggers, if the interrupt belonging to the Enclave is not executed, the interrupt delegation of the interrupt is not started, the monitor is responsible for switching the execution flow to the interrupt belonging to the Enclave, and the interrupt triggers at the moment that the monitor sags to the interrupt belonging to the Enclave according to the RISC-V architecture definition.
Specifically, when an interrupt spans an Enclave, interrupt return is accomplished using a processing stub function that forwards the interrupt.
Monitor call (ECALL) to define the completion of forwarding interrupt processing at the monitor: the ECALL is used by Enclave, indicating that the current Enclave has completed processing a forwarding interrupt;
specifically, the processing stake function adopts: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before forwarding the interrupt by Enclave, the monitor configures the memory area where the processing stub function is located to be executable in a lower privilege mode meeting preset conditions; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor switches to a lower privilege mode meeting preset conditions and jumps to a function entry for processing the stub function at the same time. The monitor call, which is called in the stub function and only forwards the interrupt processing completion, is processed, and no other logic is included.
Specifically, the interrupt delegate of the interrupt is not opened, the monitor is responsible for switching the execution flow to the interrupt-home Enclave, and the interrupt is triggered by the instant the monitor sags to the interrupt-home Enclave according to the RISC-V architecture definition:
step S1: when the interrupt is triggered, the original Enclave is running, and because the interrupt belongs to another Enclave and is not exposed to the original Enclave through the interrupt delegation, the execution flow falls down into the security monitor in the M mode;
step S2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
step S3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again; typically, the hardware uses a bit to indicate the current particular interrupt state. If the value of the bit is 0, the interrupt corresponding to the bit is not triggered; in contrast, if the bit has a value of 1, it is indicated that the interrupt corresponding to the bit is triggering. Setting the interrupt state refers to setting the bit represented by the interrupt state to 1 manually.
Step S4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of general purpose registers x1-x31 of the processor during the Enclave running, the system register context package mie, mip, mstatus, mepc and other privileged registers, and the system register context of the interrupt attribution Enclave is restored;
step S5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
step S6: at the moment of switching to a lower privilege mode meeting preset conditions, the interrupt is triggered and is processed by an interrupt processing function appointed by the interrupt attribution enclaspe; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
According to the present invention, there is provided a system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture, comprising: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave, so that extra subsidence is avoided to improve the performance; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
The monitor dynamically configures interrupt delegation to ensure that enclase can only perceive interrupts associated with itself; the interruption is prevented from being perceived by enclaspers which do not belong to the system, so that the overall safety of the system is improved; unnecessary sagging is reduced, and the performance loss of interrupt processing is reduced;
specifically, when interrupt triggering, interrupt attribution's Enclave is being run, interrupt delegation of interrupt is opened, and execution flow automatically jumps to an interrupt processing function configured by Enclave according to definition of RISC-V architecture.
Specifically, in the Enclave self configuration, the interrupt handling function jump-in port is configured by modifying the value of the stvec register or the stvt register.
Specifically, when the interrupt triggers, if the interrupt belonging to the Enclave is not executed, the interrupt delegation of the interrupt is not started, the monitor is responsible for switching the execution flow to the interrupt belonging to the Enclave, and the interrupt triggers at the moment that the monitor sags to the interrupt belonging to the Enclave according to the RISC-V architecture definition.
Specifically, when an interrupt spans an Enclave, interrupt return is accomplished using a processing stub function that forwards the interrupt.
Monitor call (ECALL) to define the completion of forwarding interrupt processing at the monitor: the ECALL is used by Enclave, indicating that the current Enclave has completed processing a forwarding interrupt;
specifically, the processing stake function adopts: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before forwarding the interrupt by Enclave, the monitor configures the memory area where the processing stub function is located to be executable in a lower privilege mode meeting preset conditions; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor switches to a lower privilege mode meeting preset conditions and jumps to a function entry for processing the stub function at the same time. The monitor call, which is called in the stub function and only forwards the interrupt processing completion, is processed, and no other logic is included.
Specifically, the interrupt delegate of the interrupt is not opened, the monitor is responsible for switching the execution flow to the interrupt-home Enclave, and the interrupt is triggered by the instant the monitor sags to the interrupt-home Enclave according to the RISC-V architecture definition:
module M1: when the interrupt is triggered, the original Enclave is running, and because the interrupt belongs to another Enclave and is not exposed to the original Enclave through the interrupt delegation, the execution flow falls down into the security monitor in the M mode;
module M2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
module M3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again; typically, the hardware uses a bit to indicate the current particular interrupt state. If the value of the bit is 0, the interrupt corresponding to the bit is not triggered; in contrast, if the bit has a value of 1, it is indicated that the interrupt corresponding to the bit is triggering. Setting the interrupt state refers to setting the bit represented by the interrupt state to 1 manually.
Module M4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of general purpose registers x1-x31 of the processor during the Enclave running, the system register context package mie, mip, mstatus, mepc and other privileged registers, and the system register context of the interrupt attribution Enclave is restored;
module M5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
module M6: at the moment of switching to a lower privilege mode meeting preset conditions, the interrupt is triggered and is processed by an interrupt processing function appointed by the interrupt attribution enclaspe; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
Those skilled in the art will appreciate that the systems, apparatus, and their respective modules provided herein may be implemented entirely by logic programming of method steps such that the systems, apparatus, and their respective modules are implemented as logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc., in addition to the systems, apparatus, and their respective modules being implemented as pure computer readable program code. Therefore, the system, the apparatus, and the respective modules thereof provided by the present invention may be regarded as one hardware component, and the modules included therein for implementing various programs may also be regarded as structures within the hardware component; modules for implementing various functions may also be regarded as being either software programs for implementing the methods or structures within hardware components.
The foregoing describes specific embodiments of the present invention. It is to be understood that the invention is not limited to the particular embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without affecting the spirit of the invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily without conflict.
Claims (10)
1. A method for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture, comprising: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
2. The method for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture according to claim 1, wherein when an interrupt is triggered, an interrupt belonging Enclave is being run, an interrupt delegate of the interrupt is opened, and the execution flow automatically jumps to an interrupt handling function configured by the Enclave according to the definition of the RISC-V architecture.
3. The method of claim 2, wherein in the Enclave self-configuration, the interrupt handling function jumps into the port by modifying the value of the stvec register or the stvt register.
4. The method of claim 1, wherein, if the interrupt is not executed, the interrupt proxy for the interrupt is not turned on, and the monitor is responsible for switching the execution flow to the interrupt-owned Enclave, and the interrupt is triggered at the moment the monitor sags to the interrupt-owned Enclave according to the RISC-V architecture definition.
5. The method of claim 1, wherein the interrupt return is accomplished using a processing stub function that forwards the interrupt when the interrupt crosses Enclave.
6. The method of claim 5, wherein the processing stub function employs: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before the forwarding interrupt is processed by Enclave, the monitor configures a memory area where the processing stub function is located as executable in a lower privilege mode; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor will switch to a lower privilege mode and simultaneously jump to the function entry that handles the stub function.
7. The method of claim 4, wherein if the interrupt is not executed, the interrupt proxy is not turned on, the monitor is responsible for switching the execution flow to the interrupt-owned Enclave, and the interrupt is triggered at the moment the monitor sags to the interrupt-owned Enclave according to the definition of the RISC-V architecture by:
step S1: when the interrupt is triggered, if the interrupt attribution enclaspe is not executed, the execution flow falls down into the security monitor of the M mode;
step S2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
step S3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again;
step S4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of the general purpose registers x1-x31 of the processor during the Enclave running, the system register context comprises the values of the privileged registers mie, mip, mstatus, mepc, and the system register context of the interrupt attribution Enclave is restored;
step S5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
step S6: at the moment of switching to the lower privilege mode, the interrupt is triggered and is processed by an interrupt processing function specified by the interrupt attribution enclaspe itself; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
8. A system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture, comprising: when the interruption is triggered, when the currently operated Enclave is the Enclave to which the interruption belongs, the current interruption is directly processed in the current Enclave; when the currently running Enclave is not the Enclave to which the interrupt belongs, the monitor schedules the Enclave to which the interrupt belongs to handle the current interrupt.
9. The system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture according to claim 8, wherein when an interrupt is triggered, an interrupt belonging Enclave is being run, an interrupt delegate for the interrupt is opened, and the execution flow automatically jumps to an interrupt handling function configured by the Enclave according to the definition of the RISC-V architecture;
in the Enclave self-configuration, configuring an interrupt processing function jump-in port by modifying the value of the stvec register or the stvt register;
when interrupt triggering is performed, if interrupt attribution Enclave is not executed, interrupt delegation of the interrupt is not started, the monitor is responsible for switching an execution flow to the interrupt attribution Enclave, and according to RISC-V architecture definition, the interrupt is triggered at the moment that the monitor sags to the interrupt attribution Enclave;
when the interrupt spans Enclave, completing interrupt return by using a processing stub function for forwarding the interrupt;
the processing pile function adopts: in the initial state, the processing pile function is positioned in a memory area which is only readable and writable by the monitor; before the forwarding interrupt is processed by Enclave, the monitor configures a memory area where the processing stub function is located as executable in a lower privilege mode; after the forwarding interrupt is processed by Enclave, the monitor withdraws the executable rights of the lower privilege mode in the lower privilege mode of the memory area where the processing stub function is located;
when the monitor processes the forwarding interrupt, the monitor will switch to a lower privilege mode and simultaneously jump to the function entry that handles the stub function.
10. The system for implementing interrupt isolation in a trusted execution environment of a RISC-V architecture of claim 9, wherein if an interrupt-home Enclave is not executed at the time of interrupt triggering, interrupt delegation of the interrupt is not turned on, the monitor is responsible for switching execution flow to the interrupt-home Enclave, and the interrupt is triggered at the instant the monitor sags to the interrupt-home Enclave according to the RISC-V architecture definition by:
step S1: when the interrupt is triggered, if the interrupt attribution enclaspe is not executed, the execution flow falls down into the security monitor of the M mode;
step S2: the safety monitor checks whether the enclaspe to which the interrupt belongs exists or not, if not, the error is reported, and the original execution enclaspe is returned after the interrupt state is cleared; when the interrupt exists, starting an interrupt commission of the current interrupt;
step S3: the safety monitor checks the interrupt trigger type, and if the interrupt trigger type is edge trigger, the interrupt state is set again;
step S4: the security monitor backs up the execution context of the original Enclave and the system register context, wherein the execution context comprises the values of general purpose registers x1-x31 of the processor during the Enclave running, the system register context package mie, mip, mstatus, mepc and other privileged registers, and the system register context of the interrupt attribution Enclave is restored;
step S5: the safety monitor configures a memory area where the forwarding interruption processing pile function is located as an S-mode executable, and jumps to the forwarding interruption processing pile function while switching to the S-mode;
step S6: at the moment of switching to the lower privilege mode, the interrupt is triggered and is processed by an interrupt processing function specified by the interrupt attribution enclaspe itself; after the processing is completed, the interrupt processing function of the interrupt attribution enclaspe switches the execution flow to an entry of the forwarding interrupt processing stub function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310251652.1A CN116305089A (en) | 2023-03-15 | 2023-03-15 | Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310251652.1A CN116305089A (en) | 2023-03-15 | 2023-03-15 | Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116305089A true CN116305089A (en) | 2023-06-23 |
Family
ID=86812751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310251652.1A Pending CN116305089A (en) | 2023-03-15 | 2023-03-15 | Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116305089A (en) |
-
2023
- 2023-03-15 CN CN202310251652.1A patent/CN116305089A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2901355B1 (en) | A data processing apparatus and method for protecting secure data and program code from non-secure access when switching between secure and less secure domains | |
| JP6209611B2 (en) | Exception handling in data processing equipment with secure and less secure domains | |
| EP2812836B1 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| KR102192835B1 (en) | Security protection of software libraries in a data processing apparatus | |
| US9202071B2 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| US7882293B2 (en) | Interrupt masking control | |
| US20220366037A1 (en) | Domain transition disable configuration parameter | |
| CN106874072B (en) | Embedded operating system partition virtual interrupt processing method based on PowerPC processor | |
| CN116305089A (en) | Method and system for realizing interrupt isolation in trusted execution environment of RISC-V architecture | |
| US8209565B2 (en) | Data processing device and bus access control method therein | |
| JP4563707B2 (en) | Memory protector | |
| EP4073635B1 (en) | Intermodal calling branch instruction | |
| JPH01180656A (en) | Memory protecting device | |
| JPH07104999A (en) | Microcomputer | |
| JP2000347940A (en) | Memory managing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |