On 8/14/20 8:13 PM, Jan Kiszka wrote: >> >> If we have a universal binary, there will be a jailhouse disable will be >> present in the beginning. Once we decide freeze the configuration, drop >> it. If we make those things compile-time configurable, then it has >> potential to become a variant hell. > > Dropping significant code chunks from a root-less jailhouse.bin would be > a valuable reason for such a config variant. You do not have to argue > over things that are provably not there.
With my approach, things are (provably) not there in the operative phase. It depends when you want to attest your system. In the same way, you could also argue that Linux, U-boot, the firmware, whatever has been there before you made your attest. What are the parts you could drop during compile time? For system partitioning / cell creation, you definitely need to execute the code at least once - you can not drop it during compile time. But after execution, you can drop it. In the same way, you can drop init_early, ... and others. The only part that you could drop during compile time would probably be the whole disabling logic. Let me try to show what I had in mind: https://github.com/lfd/jailhouse/tree/detention/rfc That's a very early hack of what I was thinking about. The idea is as follows: Simply lock access to the hypercall subsystem, after the new detention hypercall was issued. With this, we can remove everything, that is only reachable from the interface. Runs on Qemu. For the Intel version of the hypervisor, before that patch, the .text section contained 48182 bytes, with that patch, 40616 byte remain in .text, the rest can be dropped. 16% less assembly, and I'm sure we can find way more routines that can be annotated: init stuff, pagers, ... Ah by the way, what I realised during my experiments: The .text section of Jailhouse is RW mapped. I wondered that I didn't receive an exception when I tried to overwrite code. Is that intended? Ralf -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/314fbb96-7032-ee8f-8926-de3a667bddee%40oth-regensburg.de.
