Paper: The HitchHiker’s Guide to Protect System Observability with Fast Permission Switches and High Assurance Environment
This document accompanies the paper and describes how to set up an environment that can be used to run the functional prototype that we described in the paper.
This functional prototype relies on ARM Fixed Virtual Platform (FVP) that supports the simulation of the whole system and Granule Protection Table (GPT)-based memory protection.
We provide an ARM64 Ubuntu 20.04 virtual machine at this link, which will be released after the paper's publication. Alternatively, you can set up the environment manually based on the scripts. We assume the host is running Ubuntu 20.04.
NOTE: The current setup lacks the required dependencies such as the root filesystem. Running the setup scripts will cause faults. We will release all the required dependencies after the paper's publication.
- Workspace configuration
The file scripts/config.sh as well as the directory configs/ contain all the configurations needed for the building toolchain.
Note that we will release our root file system image for the FVP after the paper's publication.
Currently, it is replaced with the Linaro openembedded image.
#!/bin/bash
# packages & sources
export CROSS_COMPILE_SRC="https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu-a/10.3-2021.07/binrel/gcc-arm-10.3-2021.07-x86_64-aarch64-none-elf.tar.xz"
export CROSS_COMPILE_SRC_AARCH64="https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu-a/10.3-2021.07/binrel/gcc-arm-10.3-2021.07-aarch64-aarch64-none-elf.tar.xz"
export FVP_SRC="https://armkeil.blob.core.windows.net/developer/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.19_14_Linux64.tgz"
export FVP_SRC_AARCH64="https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.20_15_Linux64_armv8l.tgz"
export TF_A_SRC="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted-firmware-a-arm_cca_v0.3.tar.gz"
export ARM_REF_PLAT_SRC="https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git"
export DEV_WORKSPACE_SRC="https://git.linaro.org/landing-teams/working/arm/manifest"
export ARN_UBUNTU_IMG_SRC="https://old-releases.ubuntu.com/releases/focal/ubuntu-20.04-live-server-arm64.iso"
export LINARO_CROSS_COMPILE_SRC="https://releases.linaro.org/components/toolchain/binaries/6.2-2016.11/aarch64-linux-gnu/gcc-linaro-6.2.1-2016.11-x86_64_aarch64-linux-gnu.tar.xz"
export LINARO_CROSS_COMPILE_GNUEABIHF_SRC="https://releases.linaro.org/components/toolchain/binaries/6.2-2016.11/arm-linux-gnueabihf/gcc-linaro-6.2.1-2016.11-x86_64_arm-linux-gnueabihf.tar.xz"
export OELAMP_IMG_SRC="https://releases.linaro.org/openembedded/juno-lsk/15.09/lt-vexpress64-openembedded_lamp-armv8-gcc-4.9_20150912-729.img.gz"
# SH
export SH="/bin/bash"
# project structure directories
export SCRIPT_DIR="(dirname(dirname (readlink -f "$0"))"
export PROJ_DIR="(dirname(dirname SCRIPT_DIR)"
export SRC_DIR=$PROJ_DIR/src
export EL2TEST_DIR=$SRC_DIR/empirical_el2
export EMU_DIR=$PROJ_DIR/emulate
export PROJ_CONF_DIR=$PROJ_DIR/configs
export THIRD_PARTY_DIR=$PROJ_DIR/third-parties
export DBG_DIR=$PROJ_DIR/debug
export LOG_DIR=$PROJ_DIR/debug/logs
# package dsts
export CROSS_COMPILE_DIR="gcc-arm-10.3-2021.07-x86_64-aarch64-none-elf"
export CROSS_COMPILE_DIR_AARCH64="gcc-arm-10.3-2021.07-aarch64-aarch64-none-elf"
export FVP_DIR="Base_RevC_AEMvA_pkg"
export TF_A_DIR="trusted-firmware-a-arm_cca_v0.3"
export TF_EVA_DIR="arm-tf"
export ARM_REF_PLAT_DIR="arm-reference-platforms"
export LINUX_DISTRO_IMG="ubuntu-20.04-live-server-arm64.iso"
export OELAMP_IMG="lt-vexpress64-openembedded_lamp-armv8.img"
export SATA_DIR="satadisks"
...- Software stack download
Run the script scripts/env_fetch.sh to see the commands.
$ ./scripts/env_fetch.sh
$ Usage: ./env_fetch.sh [all | cross_compile | prerequisite | fvp_model | tf]Directly type the command ./scripts/env_fetch all to install all the required dependencies.
- Software stack installation
Run the script scripts/env_build.sh and scripts/atf_build.sh to see the commands.
$ ./scripts/env_build.sh
Usage: env_build.sh -s <software> -p [juno|fvp] <command>
env_build.sh: Builds the platform software stack with the
targeted software component.
Supported softwares are - linux/uboot/all
Supported build commands are - clean/build/package/allType the command ./scripts/env_build.sh -s all -p fvp all to build the FVP environment.
$ ./scripts/atf_build.sh
Usage: atf_build.sh -p [juno|fvp] [all] [-e]
atf_build.sh: Builds the arm-trusted-firmware for the
target system environment.Type the command ./scripts/atf_build.sh -p fvp all to build the secure monitor environment.
- Start the environment
$ ./scripts/start.shRun the HitchHiker observability generator (logger):
$ /data/hitchhiker_user
Usage: ./hitchhiker_user [OPTIONS]
OPTIONS:
--time, -t [SECONDS] Run the hitchhiker observability logger program for [SECONDS] seconds. Ignored by default.
--interval, -i [MICROSECONDS] Set the hitchhiker protection scheme interval to [MICROSECONDs] us (default 1000us).
--only-comm, -c [STRING] Only trace the program named [STRING].
--only-pid, -p [PID] Only trace the process with pid [PID].
--eval, -e Run in evaluation mode.
--hhkrd, -d Enable Hitchhiker daemon.
--audit-log, -s Enable audit (syscall) log.
--app-log, -a Enable application log.
--net-log, -n Enable network log.
--help, -h Show this help message and exit.Start the Hitchhiker daemon:
$ /data/hhkrd_loaderEvaluation scripts for the server-side programs and Wget are under the directory eva-scripts/.
The detailed setup for the applications can be found at docs/applications.md.
phoronix-test-suite benchmark pts/openssl- 7-zip
phoronix-test-suite benchmark pts/compress-7zip- GNU Octave
phoronix-test-suite benchmark system/octave-benchmark