Reference 1
ISAv7 ch3.8.3 Virtual Memory -> Authorizing MMU Control
- CHERI controls the use of privileged instructions and control registers that configure the MMU:
Access_System_Registers
permission must be present onPCC
;- for software managed-TLB, retrieving and inserting TLB entries also requires above permission on PCC/KCC/KDC;
- for hardware page-table walker, CHERI currently does not control memory acecesses performed by the walker via physical addresses.
ISAv7 ch3.8.3
Permission checking of TLB or PTE is extended with two new page permissions.
Page-Table Load Capability Permission. Permit loading tagged capability if this bit is set and read perm also exists. Otherwise, tag is stripped before register write back.
Page-Table Store Capability Permission. Permit store tagged capability if this bit is set and write perm also exists. Otherwise, exception. (could allow dynamic capability tracking using this perm bit)
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?