Kernel Cap

2015 programmer’s guide:

  • Kernel itself makes only minor use of capabilities;
  • Kernel is not currently compiled with a capability-aware compiler;
  • kernel threads do not have full capability-register-file state in their own PCBs.

EG: A hardcoded kernel capability1:

/*
 * Definition for a highly privileged kernel capability able to name the
 * entire address space, and suitable to derive all other kernel-related
 * capabilities from, including sealing capabilities.
 */
#define	CHERI_CAP_KERN_PERMS						\
	(CHERI_PERMS_SWALL | CHERI_PERMS_HWALL)
#define	CHERI_CAP_KERN_BASE		0x0
#define	CHERI_CAP_KERN_LENGTH		0xffffffffffffffff
#define	CHERI_CAP_KERN_OFFSET		0x0
  • Grep Cap

    • Reference: 1 reference ↩

  1. cherireg.h ↩
Created Jul 9, 2019 // Last Updated Oct 27, 2019

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?