(security.apple.com)

489 points circuit | 2 comments | 09 Sep 25 18:25 UTC | HN request time: 0.434s | source

Show context

rdtsc ◴[09 Sep 25 20:22 UTC] No.45188340[source]▶

>>45186265 (OP) #

1988 called and wants it memory tagging back https://www.devever.net/~hl/ppcas !

But yeah this was support for a the longest time by IBM basically. It's nice to see it's getting more widespread.

replies(4): >>45188645 #>>45188846 #>>45189034 #>>45190594 #

1. bri3d ◴[09 Sep 25 20:50 UTC] No.45188846[source]▶

>>45188340 #

The problem with PowerPC AS tagging was that it relied entirely on the trap instruction. If you could control execution at all, you could skip the trap instruction and it did nothing. This implementation, by my reading, essentially adds a synchronous trap instruction after every single load and store, which builds a real security boundary (even compared to Android MTE, where reads would trap but writes were only checked at the next context switch).

replies(1): >>45203668 #

2. rdtsc ◴[10 Sep 25 21:02 UTC] No.45203668[source]▶

>>45188846 (TP) #

Yeah, the security part wasn't baked into the hardware. It relied on the OS (it ran a virtualization layer of sorts) to enforce it via traps if it set those traps.

From https://www.devever.net/~hl/ppcas

> As such, they can principally be viewed as providing a performance enhancement for the IBM i operating system, which uses these instructions to keep track of pointer validity. It is the IBM i OS which enforces security invariants, for example by always following every pointer LQ with a TXER.

↑

Memory Integrity Enforcement