Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
1 like351 views
The document discusses Arm's Morello architecture, which introduces hardware support for capabilities to enhance memory protection and security, based on the CHERI architecture from the University of Cambridge. It outlines the development of a Morello platform and associated software, including a fixed virtual platform (FVP) model to support ecosystem software development, while highlighting various enablement activities and release timelines for software components. Additionally, Arm collaborates with Linaro to provide infrastructure and maintenance for Morello software throughout the project's lifecycle.
Morello Software and Toolchain Work in Arm - Mark Nicholson, Arm
- 1. © 2020 Arm Limited (or its affiliates) Mark Nicholson: Senior Software Technology Manager Arm Central Engineering: Open Source Software March 2020 Morello software and toolchain work in Arm
- 2. 2 © 2020 Arm Limited (or its affiliates) Introduction • Morello and software security • Morello introduces hardware support for Capabilities – Pointers with associated limitations on allowable address ranges and functionality – Enables development of fine grained memory protection using Compartments • Based on the CHERI architecture developed by the University of Cambridge – University Cambridge Morello extended FreeBSD stack under development • https://developer.arm.com/architectures/cpu-architecture/a-profile/morello Morello is a prototype architecture • Morello specific software will not be upstreamed, but will be maintained for the lifetime of the project • Arm are creating an experimental Morello platform implementation • Enables eco system research on viability of future Capability architectures and approaches to security • A software model (FVP) and development board will be produced • Open Source Software is being developed to support the platform • Arm and consortium Partners funded by UKRI (https://www.ukri.org/) grant
- 3. 3 © 2020 Arm Limited (or its affiliates) Overview – Arm software enablement activities Platforms and milestones General platform Enablement Morello Architecture Enablement Linaro and ecosystem access AArch64 platform software stacks Platform ports for firmware. Operating System support. Hardware bring up FPGA, SoC, development board. SBSA compliance testing. Morello architecture support Toolchain, libraries, Kernel development. Prototype userspace examples FVP model Development board Ecosystem software access Infrastructure provision, future engineering support and maintenance October 2020 October 2021 evolving functionality
- 4. 4 © 2020 Arm Limited (or its affiliates) Morello platform model (FVP) A Morello Platform (FVP: Fixed Virtual Platform) model will be available to support ecosystem software development Arm FVP models use binary translation technology to deliver fast simulations of Arm-based systems • Providing a functional (programmer’s view) model of the hardware platform IP implementation • FVPs are an integral part of Arm’s software development process for pre-silicon IP Morello FVP Features Free to access - not subject to hardware availability Supported by same software stacks as hardware platform Models same mix of IP as hardware Functional register level modelling of Morello CPU, and interconnect implementations Memory and interrupt maps and system architecture aligned with hardware Ethernet support Does not provide timing/cycle count information Modelling of some peripheral components is limited or abstracted Typically impacts 3rd party peripherals (PCIe, USB, memory controllers etc)
- 5. 5 © 2020 Arm Limited (or its affiliates) Linux Distro Platform software stacks • Arm will provide platform ports of firmware based on standard open source software projects • Enables boot of standard (AArch64) Operating System hosting development environments – providing a basis for security architecture research • Linux-based Android and Distro environments (e.g. Ubuntu). WinPE boot testing Application Processors Supervisory compute System level IP • Interconnect • GIC • Media (GPU/Display) • Peripherals Trusted Firmware-A • Open source firmware for CPU initialization & system management • Secure runtime interface UEFI/EDK2 Grub bootloader Secure Partition Secure services Application software stack Compute Subsystem IP Supervisory firmware SCP firmware Open Source firmware for system initialization and power control U-Boot Bootloader Android
- 6. 6 © 2020 Arm Limited (or its affiliates) • Morello is a prototype architecture (not available to license for product development) • Support for the C64 instruction set and ABI will be maintained in forks and not upstreamed Software component support for the Morello architecture Early limited interface Reliant on BIONIC library “shim” Generic Kernel ABI definition Developed alongside library support BIONIC Android C lib Early “shimmed” syscall implementation static linkage only BIONIC and glibc development glibc enables Distro environments LLVM toolchain ABI compliant primary toolchain and utilities. (+ gas support for Kernel) GNU/GCC toolchain Evolving support Toolchain support C Library Linux Kernel (Morello ABI 128bit syscall interface) FVP model Development board October 2020 October 2021
- 7. 7 © 2020 Arm Limited (or its affiliates) Planned release features FVP Oct 2020 Dev Board Oct 2021 2021 Dev Board, software feature targets • Kernel and BIONIC evolution • Initial GCC toolchain and GlibC support • Initial Distro support • Graphics enablement Specific timelines and commitments still being identified 2020 FVP, software feature targets • Android focused MVP (Minimum Viable Product) release • LLVM toolchain for Android development • Android “shimmed” BIONIC C library (static linkage only) • Initial userspace ports of specific Android framework components • e.g. logd, servicemanager • Basic compartment manager example Predominately targets console based “nano Android” development • Arm are committed to an initial FVP release in October 2020
- 8. 8 © 2020 Arm Limited (or its affiliates) Ecosystem access to Morello software • Arm are working with Linaro** to provide access to Morello software • Linaro will provide the infrastructure to deliver and maintain Morello software for the life time of the project – Code repositories, issue tracking, patch submission management – Engineering maintenance • How will Morello Software be delivered? • Software and toolchain support for Morello will be hosted in public code repositories (git projects). – New Morello specific repositories for forked components – Firmware support may exist as platform ports in upstream projects • A platform repository will support configuration of a development environments, this will include: • A manifest (or Yocto recipe) for each stack configuration – Defines a set of tagged releases of component projects - tested together as an integrated software stack • Instructions and scripting – Describing how to download/configure a suitable workspace and build the stack ** Linaro are an open source engineering organisation, supporting the Arm ecosystem
- 9. 9 © 2020 Arm Limited (or its affiliates) Cambridge University CheriBSD stack • Parallel DARPA/UKRI sponsored work undertaken by Cambridge University https://www.cl.cam.ac.uk/research/security/cts rd/cheri/cheri-morello.html • Morello-extended FreeBSD and third-party applications • Full memory-safe OS implementation including kernel and userspace, with support for multiple CHERI compartmentalisation models, by October 2020 • Will target both FVP and Morello hardware
- 10. Thank You Danke Merci 谢谢 ありがとう Gracias Kiitos 감사합니다 ध वाद اًشكر תודה © 2020 Arm Limited (or its affiliates)