microsoft / komodo Goto Github PK

Formally-verified reference monitor for a secure isolated execution ("enclave") environment on ARM TrustZone

Home Page: https://www.microsoft.com/en-us/research/project/komodo/

License: Other

Makefile 0.61% C 70.42% Assembly 0.63% Shell 0.03% Python 0.46% Emacs Lisp 0.01% PowerShell 0.12% Boogie 2.08% C# 1.67% F# 0.19% Dafny 23.78%

komodo's Introduction

Project Komodo

Komodo is a research project that implements an SGX-like enclave protection model in formally-verified privileged software, for an ARMv7 TrustZone environment.

Note: this project is not maintained. This repository serves as a complement to the research paper:

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. Komodo: Using verification to disentangle secure-enclave hardware from software. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP '17). 2017. ACM.

Components

Komodo consists of a number of different components:

A minimal Raspberry Pi bootloader (piloader) which loads the monitor in secure world, and then boots an existing OS image (typically Linux) in normal world.
A secure-world monitor program which implements the Komodo protection model. There are two implementations: an early, unverified C/assembly implementation (in the monitor directory), and a formally verified implementation (in the verified directory). The verified implemetnation is built and linked by default.
A Linux kernel driver (driver) which interacts with the monitor using secure monitor calls (SMCs). In the future, it should implement an ioctl interface for user applications to create and execute protected regions, but at present it contains hard-coded test code.

The loader, monitor and kernel are all linked together into a single bootable image (piimage/piimage.img).

Building

Komodo builds on a Linux-like environment, which includes Cygwin and Windows Subsystem for Linux (WSL).

Required tools:

GNU make
An ARM EABI cross-compiler (gcc and binutils), such as this Linaro toolchain
Dafny, Boogie and Z3, which are provided as binaries under tools/dafny
Vale, which is tracked via a git submodule:
1. Run git submodule init && git submodule update
2. Build Vale, making sure to point it at the correct copy of Dafny. (See tools/vale/INSTALL.md for the generic, instructions.)
  1. Install scons, fsharp, nuget and mono-devel packages
  2. cd tools/vale
  3. nuget restore ./tools/Vale/src/packages.config -PackagesDirectory tools/FsLexYacc
  4. Build the vale tool with scons --DAFNYPATH=$PWD/../dafny bin/vale.exe

The supported platform is currently Raspberry Pi 2, either a real board, or a custom QEMU, available from this GitHub branch.

To build komodo (loader, monitor, and Linux driver):

Adjust your environment to taste (e.g. create/edit config.mk and set the variables at the top of the Makefile)
Obtain a suitable Linux kernel image (e.g. from Raspbian), and set GUEST_KERNEL to point to it.
Run make in the top-level directory. Assuming all goes well, this will verify and build the monitor, build the loader, then combine them with the kernel image to create a new bootable blob.
You can use either make install to copy the blob to INSTALLDIR in preparation for booting on a Pi, or make qemu to try booting it in QEMU (e.g. the version linked above).
To build the Linux driver, you'll need the matching kernel sources and config for your Linux image. See here for some basic guidelines. Then make sure that KERNELDIR points to the root of that directory, and run make -C driver to build the driver.
To get the Linux module loaded, you'll need a Linux disk image that includes the driver (driver/komodo.ko). If you have the util-linux and e2tools packages available, you can try setting GUEST_DISKIMG to point to the unmodified Raspbian image and then running make guestdisk/guestdisk.img to (slowly!) copy the driver into place. Faster alternatives include mounting the image as a loopback device and copying the driver over manually.
At present the driver includes a self-contained test enclave, and must be manually loaded via insmod / modprobe to execute its functionality.

To just run verification:

There's a top-level Makefile target make verified which verifies and (if verification succeeds) prints the code for the verified monitor. This also runs verification of noninterference properties (Dafny files under verified/secprop).

License

Komodo is licensed under the MIT license included in the LICENSE.txt file.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

komodo's People

Contributors

Stargazers

Watchers

komodo's Issues

Secure-world cache consistency bug on Raspberry Pi

There's a gremlin lurking in the Raspberry Pi memory system that we haven't yet figured out. The Pi has a TrustZone-capable core, but its memory system (in theory) doesn't distinguish secure-world from normal-world physical addresses. Despite marking all secure-world PTEs as using not-secure physical addresses and setting the NS bit on the page-table base register, the caches do not always appear to be consistent between normal world and secure world.

There are a number of explicit cache flushes in the Linux driver when creating enclaves to work around this problem, but it still occasionally surfaces as a page fault on the first execution of a new enclave.

secure kernel init fails

Just tried running komdo (not-verfied version) on qemu and it fails after initializing TTBR0 in secure_world_init func. I tried debugging it but gdb ignores my breakpoints (I set them after a short run and then interrupting) or for some functions shows "Cannot find bounds of current function" (maybe stack corruption?). Also serial_putc works but not console_puts for at least console debugging.
-tried both (arm-none-eabi-) and (gcc-linaro-4.9-2016.02-x86_64_arm-eabi-) toolchains for compiling and gdb.

Wrap core of SHA in a function call

This would substantially reduce the code size of the monitor. Since vale doesn't support calls, we'd need to specify/verify a function call/return sequence, and manually print the code for it.

stuck in RNG wait for test word

Hello, I used the recommended raspbian image(2016-05-10-raspbian-jessie) and the custom QEMU (b479fb060fe3f3090221a94fe9071c3cd2b207f0) to run Komodo on QEMU, but it is still stuck.

When I run Komodo on QEMU, it is stuck with the message "RNG wait for test word".
I searched for the message in Komodo's source code and deleted the infinite loop about checking RNG status.
Then, running Komodo on QEMU is stuck with the message "Uncompressing Linux... done, booting the kernel."

Before running QEMU, I copied config.txt and piimage.txt inside the guestdisk's FAT boot partition.
For GUEST_KERNEL, I used the kernel7.img inside the raspbian image.
Do I need to change any content in config.txt in piiamge folder before I copy it in the FAT boot partition?
Currently, the contents in my config.txt is as follows (default).
kernel=piimage.img
kernel_address=0
kernel_old=1

Thank you in advance.

make -C driver

When we run make -C driver to build the driver.
,there is something wrong.
xx@xx:~/Komodo$ make -C driver
make: Entering directory '/home/xx/Komodo/driver'
make -C /home/xx/Komodo/linux M=/home/xx/Komodo/driver modules
make[1]: Entering directory '/home/xx/Komodo/linux'
make[2]: *** No rule to make target '/home/xx/Komodo/driver/enc.elfbin', needed by '/home/xx/Komodo/driver/komodo.o'. Stop.
Makefile:1522: recipe for target 'module/home/xx/Komodo/driver' failed
make[1]: *** [module/home/xx/Komodo/driver] Error 2
make[1]: Leaving directory '/home/xx/Komodo/linux'
Makefile:17: recipe for target 'default' failed
make: *** [default] Error 2
make: Leaving directory '/home/xx/Komodo/driver'
So,which version of kernel sources for raspberrypi should I use?
who can help me?
Thank you very much!

./verified/remove.vad(76,56): Error: assertion violation

when I make verified,there is a error in remove.vad,line 76
line76: assert extractPageDbEntry(this.m, as_page) ==
extractPageDbEntry(old(this.m), as_page);
I do not kown why?
who can help me?
Thank you very much!

There was a problem when running make in the top-level directory

Is there any test enclave I can use？

I get stuck with "make -C driver" which requires an enclave image enc.elfbin.

If there isn't any enclave that I can use, is it impossible for me to build this project completely?

"make install" or "make qemu" with errors

My OS is Win10 1709 (build 16299.64) with WSL, cross compiler is arm-linux-gnueabi-gcc (gcc version 5.4.0 20160609 (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4))
I can build the Komodo with make, but "make install" or "make qemu" with errors as follows: what is the reason, and how can I sovle the promble? thank you!

Dafny program verifier finished with 19 verified, 0 errors, 1 time out
verified/subdir.mk:39: recipe for target 'verified/ptebits.i.verified' failed
make: *** [verified/ptebits.i.verified] Error 4
chengzi@DESKTOP-332RUUV:/mnt/c/Komodo/Komodo$ make install
tools/dafny/Dafny.exe /trace /errorTrace:0 /timeLimit:90 /ironDafny /allocated:1 /induction:1 /proverOpt:OPTIMIZE_FOR_BV=true /noNLarith /compile:0 verified/ptebits.i.dfy && touch verified/ptebits.i.verified
[TRACE] Using prover: C:\Komodo\Komodo\tools\dafny\z3.exe
Dafny program verifier version 1.9.9.40414, Copyright (c) 2003-2017, Microsoft.
Parsing verified/ptebits.i.dfy
Coalescing blocks...
Inlining...

Running abstract interpretation...
[0.1406426 s]
[TRACE] Using prover: C:\Komodo\Komodo\tools\dafny\z3.exe
Prover error: line 1 column 1: unexpected character
Prover error: line 1 column 2: unexpected character
Prover error: line 1 column 3: unexpected character

Verifying CheckWellformed$$_module.__default.L2PTE__CONST__WORD ...
[2.258 s, 2 proof obligations] verified

Verifying Impl$$_module.__default.lemma__ARM__L2PTE__PageMask ...
[1.028 s, 5 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__ARM__L2PTE__helper ...
[1.018 s, 6 proof obligations] verified
checking split 1/0, NaN%, (cost:144572/17) ...
--> split #0 done, [0.4899465 s] Valid
checking split 2/0, NaN%, (cost:262698/38) ...
--> split #1 done, [90.4738758 s] TimeOut

Verifying Impl$$_module.__default.lemma__ARM__L2PTE__helper ...
[93.526 s, 80 proof obligations] timed out
verified/ptebits.i.dfy(18,6): Verification of 'Impl$$_module.__default.lemma__ARM__L2PTE__helper' timed out after 90 seconds

Verifying CheckWellformed$$_module.__default.lemma__ARM__L2PTE ...
[3.361 s, 7 proof obligations] verified
checking split 1/0, NaN%, (cost:6409/18) ...
--> split #0 done, [0.4688025 s] Valid
checking split 2/0, NaN%, (cost:17784/34) ...
--> split #1 done, [0.5469637 s] Valid

Verifying Impl$$_module.__default.lemma__ARM__L2PTE ...
[3.567 s, 63 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__l1ptesmatch ...
[1.065 s, 9 proof obligations] verified

Verifying Impl$$_module.__default.lemma__l1ptesmatch ...
[3.739 s, 126 proof obligations] verified

Verifying CheckWellformed$$_module.__default.NOT__KOM__MAPPING__X ...
[1.143 s, 9 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__nonexec__mapping ...
[1.006 s, 2 proof obligations] verified

Verifying Impl$$_module.__default.lemma__nonexec__mapping ...
[3.189 s, 89 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__BitOrNineIsLikePlus_k ...
[1.037 s, 1 proof obligation] verified

Verifying Impl$$_module.__default.lemma__BitOrNineIsLikePlus_k ...
[1.122 s, 4 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__BitOrNineIsLikePlus ...
[1.018 s, 3 proof obligations] verified

Verifying Impl$$_module.__default.lemma__BitOrNineIsLikePlus ...
[3.411 s, 15 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__ARM__L1PTE__Dual ...
[1.018 s, 2 proof obligations] verified
checking split 1/0, NaN%, (cost:87/3) ...
--> split #0 done, [0.8649987 s] Valid

Verifying Impl$$_module.__default.lemma__ARM__L1PTE__Dual ...
[2.696 s, 9 proof obligations] verified

Verifying CheckWellformed$$_module.__default.mkAbsL1PTE ...
[1.330 s, 6 proof obligations] verified

Verifying CheckWellformed$$_module.__default.lemma__l2indexFromMapping__shifts ...
[1.122 s, 8 proof obligations] verified

Verifying Impl$$_module.__default.lemma__l2indexFromMapping__shifts ...
[2.333 s, 33 proof obligations] verified

Avoid needless TLB flushes in SVC handler

Prove that SHA code (and the SVC handlers that wrap it) preserve TLB consistency, and thus avoid needless TLB flushes in those SVC handlers.

correct unmodified Raspbian image

Hello. I am trying to install and run Komodo in QEMU environment.
In readme, it is mentioned that
GUEST_DISKIMG should point to the unmodified Raspbian image.
Howver, there are a lot of Raspbian images in http://downloads.raspberrypi.org/raspbian/images/.
I've tested with several ones, but they all failed to run Komodo.

Could you please inform that which Raspbian image should I use?
If it is possible, I hope to know the exact version of Raspbian image which Komodo's developers have used.
Thanks in advance.

Avoid needless register save/restore in entry path

Prove that user execution cannot alter any of:

banked registers for FIQ and IRQ modes
banked SP registers for modes other than monitor and user mode

Then, use that lemma where needed in the enclave entry/return path, rather than needlessly saving and restoring the register values.

make -C driver

enc.elfbin

I would like to make a full build in order to understand how Komodo works. So far I get stuck with

"make -C driver"

which requires an enclave image enc.elfbin.

I was wondering if you can share the image used in your experimentation.

Many thanks in advance!

make qemu

I have prepare everything before "make qemu "
But I got stock with "make qemu"
[ -f guestimg/guestdisk.img ] || cp raspbian.img guestimg/guestdisk.img
[ driver/komodo.ko -ot guestimg/guestdisk.img ] || guestimg/cptoext2.sh driver/komodo.ko guestimg/guestdisk.img /lib/modules/komodo.ko[ -f guestimg/guestdisk.img ] || cp raspbian.img guestimg/guestdisk.img
[ -z "piimage/piimage.img piimage/config.txt" ] || guestimg/cptofat.sh piimage/piimage.img piimage/config.txt guestimg/guestdisk.img /
Usage: guestimg/cptofat.sh file image dest
guestimg/subdir.mk:14: recipe for target 'guestimg/guestdisk.img' failed
make: *** [guestimg/guestdisk.img] Error 1
make: *** Deleting file 'guestimg/guestdisk.img'
I have not found any solution so far.
Could you help me?
Many thanks in advance!

Avoid needless TLB flushes in entry path

Store the current address space (in a global variable), and prove that TLB consistency is preserved throughout the user execution and entry path, so that we don't need the TLB flush for repeated executions of the same enclave.

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Use resource limits rather than time limits for verification

Dafny now supports Z3 resource limits (dafny-lang/dafny#106). We should convert to them to avoid unstable / unpredictable timeouts when verifying. This will require determining appropriate limits and updating the lemmas for which we have hardcoded time limit multipliers.