Not trying to be, I looked at the paper and didn't see what all the hype was about. The press coverage was misleading, trying to make it sound like it was MPK that nobody could use in a performant way, but the paper was talking about alternative methods (hypervisors etc)
which I think means that e.g. offsets used for RIP-relative addressing will instead be interpreted as absolute addresses, which is probably not great for the integrity of the trusted code
-
-
so I think you need to either put a guard behind WRPKRU that ensures CS holds the correct selector (0x33) using bitness-invariant code, or ensure that WRPKRU is located above 4GiB (so that it can't be reached in 32-bit mode)
-
(IIRC both Xen PV and Virtualbox used the "hide stuff above 4GiB trick" for running paravirtualized 32-bit guests, with the guest kernel in ring 1 - they ensured that the GDT/LDT contained no 32-bit code segments, so it couldn't reach the hypervisor mappings above 4GiB)
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.