缓存为拉姆（无填充模式）可执行code [英] Cache-as-Ram (no fill mode) Executable Code

问题描述

我看了一下缓存为-RAM模式（无填充模式）无数次，我想知道是否一把手，可以可执行code编写，并跃升至若然是可执行文件code限制到阶缓存的一半（因为高速缓存实际上只是SRAM）。

I have read about cache-as-ram mode (no-fill mode) numerous times and am wondering whether number one, can executable code be written and jumped to and if so is the executable code restricted to half of the level one cache (since the cache is really just sram).

推荐答案

Coreboot原本二手车来保存L1数据缓存C堆栈：的 http://rere.qmqm.pl/~mirq/cache_as_ram_lb_09142006.pdf 的 http://www.coreboot.org/images/6/6c/LBCar.pdf

Coreboot originally used CAR to save C stack in L1 data cache: http://rere.qmqm.pl/~mirq/cache_as_ram_lb_09142006.pdf http://www.coreboot.org/images/6/6c/LBCar.pdf

要执行code，应改用统一的L2到汽车模式，然后L1I（你应该知道，最现代的桌面/应用处理器已经分开L1：一个用于数据 - L1D - 具有读/写和其他 - 读 - 只为L1I code）将能够读取从汽车L2 code。这种模式是在实施UBRX - 通用BIOS恢复控制台在x86 PC（ akeo ）： HTTP：//pete.akeo。 IE / 2011/08 / ubrx-L2缓存-AS-指令ram.html

To execute code, we should switch unified L2 to CAR mode, then L1i (you should know that most modern desktop/application CPUs has separated L1: one for data - L1d - with read/write and other - read-only L1i for code) will be able to read code from CAR L2. Such mode was implemented in "UBRX - Universal BIOS Recovery console for x86 PCs" (akeo): http://pete.akeo.ie/2011/08/ubrx-l2-cache-as-instruction-ram.html

有两个L1高速缓存ondie：一个用于数据，另一个用于指示，与指令之一是只读的。因此，从coreboot CAR的设置方法只能访问L1数据缓存，而不是指令，因此我们不能简单地上传了code到L1-数据，并期望它运行。

there are two L1 caches ondie: one for data and another for instructions, with the instruction one being read-only. Thus, the CAR setup method from coreboot only provides access to the L1 data cache, not the instruction one, so we can't simply upload our code into L1-Data and expect it to run.

有也是其创造的产品，以保护code从凝固的记忆攻击商业公司（当攻击者冻结了DRAM，DRAM拉模块，并将其转移到其他电脑阅读，大部分数据将被保存为几十秒）。他们的产品加载整个操作系统/虚拟机管理程序的内核到缓存中，无论是code和数据保存在里面的CPU。产物是从PrivateCore vCage（通过<一href=\"http://stackoverflow.com/questions/28868196/reverse-engineering-a-docker-deployment-on-private-cloud\">Reverse工程于私有云和<一泊坞窗部署href=\"http://stackoverflow.com/questions/28875519/$p$pventing-reverse-engineering-with-binary-$c$c-and-secret-key\">$p$pventing反向二进制code和密钥，感谢的信息AdamNYC用户）工程：

There also was commercial company which created product to protect code from Frozen memory attacks (when attacker froze the DRAM, pulls DRAM module and move it to other PC to read, most data will be saved for tens of seconds). Their product loads entire os/hypervisor kernel into cache, both code and data were stored inside CPU. The product was vCage from PrivateCore (via Reverse engineering a Docker deployment on private cloud and Preventing reverse engineering with binary code and secret key, thanks to AdamNYC user for info):

（以下简称vCage主机打包为RAM磁盘上的一个无状态的实时图像的Linux KVM）。

("The vCage host is packaged as a stateless live image Linux KVM on a RAM disk").

<一个href=\"http://security.stackexchange.com/questions/53165/is-it-possible-to-boot-an-encrypted-server-remotely-and-securely\">http://security.stackexchange.com/questions/53165/is-it-possible-to-boot-an-encrypted-server-remotely-and-securely, <一href=\"http://security.stackexchange.com/questions/53165/is-it-possible-to-boot-an-encrypted-server-remotely-and-securely#comment85386_53168\">comment由 security.SE用户northox ：

在vCage的情况下，你基本上只需要信任英特尔及私人核心。简单地说，vCage提供远程证明验证的L3居民管理程序。

"In the case of vCage you basically only need to trust Intel and Private Core. Briefly, vCage provide a L3 resident hypervisor validated with remote attestation."

检查<幻灯片36 href=\"https://forum.stanford.edu/events/2014/2014slides/plenary/Oded%20Stanford%20Annual%20Forum%202014.pdf#page=36\" rel=\"nofollow\">https://forum.stanford.edu/events/2014/2014slides/plenary/Oded%20Stanford%20Annual%20Forum%202014.pdf#page=36

的CPU为计算•物理安全的周长是CPU封装本身•加载stateless映像到CPU缓存

"The CPU as the perimeter of computation • Physical security is the CPU package itself • Loading stateless image into CPU cache"

图像加载到CPU缓存（L3）;和操作系统是Linux！ （幻灯片39）

Image loaded to CPU cache (L3); and the OS is linux! (slide 39)

最大的挑战•挤压Linux内核为＆LT;而10MB - 保持所有的虚拟化功能 - 保持它的稳定（无OOM允许的）•保持CPU缓存我们的控制之下。

Biggest challenges • Squeeze the Linux kernel into < 10MB while – Keeping all virtualization features – Keeping it stable (No OOM allowed) • Keep CPU cache under our control

这意味着，vCage是能够从高速缓存执行code;但该公司现在的Facebook不公开的一部分，所以没有新的细节或Linux修补程序的开源。

This means that vCage was capable to execute code from Cache; but the company is now not-public part of Facebook, so there are no newer details or open source of linux patches.

这篇关于缓存为拉姆（无填充模式）可执行code的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！