My understanding is that to seal a capability I require a sealer cap which has address that fits into the object ID of the capability to be sealed, i.e it's address is < 64KBytes.
How to obtain a suitable capability on Linux purecap? Is there a new system call available to get one?
I am temporarily using DDC, and this works, e.g something like this:
void* __capability sealed_cap = cheri_seal(ptr_to_seal, (uint8_t*)cheri_ddc_get() + (ptrdiff_t)0x1234);
But obviously I need a proper sealing capability, mmap() / malloc() are likely to give something with a lower bound too high. I suppose I could reduce the bounds of DDC but this sounds like a hack.
Please advise how it is supposed to be done!
It indeed works using DDC currently but please don't rely on it - we will be zeroing DDC in due course, as specified in the pure-capability kernel-user ABI (PCuABI) specification. The new mechanism to obtain the root sealing capability is the AT_CHERI_SEAL_CAP entry in the auxiliary vector. To get it, use getauxptr(AT_CHERI_SEAL_CAP). You should then derive a sealer capability with an appropriate address and bounds (ideally as narrow as possible).
Brilliant, exactly what I needed to know - thanks Kevin.