This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to obtain a sealing capability on Morello Linux purecap?

My understanding is that to seal a capability I require a sealer cap which has address that fits into the object ID of the capability to be sealed, i.e it's address is < 64KBytes.

How to obtain a suitable capability on Linux purecap?  Is there a new system call available to get one?

I am temporarily using DDC, and this works, e.g something like this:

void* __capability sealed_cap = cheri_seal(ptr_to_seal, (uint8_t*)cheri_ddc_get() + (ptrdiff_t)0x1234);

But obviously I need a proper sealing capability, mmap() / malloc() are likely to give something with a lower bound too high.  I suppose I could reduce the bounds of DDC but this sounds like a hack.

Please advise how it is supposed to be done!

Thanks

Parents
  • Hi Pete,

    It indeed works using DDC currently but please don't rely on it - we will be zeroing DDC in due course, as specified in the pure-capability kernel-user ABI (PCuABI) specification. The new mechanism to obtain the root sealing capability is the AT_CHERI_SEAL_CAP entry in the auxiliary vector. To get it, use getauxptr(AT_CHERI_SEAL_CAP). You should then derive a sealer capability with an appropriate address and bounds (ideally as narrow as possible).

    Cheers,
    Kevin

Reply
  • Hi Pete,

    It indeed works using DDC currently but please don't rely on it - we will be zeroing DDC in due course, as specified in the pure-capability kernel-user ABI (PCuABI) specification. The new mechanism to obtain the root sealing capability is the AT_CHERI_SEAL_CAP entry in the auxiliary vector. To get it, use getauxptr(AT_CHERI_SEAL_CAP). You should then derive a sealer capability with an appropriate address and bounds (ideally as narrow as possible).

    Cheers,
    Kevin

Children