Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sancus-tee/sancus-core
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: sancus-tee/sancus-core
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: nemesis
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 7 commits
  • 16 files changed
  • 2 contributors

Commits on Apr 24, 2019

  1. Implement Nemesis defense 

    Full implementation of the Nemesis defense:
- Padding on IRQ;
- Storing and clearing all registers on IRQ;
- Restoring registers on RETI;
- Padding on RETI.
    Job Noorman committed Apr 24, 2019
    Configuration menu
    Copy the full SHA
    6aa2f78 View commit details
    Browse the repository at this point in the history

Commits on Apr 25, 2019

  1. Ensure the reti_padding reg has only one driver

    Job Noorman committed Apr 25, 2019
    Configuration menu
    Copy the full SHA
    07a61bf View commit details
    Browse the repository at this point in the history

Commits on Apr 26, 2019

  1. Store the previous PC when a PM IRQ occurs 

    This way, the normal control flow access control logic can be used when
a RETI to PM is executed. Before, we used to store a single bit to
indicate that the previous instruction was a RETI to PM and the access
control logic would take that into account to allow jumps to non-entry
points.  However, this scheme is only secure with a single module. Also,
storing the previous PC more closely follows the model.
    Job Noorman committed Apr 26, 2019
    Configuration menu
    Copy the full SHA
    a959617 View commit details
    Browse the repository at this point in the history

Commits on Aug 16, 2019

  1. Add `define to disable the Nemesis padding 

    This allows us to evaluate the cost of the register backup separately
from the cost of the padding.
    Job Noorman committed Aug 16, 2019
    Configuration menu
    Copy the full SHA
    db9e669 View commit details
    Browse the repository at this point in the history

Commits on Dec 7, 2020

  1. Add CMake option to enable Nemesis defense

    @mtvec
    mtvec committed Dec 7, 2020
    Configuration menu
    Copy the full SHA
    8db0d2b View commit details
    Browse the repository at this point in the history

  2. Add example to showcase the Nemesis defense

    @mtvec
    mtvec committed Dec 7, 2020
    Configuration menu
    Copy the full SHA
    71078b0 View commit details
    Browse the repository at this point in the history

  3. Add installation and run instructions

    @mtvec
    mtvec committed Dec 7, 2020
    Configuration menu
    Copy the full SHA
    7c7d7fa View commit details
    Browse the repository at this point in the history
Loading