Hi Genode! I have 2 question. is there any mechanism to ensure the integrity of a capability? i read in the book about the identity but it is still not clear to me. could i use this identity to authenticate the connection between tow application in my platform or even in remote one instead of the port or IP. best.
Hi Genode ! I have 2 questions. is there any mechanism to ensure the integrity of a capability? i read in the book about the identity but it is still not clear to me. could i use this identity to authenticate the connection between tow application in my platform or even in remote one instead of the port or IP address. best.
Hello Mark,
welcome to the mailing list!
is there any mechanism to ensure the integrity of a capability?
The integrity of capabilities is protected if the underlying kernel supports this. This is the case for base-hw, base-nova, base-foc, and base-sel4 (a few corner cases notwithstanding). On base-linux and the traditional L4 kernels, capabilities remain unprotected. Here a capability is represented by a plain number, which can naturally be forged.
On kernels with capability support, each capability is represented by a distinct kernel object. Even though the user land can create those objects, it has no means to manipulate those kernel objects directly. A kernel object can be manipulated only via the kernel interface (e.g., by telling the kernel to delegate a capability to another protection domain). The kernel ensures that all its operations preserve the integrity of the capabilities.
i read in the book about the identity but it is still not clear to me. could i use this identity to authenticate the connection between tow application in my platform or even in remote one instead of the port or IP address.
No. As Genode capabilities are protected by the underlying kernel (at best), the protection is limited to the bounds of the machine the kernel is running on.
Cheers Norman
-
mark ll -
Norman Feske