Apologies, I attached an invalid link. Updated link - https://github.com/SEL4PROJ/camkes-arm-vm/blob/master/apps/vm_minimal/exynos5422/devices.camkes


From: Felizzi, Alison (Data61, Kensington NSW) <Alison.Felizzi@data61.csiro.au>
Sent: Friday, November 15, 2019 3:11 PM
To: Michael Neises <neisesmichael@gmail.com>; devel@sel4.systems <devel@sel4.systems>
Subject: Re: [seL4] Fwd: camkes vm question
 
Sorry for the delayed response.

The only way I can think your Linux VM can access the ELF image is if you configure the instance with pass-through access to the reader device. You can prevent the VM instance from having access to the SD card by ensuring you aren't passing through the untyped mmio's and irqs that correspond to the SD card reader device e.g. ensuring its not in either of the 'dtb', 'untyped_mmio' and 'irqs' fields in the vm component configuration (https://bitbucket.ts.data61.csiro.au/projects/SEL4PROJ/repos/camkes-arm-vm/browse/apps/vm_minimal/exynos5422/devices.camkes).

From: Devel <devel-bounces@sel4.systems> on behalf of Michael Neises <neisesmichael@gmail.com>
Sent: Saturday, October 12, 2019 3:48 AM
To: devel@sel4.systems <devel@sel4.systems>
Subject: [seL4] Fwd: camkes vm question
 
Hello,

In my system, sel4 is loaded by u-boot from an sd card that contains only an ELF image. I would like to store some sensitive data in plaintext for use in a non-vm component, but I worry that it can be read from the ELF image. Can this sd card data be accessed from within a linux vm instance? Or otherwise, is it certain that the vm cannot access this data?

Best,
Michael Neises