See an online copy of the release notes at: https://docs.sel4.systems/sel4_release/seL4_9.0.0 https://docs.sel4.systems/camkes_release/CAmkES_3.3.0 # seL4 Version 9.0.0 Release Announcing the release of `seL4 9.0.0` with the following changes: 9.0.0 2018-04-11: BREAKING # Changes * Debugging option on x86 for syscall interface to read/write MSRs (this is an, equally dangerous, alternative to dangerous code injection) * Mitigation for Meltdown (https://meltdownattack.com) on x86-64 implemented. Mitigation is via a form of kernel page table isolation through the use of a Static Kernel Image with Microstate (SKIM) window that is used for trapping to and from the kernel address space. This can be enabled/disabled through the build configuration depending on whether you are running on vulnerable hardware or not. * Mitigation for Spectre (https://spectreattack.com) on x86 against the kernel implemented. Default is software mitigation and is the best performing so users need to do nothing. This does *not* prevent user processes from exploiting each other. * x86 configuration option for performing branch prediction barrier on context switch to prevent Spectre style attacks between user processes using the indirect branch predictor * x86 configuration option for flushing the RSB on context switch to prevent Spectre style attacks between user processes using the RSB * Define extended bootinfo header for the x86 TSC frequency * x86 TSC frequency exported in extended bootinfo header * `archInfo` is no longer a member of the bootinfo struct. Its only use was for TSC frequency on x86, which can now be retrieved through the extended bootinfo * Invocations to set thread priority and maximum control priority (MCP) have changed. - For both invocations, users must now provide a TCB capability `auth` - The requested MCP/priority is checked against the MCP of the `auth` capability. - Previous behavior checked against the invoked TCB, which could be subject to the confused deputy problem. * `seL4_TCB_Configure` no longer takes prio, mcp as an argument. Instead these fields must be set separately with `seL4_TCB_SetPriority` and `seL4_TCB_SetMCPriority`. * `seL4_TCB_SetPriority` and `seL4_TCB_SetMCPriority` now take `seL4_Word` instead of `seL4_Uint8`. - `seL4_MaxPrio` remains at 255. * `seL4_TCB_SetSchedParams` is a new method where MCP and priority can be set in the same sytsem call. * Size of the TCB object is increased for some build configurations # Upgrade notes * `seL4_TCB_Configure` calls that set priority should be changed to explicitly call `seL4_TCB_SetSchedParams` or `SetPriority` * `seL4_TCB_Configure` calls that set MCP should be changed to explicitly call `seL4_TCB_SetSchedParams` or `seL4_TCB_SetMCPriority` --- # Full changelog Refer to the git log in https://github.com/seL4/seL4 using `git log 8.0.0..9.0.0` # More details See the [9.0.0 manual](http://sel4.systems/Info/Docs/seL4-manual-9.0.0.pdf) included in the release or ask on the mailing list! ---- # CAmkES Version camkes-3.3.0 Release Announcing the release of `camkes-3.3.0` with the following changes: camkes-3.3.0 2018-04-11 Using seL4 version 9.0.0 ## Changes * Hardware dataport with large frame sizes issue has been fixed * Bug fix: Enumerating connections for hierarchical components with custom connection types is now done correctly * Bug fix: Data structure caching is now correctly invalidated between builds * Initial CMake implementation for CAmkES. See the CAmkES test apps for examples. ## Upgrade notes * No special upgrade requirements. ## Known issues * Hierarchical components that export dataport connectors create compilation errors as the templates cannot accurately tell that the connector of the parent component is exported from the child and no code should be generated. A temporary workaround involves making the dataport connection explicitly available to the parent component. --- # Full changelog Use `git log camkes-3.2.0..camkes-3.3.0` in https://github.com/seL4/camkes-tool # More details See the [documentation](https://github.com/seL4/camkes-tool/blob/camkes-3.3.0/docs/index.md) or ask on the mailing list!