On Thu, Sep 17, 2020, at 12:44 PM, Isaac Beckett wrote:
Hey all,
I was wondering if it makes sense for someone building a system on seL4 to run certain drivers or other critical components in a more privileged environment, but still outside the kernel. Does using a different CPU mode in this context make sense? My hunch is that the case is no, because x86 has those extra rings, but ARM only has two modes, Supervisor/System and User mode, which would make it hard to provide any mechanism for the kernel to manage privileged components, because of the differences between platforms.
Other people have commented on the least authority implications but I need to point out that rings 1 and 2 _don't actually do anything_ on modern x86 systems, and by modern I mean since the 386 - they are only used for segment-based protection, page table translation treats 1/2 as equivalent to 0. Since ring 1/2 code can freely overwrite ring 0 code, the IOPL is not relevant either. -s