[Cryptography] How to lock registers with GCC?
Nemo
nemo at self-evident.org
Fri May 9 12:29:20 EDT 2014
tpb-crypto at laposte.net writes:
> Is it possible to give a directive to GCC while compiling and/or does
> it support some macro/routine/directive/library/whatever, that would
> allow to load values into processor registers and then lock one or two
> registers, which would become unchangeable? Performance
> notwithstanding.
GCC supports global register variables:
http://gcc.gnu.org/onlinedocs/gcc/Global-Reg-Vars.html
"Defining a global register variable in a certain register reserves that
register entirely for this use, at least within the current
compilation. The register is not allocated for any other purpose in the
functions in the current compilation, and is not saved and restored by
these functions."
So this is a step towards what you want, provided you compile the entire
application (including all libraries) with the same global declaration
visible.
However, as others have pointed out, your next problem is the operating
system. You would need to recompile the kernel with the same global
declaration visible there, too, so that the kernel's own code would not
use it. You would need to audit all of the assembly in the kernel to
eliminate any uses there, too.
Obviously, you would need to modify the context switch machinery not to
save and restore the register.
Finally, any other application running on the same core following a
context switch might clobber the register... So you would either need to
perform the same exercise for all applications on the system, or you
would need to use the "CPU binding" machinery (see "numactl
--physcpubind ..." for a starting point) to ensure your process and only
your process runs on a certain core.
All of this just to ensure that someone with total access to your
physical memory cannot steal your password. Is there anything else in
memory that might be of interest to such an attacker?
I wonder, though... How many registers would it take, in principle, to
encrypt/decrypt every memory access?
- Nemo
https://self-evident.org/
More information about the cryptography
mailing list