Project Home
Project Home		 Trackers
Trackers		 Documents
Documents		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
Community/Discussion/General/Memory partitioning for sensitive processes on QNX 6.4/List of Posts
Forum Topic - Memory partitioning for sensitive processes on QNX 6.4: (3 Items)
   
Update
AWL Team
07/01/2011 9:48 AM
post87020
Memory partitioning for sensitive processes on QNX 6.4   
Dear all,

Our team is developing a hardware security module (HSM) running QNX 6.4 on a Freescale p1022 CPU with 512 MB of RAM. For
 security reasons, our HSM must guarantee that sensitive information is always contained within the first 64MB of the 
machine’s physical address space. We define sensitive information at the process level: all data (heap + stack 
segments) of certain processes are considered sensitive, all other processes are not sensitive. Therefore, we would like
 to partition our RAM into the following zones:

0-64 : “secure memory” -> system page + kernel memory + sensitive processes memory (heap + stack)
64-512 : “non-secure memory” -> non-sensitive process memory (heap + stack)

Ideally, the code segments of all processes should be loaded in non-secure memory, but this is optional for us.

The immediate naïve solution to this is to use the ‘ –r’ startup option to “remove” the excess memory and simply 
use 64MB for everything. Of course, we would like to find a better solution ;-)

We have looked at this problem for several weeks but have not since devised a satisfactory solution. 
We did look at the QNX feature called “Memory Partitioning” (see http://community.qnx.com/sf/wiki/do/viewPage/projects
.core_os/wiki/Memory_Partitioning_Technology) but it is apparently experimental and unfortunately unsupported by QNX.

Did any of you encounter a similar use case of QNX? Did you find a satisfactory solution ?

Any input is gladly welcome !

Best Regards,

Baudouin Nyssen.
Malte Mundt(deleted)
08/03/2011 6:00 AM
post87781
Re: Memory partitioning for sensitive processes on QNX 6.4   
A possible solution could be "typed memory". You can define arbitrary "types" of memory in startup and use them from 
applications accordingly. 

Search the QNX documentation for the term "typed memory", a good starting point is the “Typed memory” section in the 
Interprocess Communication (IPC) chapter of the System Architecture guide.

Regards,

- Malte
AWL Team
08/03/2011 9:07 AM
post87791
Re: Memory partitioning for sensitive processes on QNX 6.4   
Thanks for your answer.
We did try to modify the system page and add a type memory segment corresponding to the unsecured part of our memory. 
The problem we have is as follows:
 - we can posix_typed_mem_open() the unsecured memory
 - we can mmap() the corresponding file descriptor and access the memory
 - however, we don't have an easy way of doing dynamic memory allocation inside the mmaped memory. Worse, we would 
actually need that many processes can do malloc's inside the unsecured memory.

Our current solution path is the following (not yet implemented):
 - a resource manager process which mmap()s the entire unsecured memory.
 - replace malloc(), free(), realloc(), etc. by a custom library which talks to the resource manager

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems