Why should hardware be involved in security? [LWN.net]

Why should hardware be involved in security?

Posted Oct 21, 2024 4:38 UTC (Mon) by ebiederm (subscriber, #35028)
In reply to: Core work still going on 33 years later by willy
Parent article: The long road to lazy preemption

The basic paradigm of premptive multitasking operating systems with protection provided by the hardware seem like a local maximum.

The most questionable decision in all of that seems to be relying on hardware to define the isolation of untrusted software.

Hardware is always buggy and so expensive to fix it might as well be unfixable. We are effectively 7 years into the era of Spectre and I am not aware of any high performance cpus that successfully isolate untrusted software.

So why do our operating system architectures by design rely on broken and unfixable hardware to get security right?

Which is to say when operating systems are failing at part of their core mission because of how they are designed I think there is room and need for innovation at that level.

to post comments

Why should hardware be involved in security?

Posted Dec 13, 2024 13:21 UTC (Fri) by roblucid (guest, #48964) [Link]

The logic was if the hardware is not functioning correctly, how can you rely on software running on the hardware to do so?

A lot of security is about process isolation and correct virtual memory implementations, you simply cannot do something like logical->physical address translations efficiently in software, it needs to be initiated by L1 cache look up (hence the cache's tags to eliminate false positive hits) and available for L2/L3/DRAM fetches.

Then again software being mutable is what hostiles rely on, you need the OS & hardware support to harden a system against expoitation, a program that's reentrant, relocatable or dynamically linkable simply cannot know what logical addresses it uses. Even so without hardware support where would the immutable correct address tables be stored, so errors cannot be exploited to patch the program?