A matsayin wani ɓangare na ƙoƙarin ƙarfafa tsaro na mahimman kayan masarufi na dandamali na Android, Google ya sake rubuta pvmfm firmware, wanda ake amfani da shi don sarrafa injunan kama-da-wane da pVM hypervisor ya ƙaddamar daga Tsarin Virtualization Android, a cikin Rust. A baya can, an rubuta firmware a cikin C kuma an aiwatar da shi a saman bootloader na U-Boot, wanda a baya an gano lambarsa yana ɗauke da lahani da matsalolin ƙwaƙwalwa ke haifarwa.
An haɗa firmware ɗin da aka sake rubutawa a cikin Rust a cikin Android 14, kuma ɗakunan karatu na duniya waɗanda aka ƙirƙira yayin haɓaka firmware an tattara su azaman fakitin akwati kuma an ba da gudummawa ga al'ummar Rust. Misali, an buga fakitin smccc don tallafawa musaya na ARM's PSCI (Power State Coordination Interface) da kiran SMCCC (SMC Calling Convention), da kuma kunshin aarch64-paging don sarrafa teburin shafi na ƙwaƙwalwar ajiya. An kuma gudanar da aikin don gyara kurakurai da faɗaɗa ayyukan fakitin virtio-drivers, wanda ke aiwatar da direbobin VirtIO. Bayan dandali na Android, ana amfani da waɗannan fakitin a cikin aikin Oak, wanda ke haɓaka abubuwan da ake buƙata don watsawa, adanawa, da sarrafa bayanai a cikin amintattun wuraren aiwatarwa (TEE).
Mai sarrafa pVM yana ɗaukar iko da wuri a lokacin da ake fara booting kuma yana ba da cikakken keɓancewa na ƙwaƙwalwa. injunan kama-da-wane da kuma yanayin mai masaukin baki, yana hana tsarin mai masaukin baki samun damar shiga injunan kama-da-wane masu kariya inda ake sarrafa bayanai masu mahimmanci. Firmware na pvmfm (Protected Virtual Machine Firmware) yana ɗaukar iko nan da nan bayan injin kama-da-wane ya fara aiki, yana tabbatar da yanayin da aka samar, kuma yana yanke shawara ko za a dakatar da boot ɗin idan an gano matsalolin aminci ko kuma ya samar da takardar shaidar boot ga tsarin baƙo idan an tabbatar da sarkar aminci.
Refactoring in Rust yana ba da damar sauƙi da aminci ga bin ka'idodin "ka'idodin biyu," wanda Google ke amfani da shi don kiyaye amincin abubuwan tsarin Android. Wannan doka ta bayyana cewa duk wata lambar da aka ƙara dole ne ta cika fiye da biyu daga cikin sharuɗɗa uku: sarrafa shigarwar da ba a amince da ita ba, ta amfani da yaren shirye-shirye mara aminci (C/C++), da aiwatar da manyan gata. Wannan doka kuma tana nuna cewa dole ne a cire lambar sarrafa bayanan waje zuwa mafi ƙarancin gata (keɓe) ko a rubuta cikin amintaccen yaren shirye-shirye. Dangane da kididdigar Google, kusan kashi 70% na duk lahani masu haɗari da aka gano a cikin Android suna haifar da kurakuran sarrafa ƙwaƙwalwar ajiya.
Tsatsa yana mai da hankali kan amincin ƙwaƙwalwar ajiya kuma yana rage haɗarin rashin lahani da ke haifar da al'amura kamar su-bayan-free amfani da wuce gona da iri. Tsatsa yana tabbatar da amincin ƙwaƙwalwar ajiya a lokacin haɗawa ta hanyar duba tunani, bin diddigin mallakar abu, da lissafin rayuwa (ikon) abu, hakama ta hanyar tabbatar da damar ƙwaƙwalwar ajiyar lokacin aiki. Tsatsa kuma yana ba da kariya daga ambaliya ta lamba, yana buƙatar ƙaddamar da ƙima mai mahimmanci kafin amfani, mafi kyawun sarrafa kurakurai a cikin daidaitaccen ɗakin karatu, yana aiwatar da manufar nassoshi da masu canji ta tsohuwa, kuma yana ba da ingantaccen buga rubutu don rage kurakuran dabaru.
Wahala ɗaya da aka fuskanta lokacin haɓaka ƙananan abubuwan haɗin gwiwa kamar direbobi a cikin Tsatsa shine buƙatar ɗaukar alamun tsirara a cikin yanayin rashin tsaro. An ƙirƙira tsatsa tare da ƙayyadaddun ƙwaƙwalwar ajiyar shirin, yayin da lambar ke gudana ba tare da abin rufe fuska ba dole ne ta sami damar ƙwaƙwalwar ajiyar da aka raba da MMIO. Ƙarfin Rust don sarrafa alamun tsirara a halin yanzu yana barin abubuwa da yawa da za a so, amma wannan ya kamata ya inganta sau ɗaya goyon baya ga offset_of, slice_ptr_get, da slice_ptr_len macros stabilizes.
Sauran fitattun gazawar sun haɗa da buƙatar ingantattun kalmomi don isa ga filayen tsari da tsararrun fihirisa ta hanyar masu nuni ba tare da ƙirƙirar nassoshi ba, da kuma iyakancewa wajen ƙirƙirar amintattun kunsa don ayyuka marasa aminci waɗanda zasu iya haifar da halayen da ba a bayyana ba kuma mai tarawa ba zai iya duba shi ba. Alal misali, irin waɗannan nannade ba su yiwuwa a ƙirƙira don ayyuka tare da tebur na shafi na ƙwaƙwalwar ajiya, tun da taswirar shafi a wani ɓangare na shirin na iya rinjayar wasu sassa.
Game da girman lambar da aka samu, tsohuwar sigar firmware pVM ta mamaye 220 KB, yayin da sabon ya mamaye 460 KB. Koyaya, sigar da aka sake rubuta ta ƙara sabbin abubuwa, waɗanda suka ba mu damar kawar da wasu abubuwan da aka yi amfani da su yayin taya. Sakamakon haka, jimlar girman duk tsofaffi da sabbin abubuwan haɗin taya sun kasance kwatankwacinsu. An lura cewa lokacin da girman ya fi mahimmanci fiye da aiki, za a iya samun sakamako mai kama da waɗanda ke cikin C ta hanyar ba da damar ƙarin yanayin haɓaka girman girma a cikin mai tarawa, cire abubuwan da ba dole ba, kuma ba amfani da kayan aikin tsara kirtani ba.
Bugu da ƙari, ana ci gaba da aiki don ba da damar ƙaddamar da amintattun aikace-aikacen da aka rubuta a cikin Rust a cikin Amintaccen tsarin aiki, wanda ke ba da Amintaccen Muhalli na Kisa (TEE) don Android wanda ke aiki a layi daya da Android akan na'ura mai sarrafawa iri ɗaya a cikin keɓantaccen yanayi. Ana amfani da Trusty a cikin na'urorin Pixel kuma ya riga ya yi amfani da Rust a cikin ɗakunan karatu da sassan tsarin (kwaya ta rage a C).
source: budenet.ru
