FreeRTOS-MPU security (privileges)
Posted by Stefano Cristalli
on August 16, 2013
Hello, I am currently testing FreeRTOS-MPU on STM32F4, and it has occured to me that a restricted task could call library functions xTaskCreate or xTaskCreateRestricted in order to spawn other tasks, perhaps with malicious code inside them.
Is that a behavior that should be blocked? How would someone prevent such tasks from calling xTaskCreate?
Thanks in advance.
RE: FreeRTOS-MPU security (privileges)
Posted by Richard
on August 16, 2013
Currently there is no way of preventing a non-privileged task from creating a privileged task, but it could conceivable done relatively simply by updating the implementation of MPU_xTaskGenericCreate() in the MPU port layer's port.c file. The update would check to see if the scheduler was running, and if so, only allow a privileged task to be created if the MCU was already running in the privileged mode when MPU_xTaskGenericCreate() was called (that information is already known because it is stored in the xRunningPrivileged variable within the function).
However...in statically linked small systems there is an assumption that the system architecture is familiar with all the code s/he is building into the project. It is therefore unlikely to include malicious code, so any additional safe guards would primarily safe guard against simple design mistakes.
Copyright (C) 2004-2010 Richard Barry. Copyright (C) 2010-2016 Real Time Engineers Ltd.
Any and all data, files, source code, html content and documentation included in the FreeRTOSTM distribution or available on this site are the exclusive property of Real Time Engineers Ltd..
See the files license.txt (included in the distribution) and this copyright notice for more information. FreeRTOSTM and FreeRTOS.orgTM are trade marks of Real Time Engineers Ltd.