1. © Imagination TechnologiesInternal Only – Not to be released externally p1 www.imgtec.com David Lau June 2015 Debugging & MIPS VZ

2. © Imagination TechnologiesInternal Only – Not to be released externally p2 Debugging for non-Virtualized Systems How it’s normally done App or Lib (non-privileged) OS Kernel (privileged) App or Lib (non-privileged) SW Debugger (e.g. GDB) User-Mode debugging (only have access to 1 process) App or Lib (non-privileged) SW Debugger (e.g. GDB) OS Kernel (privileged) PrintK HW Probe (e.g. ICE/JTAG) Kernel Debugger (e.g. KGDB) OR Kernel-Mode or Bare-Iron debugging (potentially can see everything) OS Kernel invisible to App Full System

3. © Imagination TechnologiesInternal Only – Not to be released externally p3 Debugging for MIPS VZ - Guests SW Debugging of Guests stay the same Guest App or Lib (non-privileged) Guest Kernel (privileged) Guest App or Lib (non-privileged) SW Debugger (e.g. GDB) Guest-User-Mode debugging (only have access to 1 process) App or Lib (non-privileged) SW Debugger (e.g. GDB) OS Kernel (privileged) PrintK Kernel Debugger (e.g. KGDB) OR Kernel-Mode or Bare-Iron debugging (potentially can see everything for Guest, but not Root) Root App or Lib (non-privileged) Root Kernel (privileged) Guest Kernel invisible to Guest App Root SW invisible to Guest Root SW invisible to Guest-kernel OK, no security hole HW Probe discussed later Full System

4. © Imagination TechnologiesInternal Only – Not to be released externally p4 Debugging for MIPS VZ - Root SW Debugging of Root Guest App or Lib (non-privileged) Guest Kernel (privileged) Root App or Lib (non-privileged) SW Debugger (e.g. GDB) Root App or Lib (non-privileged) Root Kernel (privileged) Root Kernel invisible to Root-User App or Lib (non-privileged) SW Debugger (e.g. GDB) Hypervisor PrintK HW Probe (e.g. ICE/JTAG) Debugger In hypervisor OR Can’t see Other Guests, as have to ask Hypervisor Guest Kernel (privileged) Root App or Lib (non-privileged) Hypervisor debugging OK, no security hole Potential Security Hole – might want to grant access to Subset of Guests Root-User Debugging

5. © Imagination TechnologiesInternal Only – Not to be released externally p5 Debugging for MIPS VZ – limiting scope Graphical view of the problem Guest1 App (non-privileged) Guest1 Kernel (privileged) Root App3 (non-privileged) Root Kernel - hypervisor (privileged) Guest2 App (non-privileged) Guest2 Kernel (privileged) Full System Container1Container2Container3 Guest1 App (non-privileged) Guest1 Kernel (privileged) Root Kernel - hypervisor (privileged) Container2 What we want to be visible Make Guest2 Invisible To debugger Currently Not Possible Make Root App3 Invisible To debugger

6. © Imagination TechnologiesInternal Only – Not to be released externally p6 Debug HW Probe controls the CPU No SW can prevent the Debug HW Probe from taking over the system Instruction Fetch Unit Execution Pipelines “Regular” Memory System Data Register EJTAG Control Register Instructions Mux Debug Test Access Port TAP HW Debug Probe JTAG Data Serial Pin Above registers Not accessible to CPU, Only accessible to Debug Probe EJTAG Disable Pin Execution Logic DebugMode Debug Memory Segment Debug Interrupt Has no Disable ProbeTrap ProbeEn Malicious code Enters here Assume Malicious User hooks up Probe Assume EJTAG disable pin not used

7. © Imagination TechnologiesInternal Only – Not to be released externally p7 Problem(s) Statement  Problem1 - When debugging in Root-Kernel mode  Want the ability to restrict visibility/debugability to only certain Guests  Currently in MIPS VZ Architecture, visibility/debugability is given to all Guests  Problem2 – HW Probe can’t be disabled by SW in MIPS VZ Architecture  HW Probe controls where CPU is getting instructions – including getting instructions from the HW probe  There is only EJTAG HW disable pin.  No TAP/ICE at the Guest Level; only TAP/ICE at Root-Kernel level Security holes when debugging in Root-Mode