NVIDIA Working To Make Linux Safer For Cars, Robots & Other Safety Critical Environments
NVIDIA is working on their own address space isolation (ASI) implementation for the Linux kernel that they hope will make the kernel safer for use within automobiles, robotics, and other areas where NVIDIA Tegra embedded hardware has a growing Linux-powered presence.
While Google along with engineers from IBM and Oracle have worked on ASI for Linux to better handle speculative execution attacks and Google is still hoping to go forward with its address space isolation work, it turns out NVIDIA engineers have also been exploring their own ASI code for the Linux kernel.
NVIDIA engineer Igor Stoppa who serves as a senior software safety architect presented at the Open-Source Summit Europe event hosted in Dublin last week by the Linux Foundation. In that presentation he covered their work-in-progress ASI work to make Linux safer to prevent buggy hardware drivers from interfering with other areas of the kernel and ways of making the software stack safer for safety-critical NVIDIA Linux environments.
NVIDIA's address space isolation approach is around asynchronous detection of unsafe events and to block the event before it happens. Their approach involves MMU-based memory coloring and is outlined in more detail via this PDF slide deck from the Open-Source Summit Europe 2022 event. Unfortunately as of writing the video recording has yet to be made public.
While this is great to see NVIDIA working on a solution to improve Linux kernel security, right now Igor acknowledges there are "lots of hacks" and that the code isn't even public yet... So much for the "release early, release often" and iterative approach to big new kernel features. NVIDIA is looking at posting the code publicly by year's end.
While Google along with engineers from IBM and Oracle have worked on ASI for Linux to better handle speculative execution attacks and Google is still hoping to go forward with its address space isolation work, it turns out NVIDIA engineers have also been exploring their own ASI code for the Linux kernel.
NVIDIA engineer Igor Stoppa who serves as a senior software safety architect presented at the Open-Source Summit Europe event hosted in Dublin last week by the Linux Foundation. In that presentation he covered their work-in-progress ASI work to make Linux safer to prevent buggy hardware drivers from interfering with other areas of the kernel and ways of making the software stack safer for safety-critical NVIDIA Linux environments.
NVIDIA's address space isolation approach is around asynchronous detection of unsafe events and to block the event before it happens. Their approach involves MMU-based memory coloring and is outlined in more detail via this PDF slide deck from the Open-Source Summit Europe 2022 event. Unfortunately as of writing the video recording has yet to be made public.
While this is great to see NVIDIA working on a solution to improve Linux kernel security, right now Igor acknowledges there are "lots of hacks" and that the code isn't even public yet... So much for the "release early, release often" and iterative approach to big new kernel features. NVIDIA is looking at posting the code publicly by year's end.
4 Comments