Post AbO5xpYYsf5oPRN2H2 by fugueish@infosec.exchange
(DIR) More posts by fugueish@infosec.exchange
(DIR) Post #AbO5xpYYsf5oPRN2H2 by fugueish@infosec.exchange
2023-10-10T00:34:59Z
0 likes, 1 repeats
To that end, we have rewritten the Android Virtualization Frameworkâs protected VM (pVM) firmware in Rust to provide a memory safe foundation for the pVM root of trust. This firmware performs a similar function to a bootloader, and was initially built on top of U-Boot, a widely used open source bootloader. However, U-Boot was not designed with security in a hostile environment in mind, and there have been numerous security vulnerabilities found in it due to out of bounds memory access, integer underflow and memory corruption. Its VirtIO drivers in particular had a number of missing or problematic bounds checks. We fixed the specific issues we found in U-Boot, but by leveraging Rust we can avoid these sorts of memory-safety vulnerabilities in future. The new Rust pVM firmware was released in Android 14.https://security.googleblog.com/2023/10/bare-metal-rust-in-android.html