Preserving The Programmers ‘Intent’ In Unsafe Rust

Preserving The Programmers ‘Intent’ In Unsafe Rust

A few weeks ago, I happen to revisit a ‘Rust’ project of mine — a barebones embedded bootloader, hoping to re-use and extend it.

A few weeks ago, I happen to revisit a ‘Rust’ project of mine — a barebones embedded bootloader, hoping to re-use and extend it. I chose ‘rust-lang’ (over C) to write a security-focused ‘cortex-m’ bootloader, so that I could take advantage of rust’s memory-safety properties (other considerations such as size and performance being equal).

My requirements for the bootloader were as follows — boot the system, interface with a hardware root of trust, verify a signed boot-image using ECC and perform ‘downloaded software upgrades’ (or DSU).

At first glance, this seemed relatively straightforward, given that I already have a PoC but soon realized that there are many ways for things to go wrong here. As an example, take the following snippet of code, it’s a tiny part of my original PoC that controls execution-flow from the bootloader to the application-image when provided with the application’s start-address.

Image for post

Basic boot-jump sequence for an ARM Cortex-M system.

At the time of testing, I didn’t pay much attention to it but this implementation CAN do things that I didn’t intend for it to do.

  1. De-referencing 2 raw pointers i.e. stack_pointer and reset_vector could lead to undefined behavior (i.e. dereferencing can produce any value).
  2. Transmutation of a 32 bit integer to an extern C fn() type is again undefined, if we pass-in an invalid value.
  3. 2 register writes with obvious side-effects is undefined, if you pass-in an invalid, null or some other crazy value.
  4. And a transmuted function call — jump_vector()that actually diverges (i.e. never returns) but doesn’t explicitly say so in its function signature.


What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Rust Casting, Shadowing, Consts and Static

A mix of topics of casting, shadowing, constants and static variables inside the Rust Programming Language. This Rust programming language tutorial series is aimed at easing your training step by step.

Rust Zürichsee, April: Gerhard Bräunlich - PyO3 and Rust in action

This presentation was the first experiment with livestreaming of the Rust Zürisee meetup group in Switzerland. Gerhard is sharing parts of his story migratin...

"Rust Isn’t Afraid to be Imperfect as Long as we Ship something Useful"

Steve Klabnik is a member of the Rust core team, an active open-source contributor, and author of The Rust Programming Language, Rails 4 in Action, and Designing Hypermedia APIs books. In 2012 and 2016, we invited Steve to speak at the RailsClub (now RubyRussia) conference. Since then, Steve has been working on Rust a lot, did a lot of interesting things and we realized that we should definitely interview him once again!

Prevent Breaking Code Changes in Future Releases using `non exhaustive` enums in Rust

Hello everyone, recently I have come across a feature in Rust, known as non_exhaustive. It was introduced in Rust 1.40.0 . This attribute prevents source code-breaking changes in projects downstream.

Rust vs Go - Which Is More Popular?

Rust vs Go - Which Is More Popular - Go and Rust are two of the hottest compiled programming languages. I develop in Go full-time and love it, and I'm learning more about Rust recently - its an exc