I've been following this discussion of the new Apollo Shield with great interest! Please correct me if I have missed any details, but as I understand its principles of operation, the Apollo Shield seems to be wholly implemented by two newly-added features: Feature #1 allows ranges of memory to be “tagged” with permission flags for reading, for writing, and/or for code execution. --> Questions raised by this summary of feature #1: (1a) Are those permissions more-or-less independently managed (which would imply eight possible Shield configurations in any given area of memory), or is there some assumption of permissions “accumulating” so that only a handful of options are even possible? As an example, I can easily envision a concept like “code execution is permitted here” being a superset of “reading data from here is permitted”; it might even be simpler to implement - but if I know in advance that my code is or is not supposed to be self-modifying, I might like to be able to shield against write accesses independently of whether I want code execution to be allowed. (1b) Are the tagged memory-ranges completely, or near-completely, arbitrary? Or do they need to be aligned on, for example, specific multiples of 16-bit 680x0 word accesses? As useful as the first possibility seems, I can well imagine the second method being vastly less complex to implement. Feature #2 allows admirably detailed reporting on any operation that attempts unsanctioned access to a memory-area tagged with these permissions active. Have I described all of that information correctly? And, in either case, are there any other functions of the Shield that have not yet been discussed in this thread?
|