1 rules for system software, 2 .6 .1 rules for system software -14, Maxq610 user’s guide – Maxim Integrated MAXQ610 User Manual

2-14

MAXQ610 User’s Guide

2.6.1 Rules for System Software

While privilege levels are implemented in hardware, there are two ways user code could try to circumvent the memory
access protection:
• Manipulation of shared, common stack or registers
• Jumping or calling to code in system memory that is not an official entry point
To ensure a safe system and prevent these attacks, the system code programmer must follow the following rules:
• System code must not save and restore the privilege level. Instead, every interrupt and every system library func-

tion that raises the privilege must also unconditionally lower the privilege before exiting . If there are interrupts
that lower the privilege level, or interrupt code running outside of system space, any code that raises the privilege
must disable interrupts for the duration of the privileged operation .

Example:

interrupt:

move IGE, #0

move PRIV, #HIGH

… ; action

move PRIV, #LOW

move IGE, #1

reti

system_code:

move IGE, #0

move PRIV, #HIGH

... ; action

move PRIV, #LOW

move IGE, #1

ret

• An operation that requires high privilege levels must not call subroutines to raise the privilege level .
Example:

incorrect:

call raise_priv

… ; action

move PRIV, #LOW

correct:

move PRIV, #HIGH

… ; action

move PRIV, #LOW