DOCSLIB.ORG

LBM: a Security Framework for Peripherals Within the Linux Kernel

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LBM: a Security Framework for Peripherals Within the Linux Kernel LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian∗, Grant Hernandez∗, Joseph I. Choi∗, Vanessa Frost∗, Peter C. Johnson†, Kevin R. B. Butler∗ ∗University of Florida {daveti, grant.hernandez, choijoseph007, vfrost, butler}@ufl.edu †Middlebury College [email protected] Abstract—Modern computer peripherals are diverse in their However, with this virtually unconstrained functionality capabilities and functionality, ranging from keyboards and print- comes the threat of malicious devices that can compromise ers to smartphones and external GPUs. In recent years, periph- computer systems in myriad ways. The BadUSB attack [62] erals increasingly connect over a small number of standardized communication protocols, including USB, Bluetooth, and NFC. allows attackers to add functionality allowed by the USB pro- The host operating system is responsible for managing these tocol to device firmware with malicious intent. For example, devices; however, malicious peripherals can request additional a BadUSB flash drive presents not only expected behavior functionality from the OS resulting in system compromise, or of a storage device when plugged into a computer, but also can craft data packets to exploit vulnerabilities within OS registers keyboard functionality to allow it to inject malicious software stacks. Defenses against malicious peripherals to date only partially cover the peripheral attack surface and are limited keystrokes with the aim of gaining administrative privilege. to specific protocols (e.g., USB). In this paper, we propose Other examples of malicious USB functionality include charg- Linux (e)BPF Modules (LBM), a general security framework ers that can inject malware into iOS devices [51], or take that provides a unified API for enforcing protection against control of Android devices via AT commands [78]. Bluetooth malicious peripherals within the Linux kernel. LBM leverages peripherals are also vulnerable: the BlueBorne attack [11] the eBPF packet filtering mechanism for performance and extensibility and we provide a high-level language to facilitate the allows remote adversaries to craft Bluetooth packets that will development of powerful filtering functionality. We demonstrate cause a kernel stack overflow and enable privilege escalation, how LBM can provide host protection against malicious USB, while BleedingBit [12] exploits a stack overflow within the Bluetooth, and NFC devices; we also instantiate and unify existing Texas Instruments Bluetooth Low Energy (BLE) stack. We defenses under the LBM framework. Our evaluation shows that observe that malicious peripherals launch attacks in one of two the overhead introduced by LBM is within 1 μs per packet in most cases, application and system overhead is negligible, ways, either by (1) sending unexpected packets (I/O requests and LBM outperforms other state-of-the-art solutions. To our or responses) to activate extra functionality enabled by the knowledge, LBM is the first security framework designed to operating system, or by (2) crafting specially formed packets provide comprehensive protection against malicious peripherals (either legitimate or malformed) to exploit vulnerabilities within the Linux kernel. within the operating system’s protocol software stack. Current defenses against malicious peripherals are not I. INTRODUCTION comprehensive and are limited in scope. USBFILTER [79] Computer peripherals provide critical features to facilitate applies user-defined rules to USB packet filtering within the system use. The broad adoption of computers can be traced Linux kernel, but fails to prevent exploitation from malformed not only to the reduction in cost and size from mainframe packets. USBFirewall [43], on the other hand, provides bit- to microcomputer, but to the interactivity afforded by devices level protection by parsing individual incoming USB packets, such as keyboards and mice. Displays, printers, and scanners but offers limited support for user-defined filtering rules. Apple have become integral parts of the modern office environ- recently added USB restricted mode in iOS 11.4, shutting ment. Nowadays, smartphones and tablets can not only act down USB data connections after the device stays locked for as peripherals to a host computer, but can themselves support an hour [84], but this restriction can be bypassed [2]. Not only peripherals that attach to them. do these defenses lack comprehensive coverage, but they often The scope of functionality that peripherals can contain is focus primarily or solely on USB, providing no protection almost limitless, but the methods of connecting them to host against peripherals using other interfaces. computers have converged to a few select standards, such In this paper, we propose Linux (e)BPF Modules (LBM), as USB [10] for wired connections and Bluetooth [15] for a general security framework that provides a unified API for wireless. As a result, most modern operating systems provide enforcing protection against malicious peripherals within the support for these standards (and the peripherals that use them) Linux kernel. LBM requires only a single hook for incoming by default, implementing the respective software stacks inside and outgoing peripheral data to be placed in each peripheral the kernel and running different device drivers to support subsystem, and modules for filtering specific peripheral packet various classes of peripherals. types (e.g., USB request blocks or Bluetooth socket buffers) can then be developed. Importantly for performance and discusses additional dimensions of our work; Section VII extensibility, we leverage the Extended BSD Packet Filter explains limitations of our work; Section VIII summarizes (eBPF) mechanism [25], which supports loading of filter related work; and Section IX concludes. programs from user space. Unlike previous solutions, LBM is II. BACKGROUND designed to be a general framework suitable for any peripheral protocol. As a result, existing solutions such as USBFIL- A. Peripheral Security TER and USBFirewall can be easily instantiated using LBM. USB. The Universal Serial Bus (USB) has been around since Moreover, new peripherals can be easily supported by adding 1996 with the release of the version 1.0 specification [23]. extensions into the LBM core framework. To demonstrate the USB emerged to provide a single, ubiquitous means to connect generality and flexibility of LBM, we have fully instantiated peripherals that would support a variety of applications with USBFILTER and USBFirewall using the LBM framework, different performance requirements. Since its inception, USB developed hooks for the Bluetooth Host Control Interface has undergone many revisions (1.1, 2.0, 3.0, 3.1, and most (HCI) and Logical Link and Adaptation Protocol (L2CAP) recently 3.2 and Type-C). The set of supported peripheral layers, and demonstrated a hook mechanism for the Near-Field devices expanded with each version, and the current USB Communication (NFC) protocol. Our evaluation shows that the version 3.2 [10] supports a data transfer rate of 20 Gbits per general overhead introduced by LBM is within 1 μs per packet second, much improved over the 12 Mbits per second of v1.0. across different peripherals in most cases; the application and Numerous attacks have been demonstrated by vulnerable system benchmarks demonstrate a negligible overhead from or malicious USB peripherals. BadUSB [62] attacks work LBM; and LBM has a better performance when compared to by altering the firmware of USB devices so they register as other state-of-the-art solutions. deceptive device types when plugged into a machine. For We summarize our contributions1 below: example, a USB mass storage device could masquerade as • Design and implement LBM as a general security frame- a keyboard to gain the ability to inject malicious keystrokes. work to defend against malicious peripherals. The LBM A malicious USB charger can inject malware into iOS de- core is designed as a high-performance packet filtering vices [51] or take full control of Android devices via AT framework based on eBPF. LBM hooks are provided to commands [78]. MouseJack [61] affects wireless mice and extend support for different peripheral subsystems. keyboards that communicate with a computer through a USB • Develop a high-level filter language to facilitate writing dongle. An adversary may inject keystrokes by spoofing either LBM rules. Users can write LBM rules in a high-level, a mouse or keyboard, and in some cases may even pair a fake PCAP-like language to apply different policies to periph- keyboard with a victim’s dongle. eral data packets, to avoid having to write filters in the More vulnerabilities with the USB protocol stack and complex, low-level BPF assembly language. Our user- device drivers have been identified with the help of tools space LBMTOOL utility translates LBM rules into eBPF such as FaceDancer [30] and syzkaller [31]. On one hand, instructions and loads them into the LBM core. these vulnerabilities are mostly implementation bugs within • Develop support for USB, Bluetooth, and NFC in LBM. the software stack. On the other hand, malicious USB We extend LBM to support multiple peripheral protocols devices can exploit these vulnerabilities to compromise the by exposing useful protocol fields to the user space and whole system by sending out specially-crafted USB packets. extending LBMTOOL to recognize LBM rules for differ- For a comprehensive exploration of the variety of available ent peripherals. We demonstrate LBM’s extensibility by USB
Load more

Recommended publications
  • UG1046 Ultrafast Embedded Design Methodology Guide
    UltraFast Embedded Design Methodology Guide UG1046 (v2.3) April 20, 2018 Revision History The following table shows the revision history for this document. Date Version Revision 04/20/2018 2.3 • Added a note in the Overview section of Chapter 5. • Replaced BFM terminology with VIP across the user guide. 07/27/2017 2.2 • Vivado IDE updates and minor editorial changes. 04/22/2015 2.1 • Added Embedded Design Methodology Checklist. • Added Accessing Documentation and Training. 03/26/2015 2.0 • Added SDSoC Environment. • Added Related Design Hubs. 10/20/2014 1.1 • Removed outdated information. •In System Level Considerations, added information to the following sections: ° Performance ° Clocking and Reset 10/08/2014 1.0 Initial Release of document. UltraFast Embedded Design Methodology Guide Send Feedback 2 UG1046 (v2.3) April 20, 2018 www.xilinx.com Table of Contents Chapter 1: Introduction Embedded Design Methodology Checklist. 9 Accessing Documentation and Training . 10 Chapter 2: System Level Considerations Performance. 13 Power Consumption . 18 Clocking and Reset. 36 Interrupts . 41 Embedded Device Security . 45 Profiling and Partitioning . 51 Chapter 3: Hardware Design Considerations Configuration and Boot Devices . 63 Memory Interfaces . 69 Peripherals . 76 Designing IP Blocks . 94 Hardware Performance Considerations . 102 Dataflow . 108 PL Clocking Methodology . 112 ACP and Cache Coherency. 116 PL High-Performance Port Access. 120 System Management Hardware Assistance. 124 Managing Hardware Reconfiguration . 127 GPs and Direct PL Access from APU . 133 Chapter 4: Software Design Considerations Processor Configuration . 137 OS and RTOS Choices . 142 Libraries and Middleware . 152 Boot Loaders . 156 Software Development Tools . 162 UltraFast Embedded Design Methodology GuideSend Feedback 3 UG1046 (v2.3) April 20, 2018 www.xilinx.com Chapter 5: Hardware Design Flow Overview .
    [Show full text]
  • Linux Kernal II 9.1 Architecture
    Page 1 of 7 Linux Kernal II 9.1 Architecture: The Linux kernel is a Unix-like operating system kernel used by a variety of operating systems based on it, which are usually in the form of Linux distributions. The Linux kernel is a prominent example of free and open source software. Programming language The Linux kernel is written in the version of the C programming language supported by GCC (which has introduced a number of extensions and changes to standard C), together with a number of short sections of code written in the assembly language (in GCC's "AT&T-style" syntax) of the target architecture. Because of the extensions to C it supports, GCC was for a long time the only compiler capable of correctly building the Linux kernel. Compiler compatibility GCC is the default compiler for the Linux kernel source. In 2004, Intel claimed to have modified the kernel so that its C compiler also was capable of compiling it. There was another such reported success in 2009 with a modified 2.6.22 version of the kernel. Since 2010, effort has been underway to build the Linux kernel with Clang, an alternative compiler for the C language; as of 12 April 2014, the official kernel could almost be compiled by Clang. The project dedicated to this effort is named LLVMLinxu after the LLVM compiler infrastructure upon which Clang is built. LLVMLinux does not aim to fork either the Linux kernel or the LLVM, therefore it is a meta-project composed of patches that are eventually submitted to the upstream projects.
    [Show full text]
  • Hdcp Support in Optee
    HDCP SUPPORT IN OPTEE PRODUCT PRESENTATION Linaro Multimedia Working Group MICR ADVANCED TECHNOLOGIES • https://www.linaro.org/ SEPTEMBER 2019 Agenda • Quick introduction to HDCP • Secure Video Path overview • Current HDCP control in Linux • Proposal to control HDCP in OPTEE • Questions HDCP OVERVIEW 3 HDCP : High bandwidth Digital Content Protection • A digital copy protection developed by Intel™ to prevent copying of digital and audio video content. Before sending data, the source device shall check the destination device is authorized to received it. If so, the source device encrypts the data, only the destination device can decrypt. - data encryption - prevent non-licensed devices from receiving content • Android and Linux NXP bsp manage HDCP at Linux Level, through libDRM. So nothing prevent a user to disable HDCP protection while secure content is under playback. It is a security holes in the Secure Video Path. • HDCP support currently under development for wayland/Weston: https://gitlab.freedesktop.org/wayland/weston/merge_requests/48 • No Open Source solution exists to manage HDCP in secure mode. • HDCP versions: ▪ HDCP 1.X: Hacked: Master key published (leak/reverse engineering) ▪ HDCP 2.0: Hacked before release ▪ HDCP 2.1: Hacked before release ▪ HDCP 2.2: Not yet hacked 4 ▪ HDCP 2.3: Not yet hacked HDCP control state Machine Content with HDCP protection mandatory no yes Local display Local display yes no yes no Video displayed Video displayed without HDCP Digital Display without HDCP Digital Display encryption encryption yes no yes no It means we have analog display Video displayed Video displayed HDCP supported without HDCP HDCP supported without HDCP encryption encryption yes no yes no Video displayed Video displayed without Widevine/PlayReady To Video not displayed Application to decide if HDCP check current HDCP version Application to display a Warning 5 HDCP encryption message HDCP Unauthorized, encryption to be used >= expected HDCP version Content Disabled.' Error.
    [Show full text]
  • A Simplified Graphics System Based on Direct Rendering Manager System
    J. lnf. Commun. Converg. Eng. 16(2): 125-129, Jun. 2018 Regular paper A Simplified Graphics System Based on Direct Rendering Manager System Nakhoon Baek* , Member, KIICE School of Computer Science and Engineering, Kyungpook National University, Daegu 41566, Korea Abstract In the field of computer graphics, rendering speed is one of the most important factors. Contemporary rendering is performed using 3D graphics systems with windowing system support. Since typical graphics systems, including OpenGL and the DirectX library, focus on the variety of graphics rendering features, the rendering process itself consists of many complicated operations. In contrast, early computer systems used direct manipulation of computer graphics hardware, and achieved simple and efficient graphics handling operations. We suggest an alternative method of accelerated 2D and 3D graphics output, based on directly accessing modern GPU hardware using the direct rendering manager (DRM) system. On the basis of this DRM support, we exchange the graphics instructions and graphics data directly, and achieve better performance than full 3D graphics systems. We present a prototype system for providing a set of simple 2D and 3D graphics primitives. Experimental results and their screen shots are included. Index Terms: Direct rendering manager, Efficient handling, Graphics acceleration, Light-weight implementation, Prototype system I. INTRODUCTION Rendering speed is one of the most important factors for 3D graphics application programs. Typical present-day graph- After graphics output devices became publicly available, a ics programs need to be able to handle very large quantities large number of graphics applications were developed for a of graphics data. The larger the data size, and the more sen- broad spectrum of uses including computer animations, com- sitive to the rendering speed, the better the speed-up that can puter games, user experiences, and human-computer inter- be achieved, even for minor aspects of the graphics pipeline.
    [Show full text]
  • IT Acronyms.Docx
    List of computing and IT abbreviations /.—Slashdot 1GL—First-Generation Programming Language 1NF—First Normal Form 10B2—10BASE-2 10B5—10BASE-5 10B-F—10BASE-F 10B-FB—10BASE-FB 10B-FL—10BASE-FL 10B-FP—10BASE-FP 10B-T—10BASE-T 100B-FX—100BASE-FX 100B-T—100BASE-T 100B-TX—100BASE-TX 100BVG—100BASE-VG 286—Intel 80286 processor 2B1Q—2 Binary 1 Quaternary 2GL—Second-Generation Programming Language 2NF—Second Normal Form 3GL—Third-Generation Programming Language 3NF—Third Normal Form 386—Intel 80386 processor 1 486—Intel 80486 processor 4B5BLF—4 Byte 5 Byte Local Fiber 4GL—Fourth-Generation Programming Language 4NF—Fourth Normal Form 5GL—Fifth-Generation Programming Language 5NF—Fifth Normal Form 6NF—Sixth Normal Form 8B10BLF—8 Byte 10 Byte Local Fiber A AAT—Average Access Time AA—Anti-Aliasing AAA—Authentication Authorization, Accounting AABB—Axis Aligned Bounding Box AAC—Advanced Audio Coding AAL—ATM Adaptation Layer AALC—ATM Adaptation Layer Connection AARP—AppleTalk Address Resolution Protocol ABCL—Actor-Based Concurrent Language ABI—Application Binary Interface ABM—Asynchronous Balanced Mode ABR—Area Border Router ABR—Auto Baud-Rate detection ABR—Available Bitrate 2 ABR—Average Bitrate AC—Acoustic Coupler AC—Alternating Current ACD—Automatic Call Distributor ACE—Advanced Computing Environment ACF NCP—Advanced Communications Function—Network Control Program ACID—Atomicity Consistency Isolation Durability ACK—ACKnowledgement ACK—Amsterdam Compiler Kit ACL—Access Control List ACL—Active Current
    [Show full text]
  • Tizen Overview & Architecture
    Tizen Overview & Architecture 삼성전자 정진민 There are many smart devices in mobile market. 2 And, almost as many software platforms for them 3 Many smart devices also appear in non-mobile market 4 User Expectation by it • Before smart device, • The user knew that they were different. • Therefore, the user did not expect anything among them. • Now, • The user is expecting anything among them. • However, They provide different applications and user experiences • Disappointed about inconvenient and incomplete continuation between them. 1 Due to different and proprietary software platform Proprietary platforms 5 Why do they? • Why could not manufacturers provide the same platform for their devices? • The platform has been designed for a specific embedded device. • Manufacturers do not want to share their proprietary platforms. • There is no software platform considering cross category devices as well as fully Open Source. Proprietary platforms 6 What if there is.. • What if there is a standard-based, cross category platform? • The same software can run on many categories of devices with few or no changes • Devices can be connected more easily and provide better convergence services to users • What if the platform is Open Source? • Manufacturers can deploy the platform on their products easily • New features/services can be added without breaking [given the software complies to platform standards] 7 The platform having these two features is ü Standard-based, Cross Category Platform ü Fully Open Source Platform 8 Standard-based, cross category platform
    [Show full text]
  • Linux Interface Specification Yocto Recipe Start-Up Guide Rev.1.09
    User ’s Manual ’s Linux Interface Specification Yocto recipe Start-Up Guide User’s Manual: Software RZ/G2 group All information contained in these materials, including products and product specifications, represents information on the product at the time of publication and is subject to change by Renesas Electronics Corp. without notice. Please review the latest information published by Renesas Electronics Corp. through various means, including the Renesas Electronics Corp. website (http://www.renesas.com). www.renesas.com Rev.1.09 Aug. 31, 2021 Notice 1. Descriptions of circuits, software and other related information in this document are provided only to illustrate the operation of semiconductor products and application examples. You are fully responsible for the incorporation or any other use of the circuits, software, and information in the design of your product or system. Renesas Electronics disclaims any and all liability for any losses and damages incurred by you or third parties arising from the use of these circuits, software, or information. 2. Renesas Electronics hereby expressly disclaims any warranties against and liability for infringement or any other claims involving patents, copyrights, or other intellectual property rights of third parties, by or arising from the use of Renesas Electronics products or technical information described in this document, including but not limited to, the product data, drawings, charts, programs, algorithms, and application examples. 3. No license, express, implied or otherwise, is granted hereby under any patents, copyrights or other intellectual property rights of Renesas Electronics or others. 4. You shall not alter, modify, copy, or reverse engineer any Renesas Electronics product, whether in whole or in part.
    [Show full text]
  • Linux DRM  a Few Words on Atomic KMS API  Exynos DRM IPP Subsystem  New API Proposal  Some Code Examples  Summary  DRM = Direct Rendering Manager
    Marek Szyprowski [email protected] Samsung R&D Institute Poland Quick Introduction to Linux DRM A few words on atomic KMS API Exynos DRM IPP subsystem New API proposal Some code examples Summary DRM = Direct Rendering Manager Main framework for various display related drivers ◦ Full-blown GPUs (Intel, AMD, Nvidia) ◦ Simple graphics modules found in embedded SoCs ◦ Access to hardware (IOCTLs) from user space ◦ GEM (buffers) ◦ KMS ◦ libdrm KMS = Kernel Mode Setting Generic abstraction of the hardware ◦ CRTCs, Connectors, Encoders, Planes, ... ◦ Generic, hardware independent IOCTLs Configure given display mode on a display pipe-line ◦ Mode: resolution, pixel format, display buffer ◦ Display pipe-line: CRTC, encoder, connector, ... KMS provide emulation of legacy FBDev API Together with dumb framebuffers allows to create hardware independed userspace application GEM = memory buffer Frame Buffer = GEM + (format, width/height, ...) Plane = Hardware for scanning out Frame Buffer CRTC = Catode Ray Tube Controller (historical), nowadays hardware for mixing/blending Planes Encoder = Generates signal from the CRTC output Connector = Routes signal from Encoder to external world (i.e. Display Panel) GEM GEM GEM GEM (Main) (Video)GEM (Cursor) Frame Frame Frame Buffer Buffer Buffer Plane Plane Plane Plane CRTC CRTC Encoder Encoder Connector Connector Connector (HDMI) (VGA) (HDMI) DRM Object ◦ Unique ID ◦ Type (CRTC, Connector, Encoder, Plane, FB, Blob, ...) ◦ Set of Properties DRM Property ◦ Unique ID ◦ Type: Range (Integer)
    [Show full text]
  • LBM: a Security Framework for Peripherals Within the Linux Kernel
    LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian∗, Grant Hernandez∗, Joseph I. Choi∗, Vanessa Frost∗, Peter C. Johnsony, Kevin R. B. Butler∗ ∗University of Florida {daveti, grant.hernandez, choijoseph007, vfrost, butler}@ufl.edu yMiddlebury College [email protected] Abstract—Modern computer peripherals are diverse in their However, with this virtually unconstrained functionality capabilities and functionality, ranging from keyboards and print- comes the threat of malicious devices that can compromise ers to smartphones and external GPUs. In recent years, periph- computer systems in myriad ways. The BadUSB attack [62] erals increasingly connect over a small number of standardized communication protocols, including USB, Bluetooth, and NFC. allows attackers to add functionality allowed by the USB pro- The host operating system is responsible for managing these tocol to device firmware with malicious intent. For example, devices; however, malicious peripherals can request additional a BadUSB flash drive presents not only expected behavior functionality from the OS resulting in system compromise, or of a storage device when plugged into a computer, but also can craft data packets to exploit vulnerabilities within OS registers keyboard functionality to allow it to inject malicious software stacks. Defenses against malicious peripherals to date only partially cover the peripheral attack surface and are limited keystrokes with the aim of gaining administrative privilege. to specific protocols (e.g., USB). In this paper, we propose Other examples of malicious USB functionality include charg- Linux (e)BPF Modules (LBM), a general security framework ers that can inject malware into iOS devices [51], or take that provides a unified API for enforcing protection against control of Android devices via AT commands [78].
    [Show full text]
  • Direct Rendering Infrastructure: Architecture
    Direct Rendering Infrastructure: Architecture Jose´ Manuel Rios Fonseca 13th June 2005 Contents 1 Introduction 1 2 Architecture 3 2.1 Design goals . 3 2.2 Main components . 4 3 Design patterns 12 3.1 Inheritance . 12 3.1.1 Inheritance by reference . 12 3.1.2 Inheritance by aggregation . 14 3.2 Abstract Factory and Factory Method . 15 3.3 Template . 17 4 Possible enhancements 19 Bibliography 20 A Data transfer modes 21 A.1 Programmed Input/Output (PIO) . 21 A.2 Memory Mapped Input/Output (MMIO) . 21 A.3 Direct Memory Access (DMA) . 22 i List of Figures 1.1 X Window System rendering overview . 2 2.1 Spaces communication pathways . 6 2.2 Main components . 7 2.3 Operation action diagram . 10 2.4 Operation sequence diagram . 11 3.1 Inheritance example. 13 3.2 Driver class diagram. 16 A.1 DMA via a ring buffer . 24 ii List of Tables 2.1 Design goals . 3 2.2 Spaces features . 5 2.3 Infrastructure extensibility spots . 6 2.4 Responsibilities . 8 iii Acknowledgments This work was initially done for the subject of Architecture of Software and Systems, part of the Informatics Engineering Master course at the Faculty of Engineering of the university of Porto. iv Trademarks OpenGL is a registered trademark and SGI is a trademark of Silicon Graphics, Inc. Unix is a registered trademark of The Open Group. The ‘X’ device and X Window System are trademarks of The Open Group. XFree86 is a trademark of The XFree86 Project. Linux is a registered trademark of Linus Torvalds.
    [Show full text]
  • IEGD Linux Kernel Module Porting and Patching Methods
    Mudit Vats IEGD Linux Kernel Software Engineer Intel Corporation Module Ryan Lovrien Software Engineer Intel Corporation Porting and Patching Methods November, 2009 435867 IEGD Linux Kernel Module – Porting and Patching Methods Executive Summary Intel® Embedded Graphics Drivers (IEGD) provide a high performance, embedded-focused graphic solution for Intel integrated graphics. It supports a wide variety of operating systems including Linux*. The IEGD Kernel Module (IKM) is the Linux kernel component responsible for allowing the X-Window System driver access to the Intel graphics device. Its role is critical in enabling everything from simple 2D graphics and windowing subsystems to full-featured OpenGL*-based 3D applications. Currently, IEGD supports a wide range of graphics chipsets, X versions and Linux distributions. Considering the wide range of Linux flavors available today and the propensity of embedded developers to create their own custom solutions (using custom Linux kernels), there is a need to port the IKM to these solutions. The purpose of this white paper is to describe two methods for enabling IKM support into custom distributions and Linux kernels. First, a module- based solution is examined to port the loadable module into a newer kernel. The second solution takes this process a step further by presenting a method for creating a kernel patch so that the IKM is no longer a module, but a built-in part of the kernel. The goal of this paper is to give the reader a general idea about the steps necessary to get the IKM working for their kernel. Additionally, by examining the details of the IKM (as a module) and the idea of a kernel patch, the reader should have a better understanding of what packaging and/or installation solution works best for them and how to employ it.
    [Show full text]
  • Integrating Virtual DRM Between VISION SDK and PSDK on Jacinto6 SOC
    www.ti.com Table of Contents Application Report Integrating Virtual DRM Between VISION SDK and PSDK on Jacinto6 SOC Fredy Zhang, Joe Shen, and Peter Li ABSTRACT The Direct Rendering Manager (DRM) is widely used by user-space graphic stacks. In a setup where A15 is not allowed to access DSS, a working omapdrm driver is not available to display content. Virtual DRM is a driver framework to expose DRM devices to Linux® userspace in such a setup, therefore, enabling Linux DRM applications to continue functioning. Project collateral and source code discussed in this document can be downloaded from the following URL: https://www.ti.com/lit/zip/spracx5. Table of Contents 1 Introduction.............................................................................................................................................................................2 1.1 Standard DRM Framework................................................................................................................................................ 3 1.2 vDRM-Based Framework...................................................................................................................................................3 2 Display Content Based vDRM on Linux................................................................................................................................4 3 Multimedia Support Based vDRM on Linux......................................................................................................................... 4 3.1 Gstreamer.........................................................................................................................................................................
    [Show full text]