Android has been relying on memory-safe programming languages like Rust for some time to enhance the security of the operating system. Now this approach is being extended to firmware, particularly in security-critical areas. Google’s Security Blog has an article from the Android team in which two authors, Ivan Lozano and Dominik Maier, explain the advantages and process of introducing Rust into the existing firmware code base.
Advertisement
Memory protection for firmware
Firmware serves as an interface between hardware and high-level software and, according to the blog post, is often written in less secure programming languages such as C or C++. These languages appear to be vulnerable to security vulnerabilities that attackers can exploit. For the authors of the article, Rust offers a memory-safe alternative with comparable performance and aims to enable interoperability with C without additional overhead.
Gradual introduction to rust
The introduction of Rust into the existing firmware code base should be gradual. First of all, new and particularly risky code sections should be replaced. This mainly includes code that processes external, untrusted input. By using Rust for new development and gradually replacing existing components, the number of security gaps should be reduced in the long term.
Technical Challenges
However, incorporating Rust into the firmware requires some technical adjustments. This includes, for example, the use of no_stdUsing Rust without the standard library, creating Foreign Function Interface (FFI) bindings to interact with existing C code, and adapting to bare metal environments where no operating system is present.
According to the blog post, when choosing suitable Rust libraries, they should be well documented, tested no_std-Be consistent. In cases where libraries don’t do this no_std-compatible, they can be ported. However, this approach requires adjustments to the code to remove dependencies on the standard library.
(Image: magargram/Shutterstock)
This will be the fourth time on November 5 betterCode() instead of Rust.The focus this year is on embedded development, and one lecture will be devoted to the use of Rust in safety-critical systems.
The program of the online conference organized by iX and dpunkt.verlag will be published at the end of June. Until then Tickets are at a specially affordable Blind Bird price From 199 euros (plus 19% VAT).
Making a Rust Shim
A shim in Rust is used to integrate existing C/C++ APIs. This implicitly enables the use of safe Rust functions in firmware.
A Rust shim is a thin layer or adapter designed to integrate Rust code into an existing system written in another programming language (usually C or C++). The shim serves to mimic the interface (API) of existing libraries or functions, thus enabling seamless interoperability between Rust and the other programming language.
Optimizing memory requirements
To optimize performance and memory usage, the Android team recommends using link-time optimization (LTO) and other compiler settings. These optimizations can reduce library output size and improve performance.
More information on the gradual introduction of Rust into the existing firmware codebase can be found In a post on the Google Security Blog,
(MDO)
