Secure OS Lab

Cyber Lab S23 - Week 2

Announcements

• Psi Beta Rho Practice: CTF Expert - Will, DiceGang
• Tuesday 6-8 pm
• Ackerman 3517
• Cyber Academy (Week 6): Binary Exploitation
• Wednesday 6-8 pm
• MATH SCI 5200
• Cyber DEFCON 31 Trip Interest Form
• bit.ly/cyber-defcon-31-trip
• CS Town Hall
• The UCLA Computer Science Department wants to hear from any student that has taken a Computer Science class at UCLA. Fill out our Town Hall survey to share your thoughts on your experience in classes, teaching practices, and more. The survey is completely anonymous, and you can fill it out here by Friday, May 5 at 11:59 pm: https://forms.gle/L2Z1hE1CNeNcWTfe6.

Meet the Team

Daniel Yang

Secure OS Project Lead

Michelle Zhao

Officer

Victoria Choi

Officer

Benson Liu

Co-President

Aaron Yoo

Mentor & SWE @ Apple

You

MVP

✨Social Engineering Time ✨

• Introduce Yourself!
• Name
• Year
• Major
• Hometown
• Favorite shoe? (since boot? idk)

Timeline

Part 1: (Guided) Developing the Bootloader & Kernel

• Week 3: Boot Process
• Week 4: 32-bit Protected Mode & Kernel + Feature Design
• Week 5: Break for Midterms

Part 2: Design Your Own Feature

• Week 6: Aaron Yoo’s Talk & Work Session
• Week 7: Work Session
• Week 8: Work Session
• Week 9: Presentation & Demo
• Wednesday - May 31, 6-8 pm
• MATH SCI 5200

Logistics

• Weekly meetings
• Thursdays 7-9 pm
• Boelter 4760
• Need Additional Help?
• Malware Lab meets Mondays 6-8 pm in Kerckhoff 131+133+135
• If you’re stuck during the week, feel free to show up to ask officers there for help!
• Messaging on Discord works as well!

Get Code

• https://github.com/danieltherealyang/PreOS-Skeleton
• See completed code for each objective from Week 1 under folder week1soln.
• See skeleton code for today’s objectives under week2.

What is a Kernel?

• Establishes communication between user level applications and hardware.
• Decides state of incoming processes.
• Controls disk, memory, and task management.
• Loaded into memory first when OS is loaded and remains until OS is shut down.

Part I. But first, 32-bit Protected Mode

Why switch from 16-bit real mode (RM) to 32-bit protected mode (PM)?

• Real mode cons:
• <1 MB of RAM available for use
• No built-in security mechanisms.
• Restrictive memory addressing modes.
• Protected mode pros:
• Registers extended to 32 bits.
• More sophisticated memory segmentation and interrupt handling.

Things to Take Note Of

• Protected mode:
• BIOS no longer usable D:
• i.e. Routines like INT 0x10, AH = 0xE no longer available
• Registers are extended to 32 bits (register name prefixed with an e, e.g. bx -> ebx), so registers in routines we defined before need be modified as well.

Obj I. print_string_pm()

• No BIOS display char routine now!
• Most computers begin in Video Graphics Array (VGA) colour text mode when booting.
• Thus: How to output a char to the correct memory address for the current VGA mode?
• Goal: Modify print_string() to accomplish the same task in PM now.

The Global Descriptor Table (GDT)

• Fundamental to the operation of PM.
• Gives CPU info about memory segments.

GDT Segment Descriptors

• Segment descriptors
• Entries in the GDT, data structures that give CPU attributes of a segment (chunk of memory with consistent properties).
• Attributes include segment’s base (aka starting address in memory), limit (aka max size), and flags (aka how it interacts with CPU).
• Intel x86’s Flat Memory Model
• Requires null descriptor in first GDT entry as well as one code segment and one data segment at minimum.

GDT Descriptor

• GDT descriptor: structure that describes the GDT
• Gives information on GDT size and offset (address)
• Loaded using LDGT assembly instruction (see switch_to_pm.asm).

The Switch from RM to PM

1. Must first disable interrupts (use ‘cli’).
2. Pass the GDT descriptor to the CPU.
3. Set the first bit of a special CPU control register, cr0.
4. Once cr0 is updated and a far jump is issued (forces CPU to flush its cache), the CPU is in 32-bit protected mode.

Obj 2: Demonstrating the switch in boot-sect.asm

• Goal: Starting in 16-bit RM, print out a message in RM. Then, make the switch to 32-bit PM, and print out another message in PM to indicate switch success.

Part II. The Kernel

The Kernel and Bootloader

• Bootloader: first software that runs when computer is turned on, load OS into memory, responsible for locating kernel, loading it into memory, and starting execution
• Once kernel loaded into memory, bootloader transfers control to kernel entry point

​

​

​

C Compilation

Linkers

• use linker to create actual executable code
• link together all routines in input object field into one executable binary file
• linker can output executable files in various formats

​

​

​

​

Cross Compilation

xcode-select -- install

• install xcode command-line tools

$ brew tap ArmMbed/homebrew-formulae

• install ArmMbed/homebrew-formulae

$ brew install arm-none-eabi-gcc

• install ARM GCC toolchains using Homebrew

configure build system and compile code

Writing our Kernel

​

​

​

​

​

​

​

​

Compile this into raw binary

$gcc -ffreestanding -c kernel.c -o kernel.o

$ld -o kernel.bin -Ttext 0x1000 kernel.o --oformat binary

​

Bootstrap Kernel

• kernel compiled as 32 bit instructions -> need to switch into 32 bit protected mode before executing kernel code
• which disk and from which sectors to load kernel code?
• kernel image: boot sector and kernel of OS grafted together

​

cat boot-sect.bin kernel.bin > os-image

Loading Kernel

load_kernel:

set-up parameters so we load the first 15 sectors (excluding the boot sector) from the boot disk to kernel offset address

​

Finding Way into Kernel

Resources

• Week 2 Skeleton: https://github.com/danieltherealyang/PreOS-Skeleton under folder week2.
• https://wiki.osdev.org/Printing_To_Screen

Check out our linktree:

linktr.ee/uclacyber