Skip to main content

What is Miralis?

Miralis is a RISC-V firmware that virtualizes RISC-V firmware. We call Miralis a Virtual Firmware Monitor.

Motivation

Usually, low level software is granted high privilege. For instance, on RISC-V, platform-specific operations such as cache configuration and power management are handled in M-mode, with full access to all the machine's code and data. This is not a great situation: any bug or vulnerability in the machine's firmware can take down or compromise the whole system.

This can be easily solved by re-designing system firmware, leveraging ideas from the multitude of micro-kernels. Unfortunately, it is hard to convince all hardware vendors to re-design their firmware. Miralis provides an alternative solution by efficiently de-privileging unmodified vendor firmware.

How does it work?

On RISC-V processors, firmware typically runs in M-mode, below the kernel:

        ┌──────────────┐
U-mode  │   User App   │
        ├──────────────┤
S-mode  │    Kernel    │
        ├──────────────┤
M-mode  │   Firmware   │
        └──────────────┘

Miralis instead runs firmware in U-mode and emulates privileged instructions and memory accesses, creating the illusion of a virtual M-mode (vM-mode). This is a classic virtualization technique also known as trap and emulate.

        ┌──────────────┐ ┌────────────┐
U-mode  │   User App   │ │  Firmware  │ vM-mode
        ├──────────────┤ └────────────┘
S-mode  │    Kernel    │
        ├──────────────┴──────────────┐
M-mode  │           Miralis           │
        └─────────────────────────────┘

Internally, Miralis implements an emulator for the privileged subset of the RISC-V instruction set, and keeps shadow copies of all privileged control and status registers (CSRs). The virtualized firmware can only observe and modify the shadow copies of the CSRs, but not the actual hardware registers. Similarly, Miralis uses physical memory protection (PMP) to block access to sensitive memory regions. This allows Miralis to virtualized memory mapped I/O devices (MMIO) such as interrupt controllers.

Importantly, Miralis does not interfere with the kernel or user applications execution, and therefore introduces no overhead on OS execution.

What can Miralis be useful for?

Virtualizing the firmware can be useful for a variety of use cases:

  • Security: Miralis can enforce strict boundaries between firmware and the rest of the system, limiting the impact of firmware bugs and vulnerabilities. Miralis also supports Trusted Execution Environments (TEEs), such as secure enclaves.
  • Debugging: Miralis fully virtualizes firmware state, and can be used to inspect or modify registers, inject virtual interrupts, and emulate MMIO devices.
  • Reverse engineering: Miralis interposes on all firmware operations, and can collect traces of firmware behavior such as access patters to MMIO devices.

Which platforms are supported?

Currently, Miralis supports 64-bits RISC-V platforms. The CPU must have support for at least M and U-mode as well as physical memory protection (PMP). Currently supported platforms are listed here. Adding support for additional platforms should be relatively straightforward.