Running app logic in the Secure world increases the attack surface of the Secure world. Instead of running app logic in the Secure world, Ginseng protects only sensitive data by keeping them in registers only when they are being used. When the data have to be saved to memory, Ginseng saves them to an encrypted memory region provided by a generic service in the Secure world.

Min Hong Yun and Lin Zhong, "Ginseng: Keeping secrets in registers when you distrust the operating system," in Proc. of Network and Distributed System Security Symposium (NDSS), Feb 2019. (PDF) (Distinguished Paper Finalist)

1. People

2. Instructions for Ginseng prototype

This section provides instructions how to download and build Ginseng prototype including the compiler and Secure world software.

2.1. LLVM Compiler

Ginseng extends the LLVM compiler for static protection. An app developer needs the compiler to compile an application with the sensitive keyword.

2.1.1. Prerequisites

Please refer to the LLVM build page: Specifically, you will need CMake, ninja, and Python. Recommended gcc and g++ version to build Ginseng compiler is 4.8.4 or 4.8.5 with corresponding multilib.

2.1.2. Download the compiler

The following command will download Ginseng’s LLVM extension.

$ git clone llvm_ginseng

2.1.3. Download clang, LLVM’s C language frontend

The following command will change the directory to the downloaded LLVM directory, download Clang, and check out a commit.

$ cd llvm_ginseng
$ .
$ cd ..

2.1.4. Build LLVM and Clang

The following command will build the compiler in the build_release directory.

$ mkdir build_release
$ cd build_release
$ cmake -G Ninja -DCMAKE_BUILD_TYPE=Release ../llvm_ginseng
$ ninja
$ cd ..

2.2. Software for the Normal and Secure world

Ginseng uses OP-TEE's software stack for the HiKey board. The following steps will download necessary software to boot the board.

2.2.1. Prerequisites

We assume that you’re building Ginseng on Ubuntu 14+ on x86_64 machine. Ginseng prototype uses software components from the OP-TEE project. Therefore, you need to download and install necessary packages to build the components. The following command copied from the OP-TEE project will do the job.

$ sudo apt-get install android-tools-adb android-tools-fastboot autoconf \
        automake bc bison build-essential cscope curl device-tree-compiler \
        expect flex ftp-upload gdisk iasl libattr1-dev libc6:i386 libcap-dev \
        libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev \
        libpixman-1-dev libssl-dev libstdc++6:i386 libtool libz1:i386 make \
        mtools netcat python-crypto python-serial python-wand unzip uuid-dev \
        xdg-utils xterm xz-utils zlib1g-dev

To build GService written in Rust, you need to install Rust. We recommend using rustup to install Rust. We also use xargo for cross compiling. The following command will install Rust and xargo.

$ curl -sSf | sh
$ rustup install nightly-2018-03-19
$ rustup default nightly-2018-03-19
$ rustup component add rust-src
$ cargo install --vers 0.3.8 xargo

2.2.2. Download Ginseng and other software components

The following command will download all software components for hikey boards into the hikey directory.

$ curl -sSf | sh

2.2.3. Download the toolchains

To cross-compile the downloaded components above, you need to download the toolchains. The following command will download necessary toolchains under the hikey/toolchains directory.

$ cd hikey/build
$ make toolchains
$ cd ..

2.2.4. Build the software

The following command will build all software components for the HiKey board.

$ cd build
$ .
$ cd ..

3. Applications

This section provides instructions how to build a Ginseng-enabled app using a sample app, otp_ginseng. The source code and makefile are in hikey/test_apps/otp.

3.1. Compiler and project paths

To build an app using the make file, the project directory and compiler directory needs to be fixed. In the beginning of the makefile, there are two variables HIKEY_DIR and LLVM_BUILD_PATH.


Fix the first variable to point to the project directory. Fix the second variable to point to the LLVM build directory.

3.2. Build an application

After fixing the compiler and project paths, you can build an application from .c to an executable. Go to the test app’s build directory and build the app using the following commands.

cd test_apps/otp/release

Then, the executable otp_ginseng will be generated in the directory. You can copy the file to the root filesystem or a microSD card and run it on the HiKey board.

4. Acknowledgments

This work was supported in part by NSF Award #1611295, #1701374 and #1730574.