mirror of
https://github.com/ruvnet/RuVector.git
synced 2026-05-25 23:24:03 +00:00
639625efcc
Complete security audit remediation across all 14 RVM hypervisor crates: Security (87 findings fixed — 11 critical, 23 high, 30 medium, 23 low): - HAL: SPSR_EL2 sanitization before ERET, per-partition VMID with TLB flush, 2MB mapping alignment enforcement, UART TX timeout - Proof: Real P3 verification replacing stubs (Hash/Witness/ZK tiers), SecurityGate self-verifies P3 (no caller-trusted boolean) - Witness: SHA-256 chain hashing (ADR-142), strict signing default, NullSigner test-gated, XOR-fold hash truncation - IPC: Kernel-enforced sender identity, channel authorization - Cap: GRANT_ONCE consumption, delegation depth overflow protection, owner verification, derivation tree slot leak rollback - Types: PartitionId validation (reject 0/hypervisor, >4096) - WASM: Target/length validation on send(), module size limit, quota dedup - Scheduler: Binary heap run queue, epoch wrapping_add, SMP cpu_count enforcement - All integer overflow paths use wrapping_add/saturating_add/checked_add TEE implementation (ADR-142, all 4 phases): - Phase 1: SHA-256 replaces FNV-1a in witness chain, attestation, measured boot - Phase 2: WitnessSigner trait with SignatureError enum, HmacSha256WitnessSigner, Ed25519WitnessSigner (verify_strict), DualHmacSigner, constant_time.rs - Phase 3: SoftwareTeeProvider/Verifier, TeeWitnessSigner<P,V> pipeline - Phase 4: SignedSecurityGate, WitnessLog::signed_append, CryptoSignerAdapter, ProofEngine::verify_p3_signed, KeyBundle derivation infrastructure - subtle crate integration for ConstantTimeEq Performance (26 optimizations): - O(1) lookups: IPC channel, partition, coherence node, nonce replay - Binary max-heap scheduler queue (O(log n) enqueue/dequeue) - Coherence adjacency matrix + cached per-node weights - BuddyAllocator trailing_zeros bitmap scan + precomputed bit_offset LUT - Cache-line aligned SwitchContext (hot fields first) and PerCpuScheduler - DerivationTree O(1) parent_index, combined region overlap+free scan - #[inline] on 11+ hot-path functions, FNV-1a 8x loop unroll - CapSlot packing (generation sentinel), RunQueueEntry sentinel, MessageQueue bitmask Documentation: - ADR-142: TEE-Backed Cryptographic Verification (with 6 reviewer amendments) - ADR-135 addendum: P3 no longer deferred - ADR-132 addendum: DC-3 deferral resolved - ADR-134 addendum: SHA-256 + HMAC signatures 752 tests, 0 failures across 11 library crates + integration suite. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|---|---|---|
| .. | ||
| rvm-boot | ||
| rvm-cap | ||
| rvm-coherence | ||
| rvm-hal | ||
| rvm-kernel | ||
| rvm-memory | ||
| rvm-partition | ||
| rvm-proof | ||
| rvm-sched | ||
| rvm-security | ||
| rvm-types | ||
| rvm-wasm | ||
| rvm-witness | ||