jack/website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial jekyll refactor

Browse Source
This commit is contained in:
Jack Bond-Preston 2022-11-19 18:57:04 +00:00
parent e3c7e0e862
commit df9a165ff0
Signed by: jack
GPG Key ID: 010071F1482BA852
137 changed files with 2672 additions and 1771 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.jekyll-cache

7
Gemfile Normal file
View File

@ -0,0 +1,7 @@
source "https://rubygems.org"
gem 'jekyll', '~> 4.0'
group :jekyll_plugins do
gem 'jekyll_picture_tag', '~> 2.0'
end

84
Gemfile.lock Normal file
View File

@ -0,0 +1,84 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.1)
public_suffix (>= 2.0.2, < 6.0)
colorator (1.1.0)
concurrent-ruby (1.1.10)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0)
eventmachine (1.2.7)
ffi (1.15.5)
forwardable-extended (2.6.0)
http_parser.rb (0.8.0)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
jekyll (4.3.1)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
i18n (~> 1.0)
jekyll-sass-converter (>= 2.0, < 4.0)
jekyll-watch (~> 2.0)
kramdown (~> 2.3, >= 2.3.1)
kramdown-parser-gfm (~> 1.0)
liquid (~> 4.0)
mercenary (>= 0.3.6, < 0.5)
pathutil (~> 0.9)
rouge (>= 3.0, < 5.0)
safe_yaml (~> 1.0)
terminal-table (>= 1.8, < 4.0)
webrick (~> 1.7)
jekyll-sass-converter (2.2.0)
sassc (> 2.0.1, < 3.0)
jekyll-watch (2.2.1)
listen (~> 3.0)
jekyll_picture_tag (2.0.4)
addressable (~> 2.6)
jekyll (~> 4.0)
mime-types (~> 3.0)
objective_elements (~> 1.1)
rainbow (~> 3.0)
ruby-vips (~> 2.0.17)
kramdown (2.4.0)
rexml
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
liquid (4.0.3)
listen (3.7.1)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
mercenary (0.4.0)
mime-types (3.4.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2022.0105)
objective_elements (1.1.2)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (5.0.0)
rainbow (3.1.1)
rb-fsevent (0.11.2)
rb-inotify (0.10.1)
ffi (~> 1.0)
rexml (3.2.5)
rouge (4.0.0)
ruby-vips (2.0.17)
ffi (~> 1.9)
safe_yaml (1.0.5)
sassc (2.4.0)
ffi (~> 1.9)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
unicode-display_width (2.3.0)
webrick (1.7.0)
PLATFORMS
x86_64-linux
DEPENDENCIES
jekyll (~> 4.0)
jekyll_picture_tag (~> 2.0)
BUNDLED WITH
2.3.26

10
_config.yml Normal file
View File

@ -0,0 +1,10 @@
url: "https://jackbondpreston.me" # the base hostname & protocol for your site, e.g. http://example.com
baseurl: "" # the subpath of your site, e.g. /blog
title: "jack bond-preston" # the name of your site, e.g. ACME Corp.
show_dir_listing: true
safe: false
picture:
source: "pictures/"

26
_layouts/default.html Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE html>
<!--
  l、
゙(゚、 。
 l、゙ ~ヽ
 じしf_, )
-->
<html lang="{{ site.lang | default: " en-US" }}">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>{{ page.title }} - {{ site.title }}</title>
<link rel="stylesheet" href="{{ '/assets/css/main.css' | relative_url }}">
<link rel="stylesheet" href="{{ '/assets/css/pygments.css' | relative_url }}">
</head>
<body>
{{ content }}
</body>
</html>

214
_layouts/post-sensor-watch.html Normal file
View File

@ -0,0 +1,214 @@
<!DOCTYPE html>
<!--
  l、
゙(゚、 。
 l、゙ ~ヽ
 じしf_, )
-->
<html lang="{{ site.lang | default: " en-US" }}">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>{{ page.title }} - {{ site.title }}</title>
<link rel="stylesheet" href="{{ '/assets/css/main.css' | relative_url }}">
<style>
body {
padding: 0;
margin: 0;
min-height: 100vh;
}
.wrapper {
display: grid;
grid-template-columns: 30rem auto;
grid-template-rows: auto;
gap: 0;
min-height: 100vh;
}
.article {
padding: 5rem;
padding-bottom: 1rem;
}
.side {
background-image: url(/assets/images/sensor-watch/f91w-strap.svg);
background-repeat: repeat-y;
}
.side>svg {
width: 30rem;
position: fixed;
}
@media only screen and (max-width: 1200px) {
.wrapper {
grid-template-columns: 10rem auto;
grid-template-rows: auto;
}
.side>svg {
width: 10rem;
}
.article {
padding-left: 1rem;
padding-right: 1rem;
padding-top: 1rem;
font-size: 1rem;
}
}
@media only screen and (max-width: 600px) {
.side {
display: none;
}
.wrapper {
grid-template-columns: auto;
grid-template-rows: auto;
}
.article {
padding: 10px;
font-size: 0.8rem;
}
}
</style>
</head>
<body>
<div class="wrapper">
<div class="side">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 300 500">
<defs>
<style>
.cls-1 {
fill: #0c1113;
}
.cls-2 {
fill: none;
stroke: #f6b4c1;
stroke-miterlimit: 10;
stroke-width: 2px;
}
.cls-3 {
fill: #f6b4c1;
}
</style>
</defs>
<g id="Layer_5" data-name="Layer 5">
<rect class="cls-1" width="300" height="500" />
</g>
<g id="Layer_1" data-name="Layer 1">
<path class="cls-2"
d="M150,335.07c-21-.18-53.88.56-76.78-1-1.15.37-6.4-1.85-7.11-3.33-11.43-13.68-14.6-19.62-14.67-31.33-1-13-1.27-26.4-2-49.34" />
<path class="cls-2"
d="M150,329.83c-20.3-.19-49.15.57-71.32-1-1.12.37-7.19-1.87-7.89-3.38-11.06-13.86-13.12-19.87-13.19-31.74-.92-13.2-1-20.39-1.73-43.63" />
<path class="cls-2"
d="M150,352.07S59.42,351,58.31,350.52s-20.67-32.89-21.11-34-2.89-66.45-2.89-66.45" />
<path class="cls-2"
d="M150,364.3s-93.23-1-94.34-1.42S28.31,318.3,27.86,317.19s-2.65-67.12-2.65-67.12" />
<polyline class="cls-2" points="27.68 315.07 20.48 310.24 17.14 264.91 25.21 257.91" />
<path class="cls-2"
d="M150,335.07c21-.18,53.87.56,76.78-1,1.15.37,6.39-1.85,7.11-3.33,11.43-13.68,14.6-19.62,14.67-31.33.94-13,1.26-26.4,2-49.34" />
<path class="cls-2"
d="M150,329.83c20.29-.19,49.15.57,71.32-1,1.11.37,7.19-1.87,7.88-3.38,11.06-13.86,13.13-19.87,13.2-31.74.91-13.2,1-20.39,1.73-43.63" />
<path class="cls-2"
d="M150,352.07s90.56-1.11,91.67-1.55,20.66-32.89,21.11-34,2.89-66.45,2.89-66.45" />
<path class="cls-2"
d="M150,364.3s93.22-1,94.33-1.42,27.34-44.58,27.78-45.69,2.65-67.12,2.65-67.12" />
<polyline class="cls-2" points="272.29 315.07 279.5 310.24 282.83 264.91 274.76 257.91" />
<path class="cls-2"
d="M150,165c-21,.19-53.88-.56-76.78,1-1.15-.36-6.4,1.85-7.11,3.33C54.66,183,51.49,189,51.42,200.67c-1,13-1.27,26.39-2,49.33" />
<path class="cls-2"
d="M150,170.24c-20.3.19-49.15-.56-71.32,1-1.12-.36-7.19,1.88-7.89,3.38-11.06,13.86-13.12,19.88-13.19,31.74-.92,13.21-1,20.39-1.73,43.63" />
<path class="cls-2" d="M150,148s-90.56,1.11-91.67,1.56-20.67,32.88-21.11,34S34.31,250,34.31,250" />
<path class="cls-2"
d="M150,135.78s-93.23,1-94.34,1.41-27.33,44.59-27.78,45.7S25.21,250,25.21,250" />
<polyline class="cls-2" points="27.68 185 20.48 189.83 17.14 235.17 25.21 242.17" />
<path class="cls-2"
d="M150,165c21,.19,53.87-.56,76.78,1,1.15-.36,6.39,1.85,7.11,3.33,11.43,13.69,14.6,19.62,14.67,31.34.94,13,1.26,26.39,2,49.33" />
<path class="cls-2"
d="M150,170.24c20.29.19,49.15-.56,71.32,1,1.11-.36,7.19,1.88,7.88,3.38,11.06,13.86,13.13,19.88,13.2,31.74.91,13.21,1,20.39,1.73,43.63" />
<path class="cls-2" d="M150,148s90.56,1.11,91.67,1.56,20.66,32.88,21.11,34S265.67,250,265.67,250" />
<path class="cls-2"
d="M150,135.78s93.22,1,94.33,1.41,27.34,44.59,27.78,45.7S274.76,250,274.76,250" />
<polyline class="cls-2" points="272.29 185 279.5 189.83 282.83 235.17 274.76 242.17" />
</g>
<g id="Layer_3" data-name="Layer 3">
<path class="cls-2"
d="M224.67,250c-.35,3.5,1,31.12-1.07,33.66-1.35,4.06-5.75,5.94-9.78,5.9H86.51c-4,0-8.43-1.84-9.77-5.9-2-2.3-.74-30.41-1.07-33.66.35-3.58-.92-20.74,1.07-23.77,1.34-4.06,5.75-5.95,9.77-5.9H213.82c4,0,8.43,1.84,9.78,5.9C225.57,229.27,224.35,246.4,224.67,250Z"
id="screen" />
<path class="cls-2"
d="M229.33,247.11c-.36,4.09,1,36.37-1.13,39.33-1.43,4.75-6.09,6.95-10.35,6.89H83c-4.26.06-8.92-2.14-10.35-6.89-2.13-2.69-.78-35.53-1.13-39.33.37-4.19-1-24.23,1.13-27.77,1.43-4.75,6.09-7,10.35-6.89H217.85c4.26-.06,8.92,2.14,10.35,6.89C230.28,222.89,229,242.91,229.33,247.11Z" />
<g id="CASIO">
<path class="cls-2"
d="M97.31,181.28a3.36,3.36,0,0,0-.2-1.34,1.91,1.91,0,0,0-.44-.63,3.49,3.49,0,0,0-1.28-.31c-.36-.06-1.72-.14-2.14-.14a20.79,20.79,0,0,0-3.11.17c-.14.14-.72.28-.89.5a2.43,2.43,0,0,0-.47,1.16v1.78c0,.47-.06,1.84,0,2a2.64,2.64,0,0,0,.53,1.06,3,3,0,0,0,1.22.44,23.26,23.26,0,0,0,2.8.09,23.2,23.2,0,0,0,2.42,0,1.9,1.9,0,0,0,1.06-.41,1.32,1.32,0,0,0,.5-1.05,4.25,4.25,0,0,1,0-.78" />
<path class="cls-2"
d="M100,186.71c0-1.13,3.1-5.88,3.69-7.25a1.45,1.45,0,0,1,.23-.47c.17-.16.35-.14.93-.13s.64,0,.73.16c.75,1.48,2.61,5.22,3,5.9a4.31,4.31,0,0,1,.79,1.79" />
<line class="cls-2" x1="101.07" y1="184.13" x2="108.15" y2="184.13" />
<path class="cls-2"
d="M120,180.36c.15-2.21-2.17-1.64-4.08-1.67-1,0-2.47,0-2.75.36-1.37,1-1.23,3.06.74,3.41,1.57.31,4.21-.33,5.5.07,1.56.79,1.58,3.44-.5,3.55-1.56-.08-6.23.93-6.63-1.5" />
<path class="cls-2" d="M123.92,177.83s.14,6.61,0,9.13" />
<path class="cls-2"
d="M128.06,182.59a6.3,6.3,0,0,0,.11,2.08c.25.5.86,1.35,1.52,1.4s3.31,0,3.31,0a25.08,25.08,0,0,0,2.61,0c.28-.1.92-.1,1.06-.68s.3-.66.27-1.26-.08-2.19-.08-2.19a13.37,13.37,0,0,0,0-1.92,1.37,1.37,0,0,0-.59-.92,14.78,14.78,0,0,0-1.53-.39H132a12.52,12.52,0,0,0-2.3,0c-.28.14-.95.19-1.17.5a2.33,2.33,0,0,0-.41,1.19C128.11,180.79,128.06,182.59,128.06,182.59Z" />
</g>
<g id="F-91W">
<path class="cls-2"
d="M167.94,186.22a18.32,18.32,0,0,1,.64-2.94s.56-2.79.64-2.95a45.6,45.6,0,0,1,5.34,0" />
<path class="cls-2" d="M173.06,183.28c-.92-.11-4.48,0-4.48,0" />
<path class="cls-2" d="M176.69,183.85c2,.15,3-.31,5.25,0" />
<path class="cls-2"
d="M186.39,184.94c.84,1.58,3.78.91,4.83,0,1.69-2.54,1.8-4.89-2-4.55-6.28,1.92,2.2,5.1,3.06,1.13" />
<path class="cls-2"
d="M197.39,186.83c.09-1.6.57-2.3.92-4.25a13.46,13.46,0,0,0,.63-2.83c.09,2.21-2,2-3.58,1.92" />
<path class="cls-2"
d="M204.08,179.75s0,3.52.06,4,.12,1.9.12,1.9h1.16s1.52-2.69,1.86-3.44a4.41,4.41,0,0,1,.52-1l.32-.59,1.25,0s0,.21,0,.93-.09,3.95-.09,3.95h1.35l.41-.68c.27-.46,2.39-3.53,2.39-5.11" />
</g>
<path class="cls-2" d="M18.29,211.06H10.53s-1.46-.81-1.46,8.11c0,8.42,2.17,7.78,2.17,7.78h6.34"
onmouseover="document.getElementById('screen').style.fill='blue';"
onmouseleave="document.getElementById('screen').style.fill='none';" />
<path class="cls-2" d="M18.29,288.94H10.53s-1.46.81-1.46-8.11c0-8.42,2.17-7.78,2.17-7.78h6.34" />
<path class="cls-2" d="M281.71,288.94h7.76s1.46.81,1.46-8.11c0-8.42-2.17-7.78-2.17-7.78h-6.34" />
</g>
<g id="Layer_4" data-name="Layer 4">
<path class="cls-2"
d="M150,306.44H125.88c-1.36,0-2,.2-2.44.84-.28.44-.28.44-.56,1.94a24.24,24.24,0,0,0,0,6.59,9.45,9.45,0,0,0,2.39,4.66c1.22,1,3.81,3.56,5.47,3.61s19.25,0,19.25,0" />
<polygon class="cls-3"
points="63.43 307.26 118.99 307.26 118.99 309.26 63.91 309.26 63.43 307.26" />
<polyline class="cls-2" points="149.99 110.44 63.43 110.44 55.66 137.19" />
<polygon class="cls-3"
points="62.63 195.75 149.99 195.75 149.99 193.75 63.11 193.75 62.63 195.75" />
<line class="cls-2" x1="65.99" y1="110.44" x2="65.99" />
<line class="cls-2" x1="65.99" y1="389.42" x2="65.99" y2="500" />
<polyline class="cls-2" points="149.99 389.42 63.43 389.42 55.66 362.67" />
<path class="cls-2"
d="M150,306.44h24.11c1.36,0,2,.2,2.45.84.27.44.27.44.55,1.94a24.24,24.24,0,0,1,0,6.59,9.45,9.45,0,0,1-2.39,4.66c-1.22,1-3.8,3.56-5.47,3.61s-19.25,0-19.25,0" />
<polygon class="cls-3" points="236.56 307.26 181 307.26 181 309.26 236.08 309.26 236.56 307.26" />
<polyline class="cls-2" points="150 110.44 236.56 110.44 244.33 137.19" />
<polygon class="cls-3" points="237.36 195.75 150 195.75 150 193.75 236.89 193.75 237.36 195.75" />
<line class="cls-2" x1="234" y1="110.44" x2="234" />
<line class="cls-2" x1="234" y1="389.42" x2="234" y2="500" />
<polyline class="cls-2" points="150 389.42 236.56 389.42 244.33 362.67" />
</g>
</svg>
</div>
<div class="article">
<h1><a href="{{ page.url }}">{{ page.title }}</a></h1>
{{ content }}
<hr>
<p><a href="mailto:jackbondpreston@outlook.com">email me</a> to have a conversation</p>
</div>
</div>
</body>

13
_layouts/post.html Normal file
View File

@ -0,0 +1,13 @@
---
layout: default
---
<div class="article">
<h1><a href="{{ page.url }}">{{ page.title }}</a></h1>
{{ content }}
<hr>
<p><a href="mailto:jackbondpreston@outlook.com">email me</a> to have a conversation</p>
</div>

6
_plugins/header.rb Normal file
View File

@ -0,0 +1,6 @@
# https://stackoverflow.com/a/53893197/
class Jekyll::MarkdownHeader < Jekyll::Converters::Markdown
def convert(content)
super.gsub(/<h(2) id="(.*?)">(.*)<\/h(\d)>/, '<h\1 id="\2">\3<a href="#\2" class="header-link">[<img src="/assets/images/link.svg" />]</a></h\1>')
end
end

102
_posts/2022-11-14-sensor-watch.md Normal file
View File

@ -0,0 +1,102 @@
---
layout: post-sensor-watch
title: "sensor watch"
---
## preamble
some time back I was browsing [Crowd Supply](https://www.crowdsupply.com/) when I came across [the Sensor Watch project](https://www.crowdsupply.com/oddly-specific-objects/sensor-watch) by [Joey Castillo](https://github.com/joeycastillo). I had wanted some kind of "hackable" watch for a while, and had looked at things like [Watchy](https://www.crowdsupply.com/sqfmi/watchy), but this project hit the sweet spot for me. I love my existing F91-W, and this project was a good combination of open source with community software support. one key feature that was important to me is battery life - the Sensor Watch battery life in an average usage scenario is so long that [Joey's is still going strong](https://twitter.com/josecastillo/status/1590066358351298560)!
I was excited to pick one up and start messing around with it, but the first issue I came across was availability - the delivery date for Crowd Supply orders was summer 2023 (I think they ended upbeing delivered sooner than this, not sure). on top of this, shipping and import fees made it pretty prohibitively expensive. I've always found this to be an issue with Crowd Supply as someone based in the UK, even some things designed in the UK are very expensive from Crowd Supply as they are assembled in/shipped from the US. so I decided to build one myself! of course, this is more expensive than just buying it, but this was a learning experience and [knowledge is power](https://www.reddit.com/r/AskReddit/comments/dxosj/what_word_or_phrase_did_you_totally_misunderstand/c13pbyc/)!
## component acquisition
the first challenge was acquiring all the necessary parts to actually build one. I downloaded [the PCB files](https://github.com/joeycastillo/Sensor-Watch/tree/main/PCB/Main%20Boards) and generated a [BOM](https://en.wikipedia.org/wiki/Bill_of_materials) to figure out exactly what I needed to acquire. I'm sure in ordinary times this would be easy enough, but the current state of some electronics/silicon supply chains had other things to say. some parts are of course still easy to come across, e.g. 10pF 0402 caps and 10k 0603 resistors; most of the components of the Sensor Watch are this kind of commonplace part. what quickly became clear from some scouring of the internet was that my main problem was going to be two parts: the [ATSAML22J18A-MUT](https://www.microchip.com/en-us/product/ATSAML22J18A)(the processor driving the Sensor Watch), and the [FH19C-9S-0.5SH(10)](https://www.hirose.com/en/product/series/FH19C__FH19SC) (the connector used to attach the extra sensor boards).
### ATSAML22J18A-MUT
the former of these was a fairly well discussed shortage that had been ongoing for a while. it was
[the driving force of the Sensor Watch Crowd Supply delay](https://www.crowdsupply.com/oddly-specific-objects/sensor-watch/updates/blue-boards-shipping-check-your-address-green-boards-delayed-and-other-news-of-the-watch). I spent quite a lot of time searching around the internet, looking at various sites on the English-speaking and Chinese-speaking web. sadly this part was clearly in very short supply, and prices could get pretty insane from vendors that did have some stock. I received quotes for unit prices that include the following (USD/GBP): $79.35, $6.56, $13.61, $6.83 (MOQ 4000), £6.45. I guess some people are desperate enough to pay $79.35 :(. I spent so long looking for them that they ended up randomly coming back in stock on [MicrochipDirect](https://www.microchipdirect.com/). as of the time of writing this article, [they are again out of stock](https://www.microchipdirect.com/product/ATSAML22J18A-MUT). the unit price I bought them for was £3.92, shipping and handling was ~£12.
### FH19C-9S-0.5SH(10)
this part was out of stock everywhere I initially looked (the usual contenders for parts). I searched around in a similar manner as the ATSAML22J18A-MUT, and found some similarly wild pricing. I ended up purchasing a small quantity at a unit price of £0.44 from a website called
[dacikeys](http://archive.today/2022.11.13-230943/https://www.dacikeys.net/). yes, the site is actually called this. yes, the unit price is cheaper than digikey and mouser. yes, I actually received all of my order, consisting of working parts. I was definitely shocked that this happened, but sometimes bravery pays off I guess. I still can't endorse this shop.
### PCB and stencil
for the PCB I opted to go with [JLCPCB](https://jlcpcb.com/). I simply uploaded the relevant gerbers, and adjusted the necessary settings. notably, [the thickness should be 0.6mm](https://github.com/joeycastillo/Sensor-Watch/issues/14#issuecomment-922974276">) - this does narrow the choice of manufacturer (for example, OSH Park doesn't go this thin). I haven't yet ordered any sensor board PCBs, but [PCBWay](https://www.pcbway.com/) seems to be *the* option there. The PCB turned out great, although the silkscreen is a little hard to read at this size due to lack of sharpness:
{% picture jpt-webp sensor-watch/pcb.jpg --alt a closeup of a sensor watch PCB %}
## assembly
I decided to assemble myself. partially because the logistics of paying for assembly when I had to source parts from many different providers seemed like a headache, partially because I thought it would be a fun challenge and learning experience!
a few things were necessary to solder the components to this PCB. I'm sure someone talented could hand solder this with an iron, but I can name a lot of things I'd rather do than try to do that
(especially the [QFN](https://en.wikipedia.org/wiki/Flat_no-leads_package) SAML) - and that list includes unpleasant things. I opted to go with
[hotplate soldering](http://www.flyelectric.org.uk/hot_plate.htm), which is a cheaper way to access the ease of reflow soldering. for a PCB like the Sensor Watch, where almost all the components are on one side, it's ideal. the hotplate I have is the ever-popular
[MHP30](https://www.miniware.com.cn/product/mhp30-mini-hot-plate-preheater/), which I run [IronOS](https://github.com/Ralim/IronOS) on. I highly recommend it, it's great! my soldering iron is the iconic
[Pinecil](https://pine64.com/product/pinecil-smart-mini-portable-soldering-iron/) (not the [fancy new V2](https://www.pine64.org/2022/07/28/july-update-a-pinecil-evolved/) though :[) which also runs IronOS. nice!
### process
the assembly process is as follows:
- apply solder paste to the PCB with the stencil. make sure the stencil is really flush and justkind of squeegee it on with a plastic card. I used tape to hold it in place. then carefully removed the stencil, avoiding smudging the paste in doing so.
- place components on the PCB. this was by far the most painful part of the whole process. a steady hand is not something I was blessed with, and some of these parts are really small. I used a microscope from Amazon for this, the ample manouverable lighting was a big help. a lot of time and patience is required, but it's very first time doable with no prior experience! simply go through the parts one by one, or by area of the board - whatever you prefer. then pick up the respective part with some fine tweezers, and slowly put in place on the solder paste. thankfully, the paste will lightly stick the component in place once you've done this (it is not knock-proof though!).
- carefully (really!) place the PCB onto the hotplate and heat up. keep on until everything seems to be melted, and the components have hopefully been pulled into place. that's the top side done! let it cool down, then move on to the bottom.
- time for some hand soldering. the button is pretty small, and very fiddly to do. I found you don't need too much precision, but you have to be really careful with your iron as the plastic button will melt if you touch it. once that's in place, it's just a matter of
[removing the buzzer connector from your old PCB and soldering it onto the back of the Sensor Watch PCB.](https://youtu.be/Zr0pKeC2VFU?t=185) this will feel blissfully easy after the button! you also have to place the battery clip, but no soldering needed here :).
one area I found particularly difficult was the area with the oscillator crystal and the two 0402 capacitors, C7 and C8. things are a bit cramped here, so extra care was needed:
{% picture jpt-webp sensor-watch/c7c8.jpg --alt a closeup of a sensor watch PCB, with an area circled. the area contains some small, and closely grouped pads %}
## software
at this point the watch was assembled with all components in place. did it work? at this stage, no idea. hopefully yes, and I could progress to the more familiar world of embedded software.
### bootloader
the next necessary step is to flash the bootloader, so that we can put the firmware in place. unfortunately this requires a little more real-world action. we need to access the SWD points on the board to write the bootloader. ideally you could do this with some kind of
[pogo pin](https://en.wikipedia.org/wiki/Pogo_pin) jig - and if you were doing any number exceeding about 5 I'm sure this would be worth the time. however, I decided to just solder some jump wires (stripped on one end, solid tip female on the other) to the points on the board. they're all close, but it's easy enough to do (albeit ugly). then I connected these to my
[Adafruit Trinket M0](https://www.adafruit.com/product/1501) (PyRuler would also work).the pin mapping is as follows: SWD=0, SWC=1, RST=3, V+=3V, GND=GND.
I used the
[flasher from the sensor watch repo to flash the bootloader](https://github.com/joeycastillo/Sensor-Watch/blob/main/utils/flash_watch_pyruler/flash_watch_pyruler.ino). note that you could build the bootloader yourself first and put the generated binary into bootloader.h - the source is located
[here](https://github.com/joeycastillo/uf2-samdx1). personally, I just used the prebuilt version from the repo. I had to change part of the Adafruit DAP library and add the SAM L22 DID to get this to work,
[I provided the diff of this change](https://github.com/joeycastillo/Sensor-Watch/issues/83#issuecomment-1229353899) in a Sensor Watch GitHub issue (I just now am remembering I promised to upstream this, oops!). mercifully, I got the red blinky LED, and all was good! I unsoldered the wires from the board, and tried to clean up most of the solder blob to keep the board fairly flat.
### movement
now the bootloader is in place, the main firmware can be installed!
[the community firmware, Movement](https://www.sensorwatch.net/docs/movement/)is great, so this is what I installed. there are a bunch of different useful faces available, and more functionality is always being added.
flashing firmware was easy: I plugged the PCB into the end of a USB Micro B cable (plugged on the other end into my computer) and double tapped the reset button (I find this has to be done quite quickly, using my fingernail was the trick to doing this reliably on such a small button). done successfully, the LED on the board pulses and a new drive labelled "WATCHBOOT" appears on the computer. now a built UF2 firmware file can just be dragged onto the device to flash, thanks to the bootloader flashed earlier. for the initial test, I just used a
[prebuilt image](https://www.sensorwatch.net/docs/firmware/prebuilt/) to check everything was working. I flashed this, and the LED pulsed and turned off, signalling success.
from here I just assembled the watch with the Sensor Watch PCB, and it worked! I verified LED and buzzer function by playing around with various functionality. success!
## developing on movement
one face I found particularly cool was the [TOTP face](https://github.com/joeycastillo/Sensor-Watch/blob/main/movement/watch_faces/complication/totp_face.c). I use [TOTP](https://en.wikipedia.org/wiki/Time-based_one-time_password)
[2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) on various accounts, so having access to the codes on my wrist at all times was really appealing. at the time, the TOTP face only supported one key - so I decided to improve it.
thankfully, Sensor Watch has an emulator for development. without this, development would be pretty tiresome with the flashing and reassembling of the watch getting tiring if you needed to iterate on some code and test it on the watch. the emulator runs inside the browser and uses
[Emscripten](https://en.wikipedia.org/wiki/Emscripten).
[some minimal instructions on how to build this is available on the README](https://github.com/joeycastillo/Sensor-Watch#using-the-movement-framework). this allowed me to extend the TOTP face easily and allow for multiple keys.
[my PR was merged](https://github.com/joeycastillo/Sensor-Watch/pull/84), and the functionality is now available for anyone to use. the keys are added at compile time, so they are baked into the firmware on flashing. for my purposes this is fine, as I never really change them. however, with the recent addition of a
[LittleFS](https://os.mbed.com/blog/entry/littlefs-high-integrity-embedded-fs/) filesystem, the community have added [a version of the face which stores the keys on the filesystem](https://github.com/joeycastillo/Sensor-Watch/blob/main/movement/watch_faces/complication/totp_face_lfs.c). awesome!
some more details on using Sensor Watch for TOTP is available
[on this blog post](https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/)
([HN discussion, if you dare](https://news.ycombinator.com/item?id=33243434)). it's even running my code :)!
## epilogue
some summary thoughts:
- shoutout to Joey Castillo. for creating the Sensor Watch as a beautifully open source project (the fact I could independently make my own is what it's all about!). for being
[so helpful and kind](https://github.com/joeycastillo/Sensor-Watch/issues/83) when I asked for help. for having such a positive attitude towards those in the community who are using Sensor Watch to learn about all kinds of things (seriously, check out the
[Oddly Specific Objects Discord](https://discord.gg/NtMVTBNca7) to see how much this guy is giving to the community).
- sometimes it's worth just trying things that are difficult. this is my first time successfully doing and small-scale soldering of this kind, and it worked out great with some patience. having the motivation from making something I thought was really cool was an important factor here I think.
- if you have a Sensor Watch (or are planning to!) please go ahead and [contribute to movement](https://github.com/joeycastillo/Sensor-Watch) if you have a cool idea. I'm sure some reviews would be helpful to spot any issues on existing PRs before a maintainer gets to them to save some time.
- the one issue I've had with using my Sensor Watch for TOTP is clock accuracy. the clock drifts over time, so I have to set the time once or twice a week to keep it nice and accurate for the TOTP functionality to be nice to use. but a community member is working on this, and it's going to get a lot better. check out the Discord channel to see some seriously cool engineering going into this calibration effort.
{% picture sensor-watch/watch1.jpg --alt a shot of a yellow and black assembled sensor watch, lying horizontally on a surface %}
{% picture sensor-watch/watch2.jpg --alt a shot of a yellow and black assembled sensor watch, lying vertically on a surface %}
{% picture sensor-watch/wrist.jpg --alt a shot of a yellow and black assembled sensor watch, on the author's wrist %}

234
_posts/cheri/2022-11-19-cheri.md Normal file
View File

@ -0,0 +1,234 @@
---
layout: post
title: "CHERI"
---
## preamble
[CHERI](https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) is an acronym for Capability Hardware Enhanced RISC Instructions. it is a security-focussed project aimed at improving memory protection at the hardware level. the project is complex and it has many potential applications.
in this article I will go into some basics to give an understanding behind some changes that CHERI makes to how programs execute and are written. this will be focussed almost entirely in C, as this is where my experience lies - it is also where some of the effects of CHERI are most easily felt.this article is going to be a _very simplistic_ introduction to CHERI, and I'm going to attempt to explain the basics behind everything I cover. a basic understanding of C will be beneficial.
***note:*** [the Morello platform](https://www.arm.com/architecture/cpu/morello) is an evaluation board produced by [Arm](https://www.arm.com/) to provide a physical implementation of CHERI extending [the Arm AArch64 ISA](https://en.wikipedia.org/wiki/AArch64). I previously worked on this platform at Arm, [porting the musl C library to Morello](https://git.morello-project.org/morello/musl-libc/). implementations for CHERI that are worth looking into from a more open perspective <a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-951.pdf"> are the MIPS (chapter 4) and RISC-V (chapter 5) ones</a>. Morello is the only implementation that exists in a true hard core format, afaik - but this is obviously hard to obtain so you'll just be playing around with emulators/models anyway.
## memory safety bugs
to first understand how CHERI tries to fix some simple issues, let's first look at some simplified examples of issues that arise when we aren't using a CHERI-based architecture.
### a simple memory safety bug
let's take a look at this C code:
{% highlight c linenos %}
{% include_relative code/membug.c %}
{% endhighlight %}
now let's try using our new program:
{% highlight console %}
$ ./membug
enter your name: jack
hello jack
my_perfect_string: what a beautiful string
{% endhighlight %}
works on my machine boss! code review +1, and merged... until our good friend <a href="https://en.wikipedia.org/wiki/Hubert_Blaine_Wolfeschlegelsteinhausenbergerdorff_Sr.">Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.</a> comes along. he emails me a strangeerror he's seen:
{% highlight console %}
$ ./membug
enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
hello Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
my_perfect_string: hausenbergerdorff Sr.
{% endhighlight %}
that's not supposed to happen! his name has spilled over into our `my_perfect_string[]` array! turns out our issue is that when we use `fgets()`, we've set the second parameter, `size`, to `1000` - but our `user_name[32]` array c1593an only fit 32 characters (and the last of these should be a null terminator, so 31 usable characters).
`fgets` fills up `user_name`, but it hasn't finished with the name yet! it doesn't care (or know) that `user_name` is full, it's just going to keep going until it finishes our user input, or reads 999 characters from standard input. and thus it keeps mindlessly writing, overwriting the memory we've used to store our precious perfect string (which happens to be immediately after `user_name`). let's take a look at the stack in GDB to see why this happens:
{% highlight plaintext %}
(gdb) b memdebug.c:7
(gdb) run
Breakpoint 1, main () at membug.c:7
7 printf("enter your name: ");
(gdb) n
8 fgets(user_name, 1000, stdin); // get user's name from stdin
(gdb) n
9 printf("hello %s", user_name);
(gdb) x/56bc $sp
0x7fffffffdbf0: 106 'j' 97 'a' 99 'c' 107 'k' 10 '\n' 0 '\000' 0 '\000' 0 '\000'
0x7fffffffdbf8: 77 'M' 82 'R' 85 'U' 85 'U' 85 'U' 85 'U' 0 '\000' 0 '\000'
0x7fffffffdc00: -24 '\350' -78 '\262' -5 '\373' -9 '\367' -1 '\377' 127 '\177' 0 '\000' 0 '\000'
0x7fffffffdc08: 0 '\000' 82 'R' 85 'U' 85 'U' 85 'U' 85 'U' 0 '\000' 0 '\000'
0x7fffffffdc10: 119 'w' 104 'h' 97 'a' 116 't' 32 ' ' 97 'a' 32 ' ' 98 'b'
0x7fffffffdc18: 101 'e' 97 'a' 117 'u' 116 't' 105 'i' 102 'f' 117 'u' 108 'l'
0x7fffffffdc20: 32 ' ' 115 's' 116 't' 114 'r' 105 'i' 110 'n' 103 'g' 0 '\000'
{% endhighlight %}
we can see our two character arrays are right next to each other on the stack (`user_name` contains some gibberish as it is not zero-initialised).
***note:*** this code was compiled with `-fno-stack-protector` to reproduce this behaviour. compilers have certain techniques like this which can help protect against such attacks, but there are often ways around these by using less primitive attacks.
okay, it's a pretty easy fix, we just need to change the `fgets(char *s, int size, FILE *stream)` parameter `size` to `32`.
***note:*** you may initially think "why not 31? don't we need to save a character for the null byte at the end?". thankfully, `fgets` does this for us. excerpt from `man fgets`:
> "fgets() reads in _at most one less than size_ characters from stream and stores them into the buffer pointed to by s [...] A terminating null byte ('\0') is stored after the last character in the buffer".
this is a good question to be asking though, being careful is key when it comes to these kinds of things.
### why hardware?
okay, so that's an easy fix. why are we talking about doing anything in hardware here? just write the code correctly! the issue is code gets very complex, and this is a very simplistic situation. some memory safety bugs can be incredibly complicated and go unnoticed for decades. the C language especially gives the programmer many, many opportunities to make mistakes - and it only takes one to be a problem. a lot of the software we are using these days is based on stacks upon stacks of software written in different languages, and there are going to be bugs in there. CHERI should give us some protection "for free" (it's not this simple, in actuality).
some languages (e.g. Rust) are going to offer you strong memory safety guarantees at compile-time, but that's not the topic of this article. the differences between doing this kind of protection in software or hardware (or both) is more complex than the scope of this article. in addition, CHERI's benefits are more wide in breadth than just protecting against this kind of issue.
## pointers recap
let's quickly recap a basic idea of what a pointer is. we're going to ignore things like [virtual memory](https://en.wikipedia.org/wiki/Virtual_memory) for brevity. we can think of a pointer in a normal 64-bit architecture (e.g. AArch64) simply as a 64-bit unsigned value that holds the memory address of something we care about. this is a simplification (as are most things), but it can help us reason about the general idea:
{% highlight c %}
int val = 1593;
int *x = &val; // x points to val
{% endhighlight %}
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1920 314"><defs><style>.prefix__prefix__d{fill:none;stroke-miterlimit:10}.prefix__prefix__f,.prefix__prefix__h,.prefix__prefix__i{font-size:24px}.prefix__prefix__f,.prefix__prefix__h,.prefix__prefix__k{fill:#fcfcfc}.prefix__prefix__f,.prefix__prefix__l{font-family:Source Code Pro}.prefix__prefix__d{stroke:gray;stroke-width:4px}.prefix__prefix__h,.prefix__prefix__m{font-family:Source Code Pro;font-weight:700}.prefix__prefix__i{fill:gray}</style></defs><g id="prefix__prefix__a"><path fill="#0c1114" d="M0 0h1920v314H0z"/><text class="prefix__prefix__h" transform="translate(577.46 133.41)"><tspan x="0" y="0">int *x</tspan></text><text class="prefix__prefix__f" transform="translate(490.97 177.1)"><tspan x="0" y="0">0x0000010000000004</tspan></text><path d="M481.16 206v18.5M760.5 206v18.5m-279 0h279" stroke="#fcfcfc" fill="none" stroke-miterlimit="10" stroke-linecap="square" stroke-width="3"/><text transform="translate(578.78 241.33)" font-size="20" font-family="Source Code Pro" fill="#fcfcfc"><tspan x="0" y="0">address</tspan></text><path stroke-width="4" stroke="#fcfcfc" fill="none" stroke-miterlimit="10" d="M752 171h204.56"/><path class="prefix__prefix__k" d="M948.64 182.62L992 171.01l-43.36-11.63v23.24z"/><text transform="translate(1272.76 177.16)" fill="#fcfcfc" font-size="24"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000004</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text><text class="prefix__prefix__i" transform="translate(1272.76 133.16)"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000000</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text><text class="prefix__prefix__i" transform="translate(1271.76 224.16)"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000008</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text></g><g id="prefix__prefix__b"><path class="prefix__prefix__d" d="M1260 58v48H985V58"/><path d="M1258 195v40H987v-40h271m4-4H983v48h279v-48zm-4-84v40H987v-40h271m4-4H983v48h279v-48z" fill="gray"/><path class="prefix__prefix__k" d="M756.16 150.93v40h-271v-40h271m4-4h-279v48h279v-48zM1258 151v40H987v-40h271m4-4H983v48h279v-48z"/><text class="prefix__prefix__f" transform="translate(1094 177.09)"><tspan x="0" y="0">1593</tspan></text><text class="prefix__prefix__h" transform="translate(1007.6 45.16)"><tspan x="0" y="0">memory (as ints)</tspan></text><path class="prefix__prefix__d" d="M1260 284v-48H985v48"/></g></svg>
and on these normal architectures, this pointer generally is just a number. we can do weird things with it, treating it as a number...
{% highlight c linenos %}
{% include_relative code/ptrs_as_numbers.c %}
{% endhighlight %}
...and this code will often still work:
{% highlight console %}
$ ./ptrs_as_numbers
*x=1234
*x=5678
*x=9999
{% endhighlight %}
yikes! now, when you start messing with pointers like this, you're bound to run into a bunch of undefined behaviour. but C programmers write undefined behaviour all the time, and my computer executes this program fine without complaining at all. doesn't it feel a bit weird that we can take a pointer to `arr[0]` and modify it to load `secret`? they're not even part of the same array...
## introducting capabilities
CHERI introduces capabilities, which can be thought of as an extension to pointers. they still store an address of something we care about, but they have extra information too! in a 64-bit system, a pointer would typically be a 64-bit value (as dicussed previously). the corresponding capability in a CHERI platform is 128 bits (or 129 bits if you look at it a certain way, more about that later...).
as you might have guessed, this "extra information" takes up 64 bits of the capability. bits are assigned to three key pieces of metadata: *bounds*, *permissions*, and *object type*. there is also an additional 1-bit _tag_ which is stored out-of-band: it is not a 129-bit value - instead each 128-bit capability can be thought of as being associated with a 1-bit validity tag. the architecture manages this. the diagram below is provided as a rough overview of this. note that it is not to scale.
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1920 314"><defs><style>.prefix__c{fill:none;stroke:#fcfcfc;stroke-linecap:square;stroke-miterlimit:10;stroke-width:3px}.prefix__f,.prefix__g{fill:#fcfcfc}.prefix__f{font-family:Source Code Pro;font-size:20px}</style></defs><g id="prefix__a"><path fill="#0c1114" d="M0 0h1920v314H0z"/><text transform="translate(101.86 232.41)" font-family="Source Code Pro" font-weight="700" fill="#fcfcfc" font-size="24"><tspan x="0" y="0">int *x (capability)</tspan></text><text transform="translate(1205.97 232.1)" font-family="Source Code Pro" fill="#fcfcfc" font-size="24"><tspan x="0" y="0">0x0000010000000004</tspan></text><path class="prefix__c" d="M1016 261v18.5M1656 261v18.5M1016 279.5h640"/><text class="prefix__f" transform="translate(1293.78 296.33)"><tspan x="0" y="0">address</tspan></text><path class="prefix__c" d="M700 191.5V173M1020 191.5V173M700 173h320"/><text class="prefix__f" transform="translate(823.78 167.74)"><tspan x="0" y="0">bounds</tspan></text><path class="prefix__c" d="M554 260.34v18.5M704 260.34v18.5M554 278.84h150"/><text class="prefix__f" transform="translate(562.78 295.68)"><tspan x="0" y="0">object type</tspan></text><g><path class="prefix__c" d="M391.89 191.56v-18.5M541.89 191.56v-18.5M391.89 173.06h150"/></g><text class="prefix__f" transform="translate(400.67 167.8)"><tspan x="0" y="0">permissions</tspan></text><text class="prefix__f" transform="translate(304.67 31.07)"><tspan x="0" y="0">tag (out-of-band)</tspan></text><g><path class="prefix__c" d="M391.33 55.92v-18.5M421.33 55.92v-18.5M391.33 37.42h30"/></g></g><g id="prefix__b"><path class="prefix__g" d="M1651.66 205.93v40h-632v-40h632m4-4h-640v48h640v-48z"/><path class="prefix__g" d="M1016 206v40H704v-40h312m4-4H700v48h320v-48z"/><path class="prefix__g" d="M700 206v40H558v-40h142m4-4H554v48h150v-48z"/><path class="prefix__g" d="M554 206v40h-12v-40h12m4-4h-20v48h20v-48z"/><path class="prefix__g" d="M538 206v40H396v-40h142m4-4H392v48h150v-48zM418.5 70v40h-22V70h22m4-4h-30v48h30V66z"/></g></svg>
I am mostly going to focus on _bounds_ in this article, as it is not too difficult to grasp, and the impact is fairly easy to demonstrate for some simple examples. the bounds represent an upper and lower bound on the memory region (address space) that this capability is allowed to access. if we try to use the capability to access some address outside of this range, the hardware will throw a fault - it simply won't let us do this!
**_note:_** it is important to note that I am going to oversimplify the way the bounds are stored in this article. this especially includes the diagram above. in reality, there is a complex compression method, necessitated by the range and sizes required by bounds. this depends on the address value, alignment, etc. for now, we shouldn't need to think about this much, just know it will be managed for us. the key take-away from this is that *bounds can't always be 100% precise for all addresses and ranges*.
can you imagine how we can use bounds to prevent our previous memory safety bug from occurring? the key is that we can set the bounds on the capability pointing to `user_name` which we pass to `fgets`, such that the capability may only access the contents of the array. this means that when `fgets` tries to write past the end of the `user_name` array, the processor will throw a *capability fault*, and execution of our program will cease.
the idea behind CHERI is that we don't have to set up these bounds ourselves. this is something the compiler can generate code for. the compiler knows that the `user_name` array has a length of `32`, and can set the bounds accordingly on capabilities created that point to it. let's try it...
## playing with CHERI RISC-V
unless you're lucky enough to have access to a physical Morello board, there is the issue of actually using a CHERI implementation. for this article I will be making use of the [QEMU](https://en.wikipedia.org/wiki/QEMU) emulator to emulate a [RISC-V](https://en.wikipedia.org/wiki/RISC-V) CHERI environment. running [CheriBSD](https://www.cheribsd.org/) on this emulator will allow us to have a nice [FreeBSD](https://www.freebsd.org/)-based capability-enabled environment to play around with. I'll use [cheribuild](https://github.com/CTSRD-CHERI/cheribuild) to easily get set up (the `cheribuild.py` step will take a very long time the first time):
{% highlight console %}
$ sudo apt install autoconf automake libtool pkg-config clang bison cmake \
ninja-build samba flex texinfo time libglib2.0-dev libpixman-1-dev \
libarchive-dev libarchive-tools libbz2-dev libattr1-dev libcap-ng-dev
$ git clone git@github.com:CTSRD-CHERI/cheribuild
$ cd cheribuild
$ ./cheribuild.py --include-dependencies --run/ssh-forwarding-port 2222 run-riscv64-purecap
CheriBSD/riscv (cheribsd-riscv64-purecap) (ttyu0)
login: root
root@cheribsd-riscv64-purecap:~ #
{% endhighlight %}
now we have our shell inside our CheriBSD emulated platform, we can start to try things out. let's compile our `membug` program again, this time with the toolchain targetting CheriBSD RISC-V - this will have been built as part of the dependencies already. once it's built, we can `scp` it over to the CheriBSD filesystem, as we set up the SSH forwarding port to
`1111`.
{% highlight console %}
# on a separate terminal on your host machine
$ ~/cheri/output/sdk/utils/cheribsd-riscv64-purecap-clang membug.c -Wall -g -fno-stack-protector -o membug-cheribsd
$ scp -P 2222 ./membug-cheribsd root@localhost:~/
{% endhighlight %}
and now we can see what happens when we explore our bug with CHERI:
{% highlight console %}
$./membug-cheribsd
enter your name: jack
hello jack
my_perfect_string: what a beautiful string
$ ./membug-cheribsd
enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
In-address space security exception (core dumped)
{% endhighlight %}
it's working! we are getting a capability fault as we exceed the bounds of the
`user_name` capability bounds. we can use gdb to verify this is caused by the bounds fault:
{% highlight plaintext linenos %}
(gdb) run
Starting program: /root/membug-cheribsd
enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
Program received signal SIGPROT, CHERI protection violation.
Capability bounds fault caused by register ca6.
0x0000000040314ce8 in memcpy (dst0=0x3fffdfff44, src0=<optimized out>, length=54) at /home/jack/cheri/cheribsd/lib/libc/string/bcopy.c:143
(gdb) p $ca6
$1 = () 0x3fffdfff78 [rwRW,0x3fffdfff44-0x3fffdfff64]
{% endhighlight %}
as we can see, the bounds for our `user_name` capability (which is stored in capability register `ca6`) are `0x3fffdfff44-0x3fffdfff64`, but the address is `0x3fffdfff78`. this is out of the bounds allowed by the capability, so the architecture throws a fault. if we look at the assembly generated by the compiler, we can see it set our capability bounds to a size of 32 to enforce this behaviour:
{% highlight armasm linenos %}0000000000001ce8 <main>:
; int main() {
cincoffset csp, csp, -160
csc cra, 144 (csp)
csc cs0, 128 (csp)
cincoffset cs0, csp, 160
cincoffset ca0, cs0, -36
csetbounds ca2, ca0, 4
cincoffset ca0, cs0, -60
csetbounds ca0, ca0, 24
csc ca0, -128 (cs0)
cincoffset ca1, cs0, -92
csetbounds ca1, ca1, 32
csc ca1, -144 (cs0)
mv a1, zero
csd a1, -104 (cs0)
csw a1, 0 (ca2)
{% endhighlight %}
### capability monotonicity
at this point you may be thinking "okay, that's great, but if we can just set the bounds of a capability with an instruction then what's the point? surely I can just set global bounds on some random pointer and access whatever I want?"
fundamental to the idea of capabilities is their _provenance_ and _monotonicity_. simply put, the first says we can only construct a capability using specific instructions, from an existing capability. we can't just create a capability from some random number. let's see what happens when we try to run our `ptrs_as_numbers` program on CheriBSD:
{% highlight plaintext %}
(gdb) runStarting program: /root/ptrs_as_numbers-cheribsd
*x=1234
Program received signal SIGPROT, CHERI protection violation.Capability tag fault caused by register ca1.0x0000000000101c66 in main () at ptrs_as_numbers.c:1414 printf("*x=%d\n", *x);
(gdb) p $ca1
$1 = () 0x3fffdfff74
{% endhighlight %}
we can see we get a fault - the tag isn't set. any capability with a tag not set to 1 cannot be dereferenced - it is invalid. in fact, this capability has no capability metadata - when we copied it into our `unsigned long`, we just copied the 64-bit address.
*monotonicity* is what stops us taking an existing capability, and creating a capability with more permissions and/or access than the original. it stipulates that when we create a capability from another capability (which we have to do - provenance), the permissions and bounds of the new capability must be equal to or less than the original. so our bounds can only get narrower as we create new capabilites from an existing capability. this means that capabilities trace back in a chain - they are all created from other capabilities, and narrowed as necessary. in this case, (simplified) when the kernel loads our program it will give us capabilities that are wide enough to do everything we need to do, and the compiler will try and make sure all the capabilities that we make and use from these are as tightly bound and unpermissive as possible.
### CHERI-fying code
you'll notice we got a lot of these benefits "for free". we only had to recompile our code, and we got this extra security. of course, CHERI does require changes to programs. naturally, the compiler had to be changed a lot to implement this behaviour. it also especially requires changes to things like the C library and kernel in order to take advantage of the features fully. sufficiently large userspace programs do need changes too. one common issue is that a lot of existing C code assumes that `sizeof (*void) == sizeof(size_t)`. with CHERI, our pointers are now twice as big. however, `size_t` hasn't changed size, as the address space size hasn't changed - for example, if we index into an array with `size_t`, the index should still be the same size; the extra data in our `void *` capability is the metadata, not extra address data. any program that tries to convert from some `unsigned long` or `size_t` to a capability will fault - this violates provenance. so, sometimes code changes have to be made to ensure we are keeping the capability metadata around.
## epilogue
I appreciate this has been a fragmented and surface level introduction to CHERI. hopefully it has provided some education in some basic aims of CHERI regardless. potential benefits and uses for CHERI go much deeper than anything I've touched on here, so please, read more about everything - and get your hands dirty trying out messing about with qemu and CheriBSD!
here are some links to check out:
- [CHERI homepage @ CUCL](https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/)
- [technical report: An Introduction to CHERI](https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-941.pdf)
- [technical report: CHERI C/C++ Programming Guide](https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf)
- [technical report: CHERI ISAv8](https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-951.pdf)
- [Morello homepage @ Arm](https://www.arm.com/architecture/cpu/morello)
- [Morello Architecture Reference Manual @ Arm](https://developer.arm.com/documentation/ddi0606/latest)

0
articles/morello/code/Makefile → _posts/cheri/code/Makefile
View File

0
articles/morello/code/membug → _posts/cheri/code/membug
View File

0
articles/morello/code/membug-cheri.asm → _posts/cheri/code/membug-cheri.asm
View File

0
articles/morello/code/membug-cheribsd → _posts/cheri/code/membug-cheribsd
View File

0
articles/morello/code/membug.c → _posts/cheri/code/membug.c
View File

0
articles/morello/code/ptrs_as_numbers → _posts/cheri/code/ptrs_as_numbers
View File

0
articles/morello/code/ptrs_as_numbers-cheribsd → _posts/cheri/code/ptrs_as_numbers-cheribsd
View File

0
articles/morello/code/ptrs_as_numbers.c → _posts/cheri/code/ptrs_as_numbers.c
View File

0
articles/morello/code/sizes → _posts/cheri/code/sizes
View File

0
articles/morello/code/sizes-cheribsd → _posts/cheri/code/sizes-cheribsd
View File

0
articles/morello/code/sizes.c → _posts/cheri/code/sizes.c
View File

143
_sass/main.scss Normal file
View File

@ -0,0 +1,143 @@
$background-color: rgb(12, 17, 20);
$body-color: rgb(252, 252, 252);
$heading-color: rgb(255, 182, 193);
$link-color: rgb(252, 169, 184);
$inl-code-color: rgb(165, 214, 255);
@font-face {
font-family: TeXGyreCursor;
src: url('../fonts/texgyrecursor-regular.woff') format('woff');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: TeXGyreCursor;
src: url('../fonts/texgyrecursor-bold.woff') format('woff');
font-weight: bold;
font-style: normal;
}
@font-face {
font-family: TeXGyreCursor;
src: url('../fonts/texgyrecursor-italic.woff') format('woff');
font-weight: normal;
font-style: italic;
}
@font-face {
font-family: TeXGyreCursor;
src: url('../fonts/texgyrecursor-bolditalic.woff') format('woff');
font-weight: bold;
font-style: italic;
}
@font-face {
font-family: 'Source Code Pro';
font-style: normal;
font-weight: 400;
src: local(''),
url('../fonts/source-code-pro-v22-latin-ext_latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('../fonts/source-code-pro-v22-latin-ext_latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
@font-face {
font-family: 'Source Code Pro';
font-style: normal;
font-weight: 700;
src: local(''),
url('../fonts/source-code-pro-v22-latin-ext_latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('../fonts/source-code-pro-v22-latin-ext_latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
@font-face {
font-family: 'Source Code Pro';
font-style: italic;
font-weight: 400;
src: local(''),
url('../fonts/source-code-pro-v22-latin-ext_latin-italic.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('../fonts/source-code-pro-v22-latin-ext_latin-italic.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
@font-face {
font-family: 'Source Code Pro';
font-style: italic;
font-weight: 700;
src: local(''),
url('../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
body {
background-color: $background-color;
color: $body-color;
padding-left: 5vw;
padding-right: 5vw;
padding-top: 5vh;
font-family: 'Source Code Pro';
font-size: 1.5rem;
}
h1 {
color: $heading-color;
margin: 0;
}
h2 {
margin: 0;
margin-top: 3rem;
margin-bottom: 0.5rem;
}
a {
color: $link-color;
font-weight: bold;
text-decoration: none;
}
.article {
p, li {
a {
font-weight: normal;
text-decoration: underline;
word-wrap: break-word;
}
}
picture img, p img {
max-width: 100%;
display: block;
}
code, pre {
font-family: 'Source Code Pro';
margin: 0;
padding: 0;
}
p code {
font-size: 1.5rem;
color: #a5d6ff;
}
.header-link {
display: inline-block;
}
}
table {
border-spacing: 0;
}
h2 .header-link {
display: none;
padding-left: 10px;
font-weight: normal;
font-size: 1.3rem;
img {
height: 1.25rem;
margin-bottom: -4px;
}
}

308
_site/2022/11/14/sensor-watch.html Normal file
View File

@ -0,0 +1,308 @@
<!DOCTYPE html>
<!--
  l、
゙(゚、 。
 l、゙ ~ヽ
 じしf_, )
-->
<html lang=" en-US">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>sensor watch - jack bond-preston</title>
<link rel="stylesheet" href="/assets/css/main.css">
<style>
body {
padding: 0;
margin: 0;
min-height: 100vh;
}
.wrapper {
display: grid;
grid-template-columns: 30rem auto;
grid-template-rows: auto;
gap: 0;
min-height: 100vh;
}
.article {
padding: 5rem;
padding-bottom: 1rem;
}
.side {
background-image: url(/assets/images/sensor-watch/f91w-strap.svg);
background-repeat: repeat-y;
}
.side>svg {
width: 30rem;
position: fixed;
}
@media only screen and (max-width: 1200px) {
.wrapper {
grid-template-columns: 10rem auto;
grid-template-rows: auto;
}
.side>svg {
width: 10rem;
}
.article {
padding-left: 1rem;
padding-right: 1rem;
padding-top: 1rem;
font-size: 1rem;
}
}
@media only screen and (max-width: 600px) {
.side {
display: none;
}
.wrapper {
grid-template-columns: auto;
grid-template-rows: auto;
}
.article {
padding: 10px;
font-size: 0.8rem;
}
}
</style>
</head>
<body>
<div class="wrapper">
<div class="side">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 300 500">
<defs>
<style>
.cls-1 {
fill: #0c1113;
}
.cls-2 {
fill: none;
stroke: #f6b4c1;
stroke-miterlimit: 10;
stroke-width: 2px;
}
.cls-3 {
fill: #f6b4c1;
}
</style>
</defs>
<g id="Layer_5" data-name="Layer 5">
<rect class="cls-1" width="300" height="500" />
</g>
<g id="Layer_1" data-name="Layer 1">
<path class="cls-2"
d="M150,335.07c-21-.18-53.88.56-76.78-1-1.15.37-6.4-1.85-7.11-3.33-11.43-13.68-14.6-19.62-14.67-31.33-1-13-1.27-26.4-2-49.34" />
<path class="cls-2"
d="M150,329.83c-20.3-.19-49.15.57-71.32-1-1.12.37-7.19-1.87-7.89-3.38-11.06-13.86-13.12-19.87-13.19-31.74-.92-13.2-1-20.39-1.73-43.63" />
<path class="cls-2"
d="M150,352.07S59.42,351,58.31,350.52s-20.67-32.89-21.11-34-2.89-66.45-2.89-66.45" />
<path class="cls-2"
d="M150,364.3s-93.23-1-94.34-1.42S28.31,318.3,27.86,317.19s-2.65-67.12-2.65-67.12" />
<polyline class="cls-2" points="27.68 315.07 20.48 310.24 17.14 264.91 25.21 257.91" />
<path class="cls-2"
d="M150,335.07c21-.18,53.87.56,76.78-1,1.15.37,6.39-1.85,7.11-3.33,11.43-13.68,14.6-19.62,14.67-31.33.94-13,1.26-26.4,2-49.34" />
<path class="cls-2"
d="M150,329.83c20.29-.19,49.15.57,71.32-1,1.11.37,7.19-1.87,7.88-3.38,11.06-13.86,13.13-19.87,13.2-31.74.91-13.2,1-20.39,1.73-43.63" />
<path class="cls-2"
d="M150,352.07s90.56-1.11,91.67-1.55,20.66-32.89,21.11-34,2.89-66.45,2.89-66.45" />
<path class="cls-2"
d="M150,364.3s93.22-1,94.33-1.42,27.34-44.58,27.78-45.69,2.65-67.12,2.65-67.12" />
<polyline class="cls-2" points="272.29 315.07 279.5 310.24 282.83 264.91 274.76 257.91" />
<path class="cls-2"
d="M150,165c-21,.19-53.88-.56-76.78,1-1.15-.36-6.4,1.85-7.11,3.33C54.66,183,51.49,189,51.42,200.67c-1,13-1.27,26.39-2,49.33" />
<path class="cls-2"
d="M150,170.24c-20.3.19-49.15-.56-71.32,1-1.12-.36-7.19,1.88-7.89,3.38-11.06,13.86-13.12,19.88-13.19,31.74-.92,13.21-1,20.39-1.73,43.63" />
<path class="cls-2" d="M150,148s-90.56,1.11-91.67,1.56-20.67,32.88-21.11,34S34.31,250,34.31,250" />
<path class="cls-2"
d="M150,135.78s-93.23,1-94.34,1.41-27.33,44.59-27.78,45.7S25.21,250,25.21,250" />
<polyline class="cls-2" points="27.68 185 20.48 189.83 17.14 235.17 25.21 242.17" />
<path class="cls-2"
d="M150,165c21,.19,53.87-.56,76.78,1,1.15-.36,6.39,1.85,7.11,3.33,11.43,13.69,14.6,19.62,14.67,31.34.94,13,1.26,26.39,2,49.33" />
<path class="cls-2"
d="M150,170.24c20.29.19,49.15-.56,71.32,1,1.11-.36,7.19,1.88,7.88,3.38,11.06,13.86,13.13,19.88,13.2,31.74.91,13.21,1,20.39,1.73,43.63" />
<path class="cls-2" d="M150,148s90.56,1.11,91.67,1.56,20.66,32.88,21.11,34S265.67,250,265.67,250" />
<path class="cls-2"
d="M150,135.78s93.22,1,94.33,1.41,27.34,44.59,27.78,45.7S274.76,250,274.76,250" />
<polyline class="cls-2" points="272.29 185 279.5 189.83 282.83 235.17 274.76 242.17" />
</g>
<g id="Layer_3" data-name="Layer 3">
<path class="cls-2"
d="M224.67,250c-.35,3.5,1,31.12-1.07,33.66-1.35,4.06-5.75,5.94-9.78,5.9H86.51c-4,0-8.43-1.84-9.77-5.9-2-2.3-.74-30.41-1.07-33.66.35-3.58-.92-20.74,1.07-23.77,1.34-4.06,5.75-5.95,9.77-5.9H213.82c4,0,8.43,1.84,9.78,5.9C225.57,229.27,224.35,246.4,224.67,250Z"
id="screen" />
<path class="cls-2"
d="M229.33,247.11c-.36,4.09,1,36.37-1.13,39.33-1.43,4.75-6.09,6.95-10.35,6.89H83c-4.26.06-8.92-2.14-10.35-6.89-2.13-2.69-.78-35.53-1.13-39.33.37-4.19-1-24.23,1.13-27.77,1.43-4.75,6.09-7,10.35-6.89H217.85c4.26-.06,8.92,2.14,10.35,6.89C230.28,222.89,229,242.91,229.33,247.11Z" />
<g id="CASIO">
<path class="cls-2"
d="M97.31,181.28a3.36,3.36,0,0,0-.2-1.34,1.91,1.91,0,0,0-.44-.63,3.49,3.49,0,0,0-1.28-.31c-.36-.06-1.72-.14-2.14-.14a20.79,20.79,0,0,0-3.11.17c-.14.14-.72.28-.89.5a2.43,2.43,0,0,0-.47,1.16v1.78c0,.47-.06,1.84,0,2a2.64,2.64,0,0,0,.53,1.06,3,3,0,0,0,1.22.44,23.26,23.26,0,0,0,2.8.09,23.2,23.2,0,0,0,2.42,0,1.9,1.9,0,0,0,1.06-.41,1.32,1.32,0,0,0,.5-1.05,4.25,4.25,0,0,1,0-.78" />
<path class="cls-2"
d="M100,186.71c0-1.13,3.1-5.88,3.69-7.25a1.45,1.45,0,0,1,.23-.47c.17-.16.35-.14.93-.13s.64,0,.73.16c.75,1.48,2.61,5.22,3,5.9a4.31,4.31,0,0,1,.79,1.79" />
<line class="cls-2" x1="101.07" y1="184.13" x2="108.15" y2="184.13" />
<path class="cls-2"
d="M120,180.36c.15-2.21-2.17-1.64-4.08-1.67-1,0-2.47,0-2.75.36-1.37,1-1.23,3.06.74,3.41,1.57.31,4.21-.33,5.5.07,1.56.79,1.58,3.44-.5,3.55-1.56-.08-6.23.93-6.63-1.5" />
<path class="cls-2" d="M123.92,177.83s.14,6.61,0,9.13" />
<path class="cls-2"
d="M128.06,182.59a6.3,6.3,0,0,0,.11,2.08c.25.5.86,1.35,1.52,1.4s3.31,0,3.31,0a25.08,25.08,0,0,0,2.61,0c.28-.1.92-.1,1.06-.68s.3-.66.27-1.26-.08-2.19-.08-2.19a13.37,13.37,0,0,0,0-1.92,1.37,1.37,0,0,0-.59-.92,14.78,14.78,0,0,0-1.53-.39H132a12.52,12.52,0,0,0-2.3,0c-.28.14-.95.19-1.17.5a2.33,2.33,0,0,0-.41,1.19C128.11,180.79,128.06,182.59,128.06,182.59Z" />
</g>
<g id="F-91W">
<path class="cls-2"
d="M167.94,186.22a18.32,18.32,0,0,1,.64-2.94s.56-2.79.64-2.95a45.6,45.6,0,0,1,5.34,0" />
<path class="cls-2" d="M173.06,183.28c-.92-.11-4.48,0-4.48,0" />
<path class="cls-2" d="M176.69,183.85c2,.15,3-.31,5.25,0" />
<path class="cls-2"
d="M186.39,184.94c.84,1.58,3.78.91,4.83,0,1.69-2.54,1.8-4.89-2-4.55-6.28,1.92,2.2,5.1,3.06,1.13" />
<path class="cls-2"
d="M197.39,186.83c.09-1.6.57-2.3.92-4.25a13.46,13.46,0,0,0,.63-2.83c.09,2.21-2,2-3.58,1.92" />
<path class="cls-2"
d="M204.08,179.75s0,3.52.06,4,.12,1.9.12,1.9h1.16s1.52-2.69,1.86-3.44a4.41,4.41,0,0,1,.52-1l.32-.59,1.25,0s0,.21,0,.93-.09,3.95-.09,3.95h1.35l.41-.68c.27-.46,2.39-3.53,2.39-5.11" />
</g>
<path class="cls-2" d="M18.29,211.06H10.53s-1.46-.81-1.46,8.11c0,8.42,2.17,7.78,2.17,7.78h6.34"
onmouseover="document.getElementById('screen').style.fill='blue';"
onmouseleave="document.getElementById('screen').style.fill='none';" />
<path class="cls-2" d="M18.29,288.94H10.53s-1.46.81-1.46-8.11c0-8.42,2.17-7.78,2.17-7.78h6.34" />
<path class="cls-2" d="M281.71,288.94h7.76s1.46.81,1.46-8.11c0-8.42-2.17-7.78-2.17-7.78h-6.34" />
</g>
<g id="Layer_4" data-name="Layer 4">
<path class="cls-2"
d="M150,306.44H125.88c-1.36,0-2,.2-2.44.84-.28.44-.28.44-.56,1.94a24.24,24.24,0,0,0,0,6.59,9.45,9.45,0,0,0,2.39,4.66c1.22,1,3.81,3.56,5.47,3.61s19.25,0,19.25,0" />
<polygon class="cls-3"
points="63.43 307.26 118.99 307.26 118.99 309.26 63.91 309.26 63.43 307.26" />
<polyline class="cls-2" points="149.99 110.44 63.43 110.44 55.66 137.19" />
<polygon class="cls-3"
points="62.63 195.75 149.99 195.75 149.99 193.75 63.11 193.75 62.63 195.75" />
<line class="cls-2" x1="65.99" y1="110.44" x2="65.99" />
<line class="cls-2" x1="65.99" y1="389.42" x2="65.99" y2="500" />
<polyline class="cls-2" points="149.99 389.42 63.43 389.42 55.66 362.67" />
<path class="cls-2"
d="M150,306.44h24.11c1.36,0,2,.2,2.45.84.27.44.27.44.55,1.94a24.24,24.24,0,0,1,0,6.59,9.45,9.45,0,0,1-2.39,4.66c-1.22,1-3.8,3.56-5.47,3.61s-19.25,0-19.25,0" />
<polygon class="cls-3" points="236.56 307.26 181 307.26 181 309.26 236.08 309.26 236.56 307.26" />
<polyline class="cls-2" points="150 110.44 236.56 110.44 244.33 137.19" />
<polygon class="cls-3" points="237.36 195.75 150 195.75 150 193.75 236.89 193.75 237.36 195.75" />
<line class="cls-2" x1="234" y1="110.44" x2="234" />
<line class="cls-2" x1="234" y1="389.42" x2="234" y2="500" />
<polyline class="cls-2" points="150 389.42 236.56 389.42 244.33 362.67" />
</g>
</svg>
</div>
<div class="article">
<h1><a href="/2022/11/14/sensor-watch.html">sensor watch</a></h1>
<h2 id="preamble">preamble<a href="#preamble" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>some time back I was browsing <a href="https://www.crowdsupply.com/">Crowd Supply</a> when I came across <a href="https://www.crowdsupply.com/oddly-specific-objects/sensor-watch">the Sensor Watch project</a> by <a href="https://github.com/joeycastillo">Joey Castillo</a>. I had wanted some kind of “hackable” watch for a while, and had looked at things like <a href="https://www.crowdsupply.com/sqfmi/watchy">Watchy</a>, but this project hit the sweet spot for me. I love my existing F91-W, and this project was a good combination of open source with community software support. one key feature that was important to me is battery life - the Sensor Watch battery life in an average usage scenario is so long that <a href="https://twitter.com/josecastillo/status/1590066358351298560">Joeys is still going strong</a>!</p>
<p>I was excited to pick one up and start messing around with it, but the first issue I came across was availability - the delivery date for Crowd Supply orders was summer 2023 (I think they ended upbeing delivered sooner than this, not sure). on top of this, shipping and import fees made it pretty prohibitively expensive. Ive always found this to be an issue with Crowd Supply as someone based in the UK, even some things designed in the UK are very expensive from Crowd Supply as they are assembled in/shipped from the US. so I decided to build one myself! of course, this is more expensive than just buying it, but this was a learning experience and <a href="https://www.reddit.com/r/AskReddit/comments/dxosj/what_word_or_phrase_did_you_totally_misunderstand/c13pbyc/">knowledge is power</a>!</p>
<h2 id="component-acquisition">component acquisition<a href="#component-acquisition" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>the first challenge was acquiring all the necessary parts to actually build one. I downloaded <a href="https://github.com/joeycastillo/Sensor-Watch/tree/main/PCB/Main%20Boards">the PCB files</a> and generated a <a href="https://en.wikipedia.org/wiki/Bill_of_materials">BOM</a> to figure out exactly what I needed to acquire. Im sure in ordinary times this would be easy enough, but the current state of some electronics/silicon supply chains had other things to say. some parts are of course still easy to come across, e.g. 10pF 0402 caps and 10k 0603 resistors; most of the components of the Sensor Watch are this kind of commonplace part. what quickly became clear from some scouring of the internet was that my main problem was going to be two parts: the <a href="https://www.microchip.com/en-us/product/ATSAML22J18A">ATSAML22J18A-MUT</a>(the processor driving the Sensor Watch), and the <a href="https://www.hirose.com/en/product/series/FH19C__FH19SC">FH19C-9S-0.5SH(10)</a> (the connector used to attach the extra sensor boards).</p>
<h3 id="atsaml22j18a-mut">ATSAML22J18A-MUT</h3>
<p>the former of these was a fairly well discussed shortage that had been ongoing for a while. it was
<a href="https://www.crowdsupply.com/oddly-specific-objects/sensor-watch/updates/blue-boards-shipping-check-your-address-green-boards-delayed-and-other-news-of-the-watch">the driving force of the Sensor Watch Crowd Supply delay</a>. I spent quite a lot of time searching around the internet, looking at various sites on the English-speaking and Chinese-speaking web. sadly this part was clearly in very short supply, and prices could get pretty insane from vendors that did have some stock. I received quotes for unit prices that include the following (USD/GBP): $79.35, $6.56, $13.61, $6.83 (MOQ 4000), £6.45. I guess some people are desperate enough to pay $79.35 :(. I spent so long looking for them that they ended up randomly coming back in stock on <a href="https://www.microchipdirect.com/">MicrochipDirect</a>. as of the time of writing this article, <a href="https://www.microchipdirect.com/product/ATSAML22J18A-MUT">they are again out of stock</a>. the unit price I bought them for was £3.92, shipping and handling was ~£12.</p>
<h3 id="fh19c-9s-05sh10">FH19C-9S-0.5SH(10)</h3>
<p>this part was out of stock everywhere I initially looked (the usual contenders for parts). I searched around in a similar manner as the ATSAML22J18A-MUT, and found some similarly wild pricing. I ended up purchasing a small quantity at a unit price of £0.44 from a website called
<a href="http://archive.today/2022.11.13-230943/https://www.dacikeys.net/">dacikeys</a>. yes, the site is actually called this. yes, the unit price is cheaper than digikey and mouser. yes, I actually received all of my order, consisting of working parts. I was definitely shocked that this happened, but sometimes bravery pays off I guess. I still cant endorse this shop.</p>
<h3 id="pcb-and-stencil">PCB and stencil</h3>
<p>for the PCB I opted to go with <a href="https://jlcpcb.com/">JLCPCB</a>. I simply uploaded the relevant gerbers, and adjusted the necessary settings. notably, <a href="https://github.com/joeycastillo/Sensor-Watch/issues/14#issuecomment-922974276&quot;&gt;">the thickness should be 0.6mm</a> - this does narrow the choice of manufacturer (for example, OSH Park doesnt go this thin). I havent yet ordered any sensor board PCBs, but <a href="https://www.pcbway.com/">PCBWay</a> seems to be <em>the</em> option there. The PCB turned out great, although the silkscreen is a little hard to read at this size due to lack of sharpness:</p>
<picture><source srcset="/generated/sensor-watch/pcb-400-c27ab3576.webp 400w, /generated/sensor-watch/pcb-600-c27ab3576.webp 600w, /generated/sensor-watch/pcb-800-c27ab3576.webp 800w, /generated/sensor-watch/pcb-1000-c27ab3576.webp 1000w" type="image/webp" /><source srcset="/generated/sensor-watch/pcb-400-c21b83783.jpg 400w, /generated/sensor-watch/pcb-600-c21b83783.jpg 600w, /generated/sensor-watch/pcb-800-c21b83783.jpg 800w, /generated/sensor-watch/pcb-1000-c21b83783.jpg 1000w" type="image/jpeg" /><img src="/generated/sensor-watch/pcb-800-c21b83783.jpg" alt="a closeup of a sensor watch PCB" /></picture>
<h2 id="assembly">assembly<a href="#assembly" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>I decided to assemble myself. partially because the logistics of paying for assembly when I had to source parts from many different providers seemed like a headache, partially because I thought it would be a fun challenge and learning experience!</p>
<p>a few things were necessary to solder the components to this PCB. Im sure someone talented could hand solder this with an iron, but I can name a lot of things Id rather do than try to do that
(especially the <a href="https://en.wikipedia.org/wiki/Flat_no-leads_package">QFN</a> SAML) - and that list includes unpleasant things. I opted to go with
<a href="http://www.flyelectric.org.uk/hot_plate.htm">hotplate soldering</a>, which is a cheaper way to access the ease of reflow soldering. for a PCB like the Sensor Watch, where almost all the components are on one side, its ideal. the hotplate I have is the ever-popular
<a href="https://www.miniware.com.cn/product/mhp30-mini-hot-plate-preheater/">MHP30</a>, which I run <a href="https://github.com/Ralim/IronOS">IronOS</a> on. I highly recommend it, its great! my soldering iron is the iconic
<a href="https://pine64.com/product/pinecil-smart-mini-portable-soldering-iron/">Pinecil</a> (not the <a href="https://www.pine64.org/2022/07/28/july-update-a-pinecil-evolved/">fancy new V2</a> though :[) which also runs IronOS. nice!</p>
<h3 id="process">process</h3>
<p>the assembly process is as follows:</p>
<ul>
<li>apply solder paste to the PCB with the stencil. make sure the stencil is really flush and justkind of squeegee it on with a plastic card. I used tape to hold it in place. then carefully removed the stencil, avoiding smudging the paste in doing so.</li>
<li>place components on the PCB. this was by far the most painful part of the whole process. a steady hand is not something I was blessed with, and some of these parts are really small. I used a microscope from Amazon for this, the ample manouverable lighting was a big help. a lot of time and patience is required, but its very first time doable with no prior experience! simply go through the parts one by one, or by area of the board - whatever you prefer. then pick up the respective part with some fine tweezers, and slowly put in place on the solder paste. thankfully, the paste will lightly stick the component in place once youve done this (it is not knock-proof though!).</li>
<li>carefully (really!) place the PCB onto the hotplate and heat up. keep on until everything seems to be melted, and the components have hopefully been pulled into place. thats the top side done! let it cool down, then move on to the bottom.</li>
<li>time for some hand soldering. the button is pretty small, and very fiddly to do. I found you dont need too much precision, but you have to be really careful with your iron as the plastic button will melt if you touch it. once thats in place, its just a matter of
<a href="https://youtu.be/Zr0pKeC2VFU?t=185">removing the buzzer connector from your old PCB and soldering it onto the back of the Sensor Watch PCB.</a> this will feel blissfully easy after the button! you also have to place the battery clip, but no soldering needed here :).</li>
</ul>
<p>one area I found particularly difficult was the area with the oscillator crystal and the two 0402 capacitors, C7 and C8. things are a bit cramped here, so extra care was needed:</p>
<picture><source srcset="/generated/sensor-watch/c7c8-400-4c01589bc.webp 400w, /generated/sensor-watch/c7c8-600-4c01589bc.webp 600w, /generated/sensor-watch/c7c8-800-4c01589bc.webp 800w, /generated/sensor-watch/c7c8-1000-4c01589bc.webp 1000w" type="image/webp" /><source srcset="/generated/sensor-watch/c7c8-400-418506084.jpg 400w, /generated/sensor-watch/c7c8-600-418506084.jpg 600w, /generated/sensor-watch/c7c8-800-418506084.jpg 800w, /generated/sensor-watch/c7c8-1000-418506084.jpg 1000w" type="image/jpeg" /><img src="/generated/sensor-watch/c7c8-800-418506084.jpg" alt="a closeup of a sensor watch PCB, with an area circled. the area contains some small, and closely grouped pads" /></picture>
<h2 id="software">software<a href="#software" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>at this point the watch was assembled with all components in place. did it work? at this stage, no idea. hopefully yes, and I could progress to the more familiar world of embedded software.</p>
<h3 id="bootloader">bootloader</h3>
<p>the next necessary step is to flash the bootloader, so that we can put the firmware in place. unfortunately this requires a little more real-world action. we need to access the SWD points on the board to write the bootloader. ideally you could do this with some kind of
<a href="https://en.wikipedia.org/wiki/Pogo_pin">pogo pin</a> jig - and if you were doing any number exceeding about 5 Im sure this would be worth the time. however, I decided to just solder some jump wires (stripped on one end, solid tip female on the other) to the points on the board. theyre all close, but its easy enough to do (albeit ugly). then I connected these to my
<a href="https://www.adafruit.com/product/1501">Adafruit Trinket M0</a> (PyRuler would also work).the pin mapping is as follows: SWD=0, SWC=1, RST=3, V+=3V, GND=GND.</p>
<p>I used the
<a href="https://github.com/joeycastillo/Sensor-Watch/blob/main/utils/flash_watch_pyruler/flash_watch_pyruler.ino">flasher from the sensor watch repo to flash the bootloader</a>. note that you could build the bootloader yourself first and put the generated binary into bootloader.h - the source is located
<a href="https://github.com/joeycastillo/uf2-samdx1">here</a>. personally, I just used the prebuilt version from the repo. I had to change part of the Adafruit DAP library and add the SAM L22 DID to get this to work,
<a href="https://github.com/joeycastillo/Sensor-Watch/issues/83#issuecomment-1229353899">I provided the diff of this change</a> in a Sensor Watch GitHub issue (I just now am remembering I promised to upstream this, oops!). mercifully, I got the red blinky LED, and all was good! I unsoldered the wires from the board, and tried to clean up most of the solder blob to keep the board fairly flat.</p>
<h3 id="movement">movement</h3>
<p>now the bootloader is in place, the main firmware can be installed!
<a href="https://www.sensorwatch.net/docs/movement/">the community firmware, Movement</a>is great, so this is what I installed. there are a bunch of different useful faces available, and more functionality is always being added.
flashing firmware was easy: I plugged the PCB into the end of a USB Micro B cable (plugged on the other end into my computer) and double tapped the reset button (I find this has to be done quite quickly, using my fingernail was the trick to doing this reliably on such a small button). done successfully, the LED on the board pulses and a new drive labelled “WATCHBOOT” appears on the computer. now a built UF2 firmware file can just be dragged onto the device to flash, thanks to the bootloader flashed earlier. for the initial test, I just used a
<a href="https://www.sensorwatch.net/docs/firmware/prebuilt/">prebuilt image</a> to check everything was working. I flashed this, and the LED pulsed and turned off, signalling success.</p>
<p>from here I just assembled the watch with the Sensor Watch PCB, and it worked! I verified LED and buzzer function by playing around with various functionality. success!</p>
<h2 id="developing-on-movement">developing on movement<a href="#developing-on-movement" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>one face I found particularly cool was the <a href="https://github.com/joeycastillo/Sensor-Watch/blob/main/movement/watch_faces/complication/totp_face.c">TOTP face</a>. I use <a href="https://en.wikipedia.org/wiki/Time-based_one-time_password">TOTP</a>
<a href="https://en.wikipedia.org/wiki/Multi-factor_authentication">2FA</a> on various accounts, so having access to the codes on my wrist at all times was really appealing. at the time, the TOTP face only supported one key - so I decided to improve it.</p>
<p>thankfully, Sensor Watch has an emulator for development. without this, development would be pretty tiresome with the flashing and reassembling of the watch getting tiring if you needed to iterate on some code and test it on the watch. the emulator runs inside the browser and uses
<a href="https://en.wikipedia.org/wiki/Emscripten">Emscripten</a>.
<a href="https://github.com/joeycastillo/Sensor-Watch#using-the-movement-framework">some minimal instructions on how to build this is available on the README</a>. this allowed me to extend the TOTP face easily and allow for multiple keys.
<a href="https://github.com/joeycastillo/Sensor-Watch/pull/84">my PR was merged</a>, and the functionality is now available for anyone to use. the keys are added at compile time, so they are baked into the firmware on flashing. for my purposes this is fine, as I never really change them. however, with the recent addition of a
<a href="https://os.mbed.com/blog/entry/littlefs-high-integrity-embedded-fs/">LittleFS</a> filesystem, the community have added <a href="https://github.com/joeycastillo/Sensor-Watch/blob/main/movement/watch_faces/complication/totp_face_lfs.c">a version of the face which stores the keys on the filesystem</a>. awesome!</p>
<p>some more details on using Sensor Watch for TOTP is available
<a href="https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/">on this blog post</a>
(<a href="https://news.ycombinator.com/item?id=33243434">HN discussion, if you dare</a>). its even running my code :)!</p>
<h2 id="epilogue">epilogue<a href="#epilogue" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>some summary thoughts:</p>
<ul>
<li>shoutout to Joey Castillo. for creating the Sensor Watch as a beautifully open source project (the fact I could independently make my own is what its all about!). for being
<a href="https://github.com/joeycastillo/Sensor-Watch/issues/83">so helpful and kind</a> when I asked for help. for having such a positive attitude towards those in the community who are using Sensor Watch to learn about all kinds of things (seriously, check out the
<a href="https://discord.gg/NtMVTBNca7">Oddly Specific Objects Discord</a> to see how much this guy is giving to the community).</li>
<li>sometimes its worth just trying things that are difficult. this is my first time successfully doing and small-scale soldering of this kind, and it worked out great with some patience. having the motivation from making something I thought was really cool was an important factor here I think.</li>
<li>if you have a Sensor Watch (or are planning to!) please go ahead and <a href="https://github.com/joeycastillo/Sensor-Watch">contribute to movement</a> if you have a cool idea. Im sure some reviews would be helpful to spot any issues on existing PRs before a maintainer gets to them to save some time.</li>
<li>the one issue Ive had with using my Sensor Watch for TOTP is clock accuracy. the clock drifts over time, so I have to set the time once or twice a week to keep it nice and accurate for the TOTP functionality to be nice to use. but a community member is working on this, and its going to get a lot better. check out the Discord channel to see some seriously cool engineering going into this calibration effort.</li>
</ul>
<p><img src="/generated/sensor-watch/watch1-800-370dbdf66.jpg" alt="a shot of a yellow and black assembled sensor watch, lying horizontally on a surface" srcset="/generated/sensor-watch/watch1-400-370dbdf66.jpg 400w, /generated/sensor-watch/watch1-600-370dbdf66.jpg 600w, /generated/sensor-watch/watch1-800-370dbdf66.jpg 800w, /generated/sensor-watch/watch1-1000-370dbdf66.jpg 1000w" /></p>
<p><img src="/generated/sensor-watch/watch2-800-66db436da.jpg" alt="a shot of a yellow and black assembled sensor watch, lying vertically on a surface" srcset="/generated/sensor-watch/watch2-400-66db436da.jpg 400w, /generated/sensor-watch/watch2-600-66db436da.jpg 600w, /generated/sensor-watch/watch2-800-66db436da.jpg 800w, /generated/sensor-watch/watch2-1000-66db436da.jpg 1000w" /></p>
<p><img src="/generated/sensor-watch/wrist-800-551704392.jpg" alt="a shot of a yellow and black assembled sensor watch, on the author's wrist" srcset="/generated/sensor-watch/wrist-400-551704392.jpg 400w, /generated/sensor-watch/wrist-600-551704392.jpg 600w, /generated/sensor-watch/wrist-800-551704392.jpg 800w, /generated/sensor-watch/wrist-1000-551704392.jpg 1000w" /></p>
<hr>
<p><a href="mailto:jackbondpreston@outlook.com">email me</a> to have a conversation</p>
</div>
</div>
</body>

331
_site/2022/11/19/cheri.html Normal file
View File

@ -0,0 +1,331 @@
<!DOCTYPE html>
<!--
  l、
゙(゚、 。
 l、゙ ~ヽ
 じしf_, )
-->
<html lang=" en-US">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>CHERI - jack bond-preston</title>
<link rel="stylesheet" href="/assets/css/main.css">
<link rel="stylesheet" href="/assets/css/pygments.css">
</head>
<body>
<div class="article">
<h1><a href="/2022/11/19/cheri.html">CHERI</a></h1>
<h2 id="preamble">preamble<a href="#preamble" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p><a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/">CHERI</a> is an acronym for Capability Hardware Enhanced RISC Instructions. it is a security-focussed project aimed at improving memory protection at the hardware level. the project is complex and it has many potential applications.</p>
<p>in this article I will go into some basics to give an understanding behind some changes that CHERI makes to how programs execute and are written. this will be focussed almost entirely in C, as this is where my experience lies - it is also where some of the effects of CHERI are most easily felt.this article is going to be a <em>very simplistic</em> introduction to CHERI, and Im going to attempt to explain the basics behind everything I cover. a basic understanding of C will be beneficial.</p>
<p><strong><em>note:</em></strong> <a href="https://www.arm.com/architecture/cpu/morello">the Morello platform</a> is an evaluation board produced by <a href="https://www.arm.com/">Arm</a> to provide a physical implementation of CHERI extending <a href="https://en.wikipedia.org/wiki/AArch64">the Arm AArch64 ISA</a>. I previously worked on this platform at Arm, <a href="https://git.morello-project.org/morello/musl-libc/">porting the musl C library to Morello</a>. implementations for CHERI that are worth looking into from a more open perspective <a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-951.pdf"> are the MIPS (chapter 4) and RISC-V (chapter 5) ones</a>. Morello is the only implementation that exists in a true hard core format, afaik - but this is obviously hard to obtain so youll just be playing around with emulators/models anyway.</p>
<h2 id="memory-safety-bugs">memory safety bugs<a href="#memory-safety-bugs" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>to first understand how CHERI tries to fix some simple issues, lets first look at some simplified examples of issues that arise when we arent using a CHERI-based architecture.</p>
<h3 id="a-simple-memory-safety-bug">a simple memory safety bug</h3>
<p>lets take a look at this C code:</p>
<figure class="highlight"><pre><code class="language-c" data-lang="c"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="code"><pre><span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp">
</span>
<span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="kt">char</span> <span class="n">my_perfect_string</span><span class="p">[]</span> <span class="o">=</span> <span class="s">"what a beautiful string"</span><span class="p">;</span> <span class="c1">// so beautiful, I sure hope no-one touches it</span>
<span class="kt">char</span> <span class="n">user_name</span><span class="p">[</span><span class="mi">32</span><span class="p">];</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"enter your name: "</span><span class="p">);</span>
<span class="n">fgets</span><span class="p">(</span><span class="n">user_name</span><span class="p">,</span> <span class="mi">1000</span><span class="p">,</span> <span class="n">stdin</span><span class="p">);</span> <span class="c1">// get user's name from stdin</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"hello %s"</span><span class="p">,</span> <span class="n">user_name</span><span class="p">);</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"my_perfect_string: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">my_perfect_string</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<p>now lets try using our new program:</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">$</span><span class="w"> </span>./membug
<span class="go">enter your name: jack
hello jack
my_perfect_string: what a beautiful string</span></code></pre></figure>
<p>works on my machine boss! code review +1, and merged… until our good friend <a href="https://en.wikipedia.org/wiki/Hubert_Blaine_Wolfeschlegelsteinhausenbergerdorff_Sr.">Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.</a> comes along. he emails me a strangeerror hes seen:</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">$</span><span class="w"> </span>./membug
<span class="go">enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
hello Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
my_perfect_string: hausenbergerdorff Sr.</span></code></pre></figure>
<p>thats not supposed to happen! his name has spilled over into our <code class="language-plaintext highlighter-rouge">my_perfect_string[]</code> array! turns out our issue is that when we use <code class="language-plaintext highlighter-rouge">fgets()</code>, weve set the second parameter, <code class="language-plaintext highlighter-rouge">size</code>, to <code class="language-plaintext highlighter-rouge">1000</code> - but our <code class="language-plaintext highlighter-rouge">user_name[32]</code> array c1593an only fit 32 characters (and the last of these should be a null terminator, so 31 usable characters).</p>
<p><code class="language-plaintext highlighter-rouge">fgets</code> fills up <code class="language-plaintext highlighter-rouge">user_name</code>, but it hasnt finished with the name yet! it doesnt care (or know) that <code class="language-plaintext highlighter-rouge">user_name</code> is full, its just going to keep going until it finishes our user input, or reads 999 characters from standard input. and thus it keeps mindlessly writing, overwriting the memory weve used to store our precious perfect string (which happens to be immediately after <code class="language-plaintext highlighter-rouge">user_name</code>). lets take a look at the stack in GDB to see why this happens:</p>
<figure class="highlight"><pre><code class="language-plaintext" data-lang="plaintext">(gdb) b memdebug.c:7
(gdb) run
Breakpoint 1, main () at membug.c:7
7 printf("enter your name: ");
(gdb) n
8 fgets(user_name, 1000, stdin); // get user's name from stdin
(gdb) n
9 printf("hello %s", user_name);
(gdb) x/56bc $sp
0x7fffffffdbf0: 106 'j' 97 'a' 99 'c' 107 'k' 10 '\n' 0 '\000' 0 '\000' 0 '\000'
0x7fffffffdbf8: 77 'M' 82 'R' 85 'U' 85 'U' 85 'U' 85 'U' 0 '\000' 0 '\000'
0x7fffffffdc00: -24 '\350' -78 '\262' -5 '\373' -9 '\367' -1 '\377' 127 '\177' 0 '\000' 0 '\000'
0x7fffffffdc08: 0 '\000' 82 'R' 85 'U' 85 'U' 85 'U' 85 'U' 0 '\000' 0 '\000'
0x7fffffffdc10: 119 'w' 104 'h' 97 'a' 116 't' 32 ' ' 97 'a' 32 ' ' 98 'b'
0x7fffffffdc18: 101 'e' 97 'a' 117 'u' 116 't' 105 'i' 102 'f' 117 'u' 108 'l'
0x7fffffffdc20: 32 ' ' 115 's' 116 't' 114 'r' 105 'i' 110 'n' 103 'g' 0 '\000'</code></pre></figure>
<p>we can see our two character arrays are right next to each other on the stack (<code class="language-plaintext highlighter-rouge">user_name</code> contains some gibberish as it is not zero-initialised).</p>
<p><strong><em>note:</em></strong> this code was compiled with <code class="language-plaintext highlighter-rouge">-fno-stack-protector</code> to reproduce this behaviour. compilers have certain techniques like this which can help protect against such attacks, but there are often ways around these by using less primitive attacks.</p>
<p>okay, its a pretty easy fix, we just need to change the <code class="language-plaintext highlighter-rouge">fgets(char *s, int size, FILE *stream)</code> parameter <code class="language-plaintext highlighter-rouge">size</code> to <code class="language-plaintext highlighter-rouge">32</code>.</p>
<p><strong><em>note:</em></strong> you may initially think “why not 31? dont we need to save a character for the null byte at the end?”. thankfully, <code class="language-plaintext highlighter-rouge">fgets</code> does this for us. excerpt from <code class="language-plaintext highlighter-rouge">man fgets</code>:</p>
<blockquote>
<p>“fgets() reads in <em>at most one less than size</em> characters from stream and stores them into the buffer pointed to by s […] A terminating null byte (\0) is stored after the last character in the buffer”.</p>
</blockquote>
<p>this is a good question to be asking though, being careful is key when it comes to these kinds of things.</p>
<h3 id="why-hardware">why hardware?</h3>
<p>okay, so thats an easy fix. why are we talking about doing anything in hardware here? just write the code correctly! the issue is code gets very complex, and this is a very simplistic situation. some memory safety bugs can be incredibly complicated and go unnoticed for decades. the C language especially gives the programmer many, many opportunities to make mistakes - and it only takes one to be a problem. a lot of the software we are using these days is based on stacks upon stacks of software written in different languages, and there are going to be bugs in there. CHERI should give us some protection “for free” (its not this simple, in actuality).</p>
<p>some languages (e.g. Rust) are going to offer you strong memory safety guarantees at compile-time, but thats not the topic of this article. the differences between doing this kind of protection in software or hardware (or both) is more complex than the scope of this article. in addition, CHERIs benefits are more wide in breadth than just protecting against this kind of issue.</p>
<h2 id="pointers-recap">pointers recap<a href="#pointers-recap" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>lets quickly recap a basic idea of what a pointer is. were going to ignore things like <a href="https://en.wikipedia.org/wiki/Virtual_memory">virtual memory</a> for brevity. we can think of a pointer in a normal 64-bit architecture (e.g. AArch64) simply as a 64-bit unsigned value that holds the memory address of something we care about. this is a simplification (as are most things), but it can help us reason about the general idea:</p>
<figure class="highlight"><pre><code class="language-c" data-lang="c"><span class="kt">int</span> <span class="n">val</span> <span class="o">=</span> <span class="mi">1593</span><span class="p">;</span>
<span class="kt">int</span> <span class="o">*</span><span class="n">x</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">val</span><span class="p">;</span> <span class="c1">// x points to val</span></code></pre></figure>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1920 314"><defs><style>.prefix__prefix__d{fill:none;stroke-miterlimit:10}.prefix__prefix__f,.prefix__prefix__h,.prefix__prefix__i{font-size:24px}.prefix__prefix__f,.prefix__prefix__h,.prefix__prefix__k{fill:#fcfcfc}.prefix__prefix__f,.prefix__prefix__l{font-family:Source Code Pro}.prefix__prefix__d{stroke:gray;stroke-width:4px}.prefix__prefix__h,.prefix__prefix__m{font-family:Source Code Pro;font-weight:700}.prefix__prefix__i{fill:gray}</style></defs><g id="prefix__prefix__a"><path fill="#0c1114" d="M0 0h1920v314H0z" /><text class="prefix__prefix__h" transform="translate(577.46 133.41)"><tspan x="0" y="0">int *x</tspan></text><text class="prefix__prefix__f" transform="translate(490.97 177.1)"><tspan x="0" y="0">0x0000010000000004</tspan></text><path d="M481.16 206v18.5M760.5 206v18.5m-279 0h279" stroke="#fcfcfc" fill="none" stroke-miterlimit="10" stroke-linecap="square" stroke-width="3" /><text transform="translate(578.78 241.33)" font-size="20" font-family="Source Code Pro" fill="#fcfcfc"><tspan x="0" y="0">address</tspan></text><path stroke-width="4" stroke="#fcfcfc" fill="none" stroke-miterlimit="10" d="M752 171h204.56" /><path class="prefix__prefix__k" d="M948.64 182.62L992 171.01l-43.36-11.63v23.24z" /><text transform="translate(1272.76 177.16)" fill="#fcfcfc" font-size="24"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000004</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text><text class="prefix__prefix__i" transform="translate(1272.76 133.16)"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000000</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text><text class="prefix__prefix__i" transform="translate(1271.76 224.16)"><tspan class="prefix__prefix__m" x="0" y="0">mem[</tspan><tspan class="prefix__prefix__l" x="57.6" y="0">0x0000010000000008</tspan><tspan class="prefix__prefix__m" x="316.79" y="0">]</tspan></text></g><g id="prefix__prefix__b"><path class="prefix__prefix__d" d="M1260 58v48H985V58" /><path d="M1258 195v40H987v-40h271m4-4H983v48h279v-48zm-4-84v40H987v-40h271m4-4H983v48h279v-48z" fill="gray" /><path class="prefix__prefix__k" d="M756.16 150.93v40h-271v-40h271m4-4h-279v48h279v-48zM1258 151v40H987v-40h271m4-4H983v48h279v-48z" /><text class="prefix__prefix__f" transform="translate(1094 177.09)"><tspan x="0" y="0">1593</tspan></text><text class="prefix__prefix__h" transform="translate(1007.6 45.16)"><tspan x="0" y="0">memory (as ints)</tspan></text><path class="prefix__prefix__d" d="M1260 284v-48H985v48" /></g></svg>
<p>and on these normal architectures, this pointer generally is just a number. we can do weird things with it, treating it as a number…</p>
<figure class="highlight"><pre><code class="language-c" data-lang="c"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
</pre></td><td class="code"><pre><span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp">
</span>
<span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="kt">int</span> <span class="n">magic</span> <span class="o">=</span> <span class="mi">9999</span><span class="p">;</span>
<span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">magic</span><span class="p">;</span>
<span class="kt">int</span> <span class="n">arr</span><span class="p">[]</span> <span class="o">=</span> <span class="p">{</span> <span class="mi">1234</span><span class="p">,</span> <span class="mi">5678</span> <span class="p">};</span>
<span class="kt">int</span> <span class="o">*</span><span class="n">x</span> <span class="o">=</span> <span class="o">&amp;</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="c1">// x is a pointer to first element of arr</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"*x=%d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">x</span><span class="p">);</span>
<span class="kt">unsigned</span> <span class="kt">long</span> <span class="n">x_addr</span> <span class="o">=</span> <span class="p">(</span><span class="kt">size_t</span><span class="p">)</span> <span class="n">x</span><span class="p">;</span> <span class="c1">// we're going to assume size_t = unsigned long here</span>
<span class="n">x_addr</span> <span class="o">+=</span> <span class="mi">4</span><span class="p">;</span> <span class="c1">// sizeof(int) == 4</span>
<span class="n">x</span> <span class="o">=</span> <span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">)</span> <span class="n">x_addr</span><span class="p">;</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"*x=%d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">x</span><span class="p">);</span>
<span class="n">x_addr</span> <span class="o">+=</span> <span class="mi">4</span><span class="p">;</span>
<span class="n">x</span> <span class="o">=</span> <span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">)</span> <span class="n">x_addr</span><span class="p">;</span>
<span class="n">printf</span><span class="p">(</span><span class="s">"*x=%d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">x</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<p>…and this code will often still work:</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">$</span><span class="w"> </span>./ptrs_as_numbers
<span class="go">*x=1234
*x=5678
*x=9999</span></code></pre></figure>
<p>yikes! now, when you start messing with pointers like this, youre bound to run into a bunch of undefined behaviour. but C programmers write undefined behaviour all the time, and my computer executes this program fine without complaining at all. doesnt it feel a bit weird that we can take a pointer to <code class="language-plaintext highlighter-rouge">arr[0]</code> and modify it to load <code class="language-plaintext highlighter-rouge">secret</code>? theyre not even part of the same array…</p>
<h2 id="introducting-capabilities">introducting capabilities<a href="#introducting-capabilities" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>CHERI introduces capabilities, which can be thought of as an extension to pointers. they still store an address of something we care about, but they have extra information too! in a 64-bit system, a pointer would typically be a 64-bit value (as dicussed previously). the corresponding capability in a CHERI platform is 128 bits (or 129 bits if you look at it a certain way, more about that later…).</p>
<p>as you might have guessed, this “extra information” takes up 64 bits of the capability. bits are assigned to three key pieces of metadata: <em>bounds</em>, <em>permissions</em>, and <em>object type</em>. there is also an additional 1-bit <em>tag</em> which is stored out-of-band: it is not a 129-bit value - instead each 128-bit capability can be thought of as being associated with a 1-bit validity tag. the architecture manages this. the diagram below is provided as a rough overview of this. note that it is not to scale.</p>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1920 314"><defs><style>.prefix__c{fill:none;stroke:#fcfcfc;stroke-linecap:square;stroke-miterlimit:10;stroke-width:3px}.prefix__f,.prefix__g{fill:#fcfcfc}.prefix__f{font-family:Source Code Pro;font-size:20px}</style></defs><g id="prefix__a"><path fill="#0c1114" d="M0 0h1920v314H0z" /><text transform="translate(101.86 232.41)" font-family="Source Code Pro" font-weight="700" fill="#fcfcfc" font-size="24"><tspan x="0" y="0">int *x (capability)</tspan></text><text transform="translate(1205.97 232.1)" font-family="Source Code Pro" fill="#fcfcfc" font-size="24"><tspan x="0" y="0">0x0000010000000004</tspan></text><path class="prefix__c" d="M1016 261v18.5M1656 261v18.5M1016 279.5h640" /><text class="prefix__f" transform="translate(1293.78 296.33)"><tspan x="0" y="0">address</tspan></text><path class="prefix__c" d="M700 191.5V173M1020 191.5V173M700 173h320" /><text class="prefix__f" transform="translate(823.78 167.74)"><tspan x="0" y="0">bounds</tspan></text><path class="prefix__c" d="M554 260.34v18.5M704 260.34v18.5M554 278.84h150" /><text class="prefix__f" transform="translate(562.78 295.68)"><tspan x="0" y="0">object type</tspan></text><g><path class="prefix__c" d="M391.89 191.56v-18.5M541.89 191.56v-18.5M391.89 173.06h150" /></g><text class="prefix__f" transform="translate(400.67 167.8)"><tspan x="0" y="0">permissions</tspan></text><text class="prefix__f" transform="translate(304.67 31.07)"><tspan x="0" y="0">tag (out-of-band)</tspan></text><g><path class="prefix__c" d="M391.33 55.92v-18.5M421.33 55.92v-18.5M391.33 37.42h30" /></g></g><g id="prefix__b"><path class="prefix__g" d="M1651.66 205.93v40h-632v-40h632m4-4h-640v48h640v-48z" /><path class="prefix__g" d="M1016 206v40H704v-40h312m4-4H700v48h320v-48z" /><path class="prefix__g" d="M700 206v40H558v-40h142m4-4H554v48h150v-48z" /><path class="prefix__g" d="M554 206v40h-12v-40h12m4-4h-20v48h20v-48z" /><path class="prefix__g" d="M538 206v40H396v-40h142m4-4H392v48h150v-48zM418.5 70v40h-22V70h22m4-4h-30v48h30V66z" /></g></svg>
<p>I am mostly going to focus on <em>bounds</em> in this article, as it is not too difficult to grasp, and the impact is fairly easy to demonstrate for some simple examples. the bounds represent an upper and lower bound on the memory region (address space) that this capability is allowed to access. if we try to use the capability to access some address outside of this range, the hardware will throw a fault - it simply wont let us do this!</p>
<p><strong><em>note:</em></strong> it is important to note that I am going to oversimplify the way the bounds are stored in this article. this especially includes the diagram above. in reality, there is a complex compression method, necessitated by the range and sizes required by bounds. this depends on the address value, alignment, etc. for now, we shouldnt need to think about this much, just know it will be managed for us. the key take-away from this is that <em>bounds cant always be 100% precise for all addresses and ranges</em>.</p>
<p>can you imagine how we can use bounds to prevent our previous memory safety bug from occurring? the key is that we can set the bounds on the capability pointing to <code class="language-plaintext highlighter-rouge">user_name</code> which we pass to <code class="language-plaintext highlighter-rouge">fgets</code>, such that the capability may only access the contents of the array. this means that when <code class="language-plaintext highlighter-rouge">fgets</code> tries to write past the end of the <code class="language-plaintext highlighter-rouge">user_name</code> array, the processor will throw a <em>capability fault</em>, and execution of our program will cease.</p>
<p>the idea behind CHERI is that we dont have to set up these bounds ourselves. this is something the compiler can generate code for. the compiler knows that the <code class="language-plaintext highlighter-rouge">user_name</code> array has a length of <code class="language-plaintext highlighter-rouge">32</code>, and can set the bounds accordingly on capabilities created that point to it. lets try it…</p>
<h2 id="playing-with-cheri-risc-v">playing with CHERI RISC-V<a href="#playing-with-cheri-risc-v" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>unless youre lucky enough to have access to a physical Morello board, there is the issue of actually using a CHERI implementation. for this article I will be making use of the <a href="https://en.wikipedia.org/wiki/QEMU">QEMU</a> emulator to emulate a <a href="https://en.wikipedia.org/wiki/RISC-V">RISC-V</a> CHERI environment. running <a href="https://www.cheribsd.org/">CheriBSD</a> on this emulator will allow us to have a nice <a href="https://www.freebsd.org/">FreeBSD</a>-based capability-enabled environment to play around with. Ill use <a href="https://github.com/CTSRD-CHERI/cheribuild">cheribuild</a> to easily get set up (the <code class="language-plaintext highlighter-rouge">cheribuild.py</code> step will take a very long time the first time):</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>apt <span class="nb">install </span>autoconf automake libtool pkg-config clang bison cmake <span class="se">\</span>
<span class="go">ninja-build samba flex texinfo time libglib2.0-dev libpixman-1-dev \
libarchive-dev libarchive-tools libbz2-dev libattr1-dev libcap-ng-dev
</span><span class="gp">$</span><span class="w"> </span>git clone git@github.com:CTSRD-CHERI/cheribuild
<span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>cheribuild
<span class="gp">$</span><span class="w"> </span>./cheribuild.py <span class="nt">--include-dependencies</span> <span class="nt">--run</span>/ssh-forwarding-port 2222 run-riscv64-purecap
<span class="go">CheriBSD/riscv (cheribsd-riscv64-purecap) (ttyu0)
login: root
</span><span class="gp">root@cheribsd-riscv64-purecap:~ #</span></code></pre></figure>
<p>now we have our shell inside our CheriBSD emulated platform, we can start to try things out. lets compile our <code class="language-plaintext highlighter-rouge">membug</code> program again, this time with the toolchain targetting CheriBSD RISC-V - this will have been built as part of the dependencies already. once its built, we can <code class="language-plaintext highlighter-rouge">scp</code> it over to the CheriBSD filesystem, as we set up the SSH forwarding port to
<code class="language-plaintext highlighter-rouge">1111</code>.</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">#</span><span class="w"> </span>on a separate terminal on your host machine
<span class="gp">$</span><span class="w"> </span>~/cheri/output/sdk/utils/cheribsd-riscv64-purecap-clang membug.c <span class="nt">-Wall</span> <span class="nt">-g</span> <span class="nt">-fno-stack-protector</span> <span class="nt">-o</span> membug-cheribsd
<span class="gp">$</span><span class="w"> </span>scp <span class="nt">-P</span> 2222 ./membug-cheribsd root@localhost:~/</code></pre></figure>
<p>and now we can see what happens when we explore our bug with CHERI:</p>
<figure class="highlight"><pre><code class="language-console" data-lang="console"><span class="gp">$</span>./membug-cheribsd
<span class="go">enter your name: jack
hello jack
my_perfect_string: what a beautiful string
</span><span class="gp">$</span><span class="w"> </span>./membug-cheribsd
<span class="go">enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
In-address space security exception (core dumped)</span></code></pre></figure>
<p>its working! we are getting a capability fault as we exceed the bounds of the
<code class="language-plaintext highlighter-rouge">user_name</code> capability bounds. we can use gdb to verify this is caused by the bounds fault:</p>
<figure class="highlight"><pre><code class="language-plaintext" data-lang="plaintext"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
</pre></td><td class="code"><pre>(gdb) run
Starting program: /root/membug-cheribsd
enter your name: Hubert Blaine Wolfeschlegelsteinhausenbergerdorff Sr.
Program received signal SIGPROT, CHERI protection violation.
Capability bounds fault caused by register ca6.
0x0000000040314ce8 in memcpy (dst0=0x3fffdfff44, src0=&lt;optimized out&gt;, length=54) at /home/jack/cheri/cheribsd/lib/libc/string/bcopy.c:143
(gdb) p $ca6
$1 = () 0x3fffdfff78 [rwRW,0x3fffdfff44-0x3fffdfff64]
</pre></td></tr></tbody></table></code></pre></figure>
<p>as we can see, the bounds for our <code class="language-plaintext highlighter-rouge">user_name</code> capability (which is stored in capability register <code class="language-plaintext highlighter-rouge">ca6</code>) are <code class="language-plaintext highlighter-rouge">0x3fffdfff44-0x3fffdfff64</code>, but the address is <code class="language-plaintext highlighter-rouge">0x3fffdfff78</code>. this is out of the bounds allowed by the capability, so the architecture throws a fault. if we look at the assembly generated by the compiler, we can see it set our capability bounds to a size of 32 to enforce this behaviour:</p>
<figure class="highlight"><pre><code class="language-armasm" data-lang="armasm"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
</pre></td><td class="code"><pre><span class="nl">0000000000001ce8</span> <span class="err">&lt;</span><span class="nb">main</span><span class="err">&gt;:</span>
<span class="c">; int main() {</span>
<span class="nb">cincoffset</span> <span class="nv">csp</span><span class="o">,</span> <span class="nv">csp</span><span class="o">,</span> <span class="o">-</span><span class="mi">160</span>
<span class="nb">csc</span> <span class="nv">cra</span><span class="o">,</span> <span class="mi">144</span> <span class="o">(</span><span class="nv">csp</span><span class="o">)</span>
<span class="nb">csc</span> <span class="nv">cs0</span><span class="o">,</span> <span class="mi">128</span> <span class="o">(</span><span class="nv">csp</span><span class="o">)</span>
<span class="nb">cincoffset</span> <span class="nv">cs0</span><span class="o">,</span> <span class="nv">csp</span><span class="o">,</span> <span class="mi">160</span>
<span class="nb">cincoffset</span> <span class="nv">ca0</span><span class="o">,</span> <span class="nv">cs0</span><span class="o">,</span> <span class="o">-</span><span class="mi">36</span>
<span class="nb">csetbounds</span> <span class="nv">ca2</span><span class="o">,</span> <span class="nv">ca0</span><span class="o">,</span> <span class="mi">4</span>
<span class="nb">cincoffset</span> <span class="nv">ca0</span><span class="o">,</span> <span class="nv">cs0</span><span class="o">,</span> <span class="o">-</span><span class="mi">60</span>
<span class="nb">csetbounds</span> <span class="nv">ca0</span><span class="o">,</span> <span class="nv">ca0</span><span class="o">,</span> <span class="mi">24</span>
<span class="nb">csc</span> <span class="nv">ca0</span><span class="o">,</span> <span class="o">-</span><span class="mi">128</span> <span class="o">(</span><span class="nv">cs0</span><span class="o">)</span>
<span class="nb">cincoffset</span> <span class="nv">ca1</span><span class="o">,</span> <span class="nv">cs0</span><span class="o">,</span> <span class="o">-</span><span class="mi">92</span>
<span class="nb">csetbounds</span> <span class="nv">ca1</span><span class="o">,</span> <span class="nv">ca1</span><span class="o">,</span> <span class="mi">32</span>
<span class="nb">csc</span> <span class="nv">ca1</span><span class="o">,</span> <span class="o">-</span><span class="mi">144</span> <span class="o">(</span><span class="nv">cs0</span><span class="o">)</span>
<span class="nb">mv</span> <span class="nv">a1</span><span class="o">,</span> <span class="nv">zero</span>
<span class="nb">csd</span> <span class="nv">a1</span><span class="o">,</span> <span class="o">-</span><span class="mi">104</span> <span class="o">(</span><span class="nv">cs0</span><span class="o">)</span>
<span class="nb">csw</span> <span class="nv">a1</span><span class="o">,</span> <span class="mi">0</span> <span class="o">(</span><span class="nv">ca2</span><span class="o">)</span>
</pre></td></tr></tbody></table></code></pre></figure>
<h3 id="capability-monotonicity">capability monotonicity</h3>
<p>at this point you may be thinking “okay, thats great, but if we can just set the bounds of a capability with an instruction then whats the point? surely I can just set global bounds on some random pointer and access whatever I want?”</p>
<p>fundamental to the idea of capabilities is their <em>provenance</em> and <em>monotonicity</em>. simply put, the first says we can only construct a capability using specific instructions, from an existing capability. we cant just create a capability from some random number. lets see what happens when we try to run our <code class="language-plaintext highlighter-rouge">ptrs_as_numbers</code> program on CheriBSD:</p>
<figure class="highlight"><pre><code class="language-plaintext" data-lang="plaintext">(gdb) runStarting program: /root/ptrs_as_numbers-cheribsd
*x=1234
Program received signal SIGPROT, CHERI protection violation.Capability tag fault caused by register ca1.0x0000000000101c66 in main () at ptrs_as_numbers.c:1414 printf("*x=%d\n", *x);
(gdb) p $ca1
$1 = () 0x3fffdfff74</code></pre></figure>
<p>we can see we get a fault - the tag isnt set. any capability with a tag not set to 1 cannot be dereferenced - it is invalid. in fact, this capability has no capability metadata - when we copied it into our <code class="language-plaintext highlighter-rouge">unsigned long</code>, we just copied the 64-bit address.</p>
<p><em>monotonicity</em> is what stops us taking an existing capability, and creating a capability with more permissions and/or access than the original. it stipulates that when we create a capability from another capability (which we have to do - provenance), the permissions and bounds of the new capability must be equal to or less than the original. so our bounds can only get narrower as we create new capabilites from an existing capability. this means that capabilities trace back in a chain - they are all created from other capabilities, and narrowed as necessary. in this case, (simplified) when the kernel loads our program it will give us capabilities that are wide enough to do everything we need to do, and the compiler will try and make sure all the capabilities that we make and use from these are as tightly bound and unpermissive as possible.</p>
<h3 id="cheri-fying-code">CHERI-fying code</h3>
<p>youll notice we got a lot of these benefits “for free”. we only had to recompile our code, and we got this extra security. of course, CHERI does require changes to programs. naturally, the compiler had to be changed a lot to implement this behaviour. it also especially requires changes to things like the C library and kernel in order to take advantage of the features fully. sufficiently large userspace programs do need changes too. one common issue is that a lot of existing C code assumes that <code class="language-plaintext highlighter-rouge">sizeof (*void) == sizeof(size_t)</code>. with CHERI, our pointers are now twice as big. however, <code class="language-plaintext highlighter-rouge">size_t</code> hasnt changed size, as the address space size hasnt changed - for example, if we index into an array with <code class="language-plaintext highlighter-rouge">size_t</code>, the index should still be the same size; the extra data in our <code class="language-plaintext highlighter-rouge">void *</code> capability is the metadata, not extra address data. any program that tries to convert from some <code class="language-plaintext highlighter-rouge">unsigned long</code> or <code class="language-plaintext highlighter-rouge">size_t</code> to a capability will fault - this violates provenance. so, sometimes code changes have to be made to ensure we are keeping the capability metadata around.</p>
<h2 id="epilogue">epilogue<a href="#epilogue" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>I appreciate this has been a fragmented and surface level introduction to CHERI. hopefully it has provided some education in some basic aims of CHERI regardless. potential benefits and uses for CHERI go much deeper than anything Ive touched on here, so please, read more about everything - and get your hands dirty trying out messing about with qemu and CheriBSD!</p>
<p>here are some links to check out:</p>
<ul>
<li><a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/">CHERI homepage @ CUCL</a></li>
<li><a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-941.pdf">technical report: An Introduction to CHERI</a></li>
<li><a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf">technical report: CHERI C/C++ Programming Guide</a></li>
<li><a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-951.pdf">technical report: CHERI ISAv8</a></li>
<li><a href="https://www.arm.com/architecture/cpu/morello">Morello homepage @ Arm</a></li>
<li><a href="https://developer.arm.com/documentation/ddi0606/latest">Morello Architecture Reference Manual @ Arm</a></li>
</ul>
<hr>
<p><a href="mailto:jackbondpreston@outlook.com">email me</a> to have a conversation</p>
</div>
</body>
</html>

1
_site/CNAME Normal file
View File

@ -0,0 +1 @@
jackbondpreston.me

1
_site/README.md Normal file
View File

@ -0,0 +1 @@
# website

41
_site/assets/css/main.css Normal file
View File

@ -0,0 +1,41 @@
@font-face { font-family: TeXGyreCursor; src: url("../fonts/texgyrecursor-regular.woff") format("woff"); font-weight: normal; font-style: normal; }
@font-face { font-family: TeXGyreCursor; src: url("../fonts/texgyrecursor-bold.woff") format("woff"); font-weight: bold; font-style: normal; }
@font-face { font-family: TeXGyreCursor; src: url("../fonts/texgyrecursor-italic.woff") format("woff"); font-weight: normal; font-style: italic; }
@font-face { font-family: TeXGyreCursor; src: url("../fonts/texgyrecursor-bolditalic.woff") format("woff"); font-weight: bold; font-style: italic; }
@font-face { font-family: 'Source Code Pro'; font-style: normal; font-weight: 400; src: local(""), url("../fonts/source-code-pro-v22-latin-ext_latin-regular.woff2") format("woff2"), url("../fonts/source-code-pro-v22-latin-ext_latin-regular.woff") format("woff"); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ }
@font-face { font-family: 'Source Code Pro'; font-style: normal; font-weight: 700; src: local(""), url("../fonts/source-code-pro-v22-latin-ext_latin-700.woff2") format("woff2"), url("../fonts/source-code-pro-v22-latin-ext_latin-700.woff") format("woff"); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ }
@font-face { font-family: 'Source Code Pro'; font-style: italic; font-weight: 400; src: local(""), url("../fonts/source-code-pro-v22-latin-ext_latin-italic.woff2") format("woff2"), url("../fonts/source-code-pro-v22-latin-ext_latin-italic.woff") format("woff"); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ }
@font-face { font-family: 'Source Code Pro'; font-style: italic; font-weight: 700; src: local(""), url("../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff2") format("woff2"), url("../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff") format("woff"); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ }
body { background-color: #0c1114; color: #fcfcfc; padding-left: 5vw; padding-right: 5vw; padding-top: 5vh; font-family: 'Source Code Pro'; font-size: 1.5rem; }
h1 { color: lightpink; margin: 0; }
h2 { margin: 0; margin-top: 3rem; margin-bottom: 0.5rem; }
a { color: #fca9b8; font-weight: bold; text-decoration: none; }
.article p a, .article li a { font-weight: normal; text-decoration: underline; word-wrap: break-word; }
.article picture img, .article p img { max-width: 100%; display: block; }
.article code, .article pre { font-family: 'Source Code Pro'; margin: 0; padding: 0; }
.article p code { font-size: 1.5rem; color: #a5d6ff; }
.article .header-link { display: inline-block; }
table { border-spacing: 0; }
h2 .header-link { display: none; padding-left: 10px; font-weight: normal; font-size: 1.3rem; }
h2 .header-link img { height: 1.25rem; margin-bottom: -4px; }
/*# sourceMappingURL=main.css.map */

14
_site/assets/css/main.css.map Normal file
View File

@ -0,0 +1,14 @@
{
"version": 3,
"file": "main.css",
"sources": [
"main.scss",
"_sass/main.scss"
],
"sourcesContent": [
"@import \"main\";\n",
"$background-color: rgb(12, 17, 20);\n$body-color: rgb(252, 252, 252);\n$heading-color: rgb(255, 182, 193);\n$link-color: rgb(252, 169, 184);\n$inl-code-color: rgb(165, 214, 255);\n\n@font-face {\n font-family: TeXGyreCursor;\n src: url('../fonts/texgyrecursor-regular.woff') format('woff');\n font-weight: normal;\n font-style: normal;\n}\n\n@font-face {\n font-family: TeXGyreCursor;\n src: url('../fonts/texgyrecursor-bold.woff') format('woff');\n font-weight: bold;\n font-style: normal;\n}\n\n@font-face {\n font-family: TeXGyreCursor;\n src: url('../fonts/texgyrecursor-italic.woff') format('woff');\n font-weight: normal;\n font-style: italic;\n}\n\n@font-face {\n font-family: TeXGyreCursor;\n src: url('../fonts/texgyrecursor-bolditalic.woff') format('woff');\n font-weight: bold;\n font-style: italic;\n}\n\n@font-face {\n font-family: 'Source Code Pro';\n font-style: normal;\n font-weight: 400;\n src: local(''),\n url('../fonts/source-code-pro-v22-latin-ext_latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */\n url('../fonts/source-code-pro-v22-latin-ext_latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */\n}\n\n@font-face {\n font-family: 'Source Code Pro';\n font-style: normal;\n font-weight: 700;\n src: local(''),\n url('../fonts/source-code-pro-v22-latin-ext_latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */\n url('../fonts/source-code-pro-v22-latin-ext_latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */\n}\n\n@font-face {\n font-family: 'Source Code Pro';\n font-style: italic;\n font-weight: 400;\n src: local(''),\n url('../fonts/source-code-pro-v22-latin-ext_latin-italic.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */\n url('../fonts/source-code-pro-v22-latin-ext_latin-italic.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */\n}\n\n@font-face {\n font-family: 'Source Code Pro';\n font-style: italic;\n font-weight: 700;\n src: local(''),\n url('../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */\n url('../fonts/source-code-pro-v22-latin-ext_latin-700italic.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */\n}\n\nbody {\n background-color: $background-color;\n color: $body-color;\n padding-left: 5vw;\n padding-right: 5vw;\n padding-top: 5vh;\n font-family: 'Source Code Pro';\n font-size: 1.5rem;\n}\n\nh1 {\n color: $heading-color;\n margin: 0;\n}\n\nh2 {\n margin: 0;\n margin-top: 3rem;\n margin-bottom: 0.5rem;\n}\n\na {\n color: $link-color;\n font-weight: bold;\n text-decoration: none;\n}\n\n.article {\n p, li {\n a {\n font-weight: normal;\n text-decoration: underline;\n word-wrap: break-word;\n }\n }\n\n picture img, p img {\n max-width: 100%;\n display: block;\n }\n\n code, pre {\n font-family: 'Source Code Pro';\n margin: 0;\n padding: 0;\n }\n \n p code {\n font-size: 1.5rem;\n color: #a5d6ff;\n }\n\n .header-link {\n display: inline-block;\n }\n}\n\ntable {\n border-spacing: 0;\n}\n\nh2 .header-link {\n display: none;\n\n padding-left: 10px;\n font-weight: normal;\n font-size: 1.3rem;\n\n img {\n height: 1.25rem;\n margin-bottom: -4px;\n }\n}"
],
"names": [],
"mappings": "ACMA,UAAU,GACR,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,0CAA0C,CAAC,cAAc,EAC9D,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM;;AAGpB,UAAU,GACR,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,uCAAuC,CAAC,cAAc,EAC3D,WAAW,EAAE,IAAI,EACjB,UAAU,EAAE,MAAM;;AAGpB,UAAU,GACR,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,yCAAyC,CAAC,cAAc,EAC7D,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM;;AAGpB,UAAU,GACR,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,6CAA6C,CAAC,cAAc,EACjE,WAAW,EAAE,IAAI,EACjB,UAAU,EAAE,MAAM;;AAGpB,UAAU,GACR,WAAW,EAAE,iBAAiB,EAC9B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,EAAE,SAAS,EACT,iEAAiE,CAAC,eAAe,EACjF,gEAAgE,CAAC,cAAc,EAAE,iDAAiD;;AAGzI,UAAU,GACR,WAAW,EAAE,iBAAiB,EAC9B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,EAAE,SAAS,EACT,6DAA6D,CAAC,eAAe,EAC7E,4DAA4D,CAAC,cAAc,EAAE,iDAAiD;;AAGrI,UAAU,GACR,WAAW,EAAE,iBAAiB,EAC9B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,EAAE,SAAS,EACT,gEAAgE,CAAC,eAAe,EAChF,+DAA+D,CAAC,cAAc,EAAE,iDAAiD;;AAGxI,UAAU,GACR,WAAW,EAAE,iBAAiB,EAC9B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,EAAE,SAAS,EACT,mEAAmE,CAAC,eAAe,EACnF,kEAAkE,CAAC,cAAc,EAAE,iDAAiD;;AAG3I,AAAA,IAAI,CAAC,EACH,gBAAgB,EAvEC,OAAe,EAwEhC,KAAK,EAvEM,OAAkB,EAwE7B,YAAY,EAAE,GAAG,EACjB,aAAa,EAAE,GAAG,EAClB,WAAW,EAAE,GAAG,EAChB,WAAW,EAAE,iBAAiB,EAC9B,SAAS,EAAE,MAAM,GAClB;;AAED,AAAA,EAAE,CAAC,EACD,KAAK,EA/ES,SAAkB,EAgFhC,MAAM,EAAE,CAAC,GACV;;AAED,AAAA,EAAE,CAAC,EACD,MAAM,EAAE,CAAC,EACT,UAAU,EAAE,IAAI,EAChB,aAAa,EAAE,MAAM,GACtB;;AAED,AAAA,CAAC,CAAC,EACA,KAAK,EAzFM,OAAkB,EA0F7B,WAAW,EAAE,IAAI,EACjB,eAAe,EAAE,IAAI,GACtB;;AAED,AAEI,QAFI,CACN,CAAC,CACC,CAAC,EAFL,QAAQ,CACH,EAAE,CACH,CAAC,CAAC,EACA,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,SAAS,EAC1B,SAAS,EAAE,UAAU,GACtB;;AANL,AASE,QATM,CASN,OAAO,CAAC,GAAG,EATb,QAAQ,CASO,CAAC,CAAC,GAAG,CAAC,EACjB,SAAS,EAAE,IAAI,EACf,OAAO,EAAE,KAAK,GACf;;AAZH,AAcE,QAdM,CAcN,IAAI,EAdN,QAAQ,CAcA,GAAG,CAAC,EACR,WAAW,EAAE,iBAAiB,EAC9B,MAAM,EAAE,CAAC,EACT,OAAO,EAAE,CAAC,GACX;;AAlBH,AAoBE,QApBM,CAoBN,CAAC,CAAC,IAAI,CAAC,EACL,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,OAAO,GACf;;AAvBH,AAyBE,QAzBM,CAyBN,YAAY,CAAC,EACX,OAAO,EAAE,YAAY,GACtB;;AAGH,AAAA,KAAK,CAAC,EACJ,cAAc,EAAE,CAAC,GAClB;;AAED,AAAA,EAAE,CAAC,YAAY,CAAC,EACd,OAAO,EAAE,IAAI,EAEb,YAAY,EAAE,IAAI,EAClB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAMlB;;AAXD,AAOE,EAPA,CAAC,YAAY,CAOb,GAAG,CAAC,EACF,MAAM,EAAE,OAAO,EACf,aAAa,EAAE,IAAI,GACpB"
}

20
style/pygments.css → _site/assets/css/pygments.css
View File

@ -1,25 +1,23 @@
/*
generated by Pygments <https://pygments.org/>
Copyright 2006-2022 by the Pygments team.
Licensed under the BSD license, see LICENSE for details.
*/
pre {
line-height: 125%;
font-size: 1.25rem;
margin-top: 0;
vertical-align: top;
}
.highlighttable {
figure.highlight {
margin: 0;
margin-left: 1.5rem;
}
.rouge-table {
display: block;
overflow-x: auto;
}
td.linenos {
border-right: 3px solid rgb(252, 169, 184);
td.gutter {
padding-right: 10px;
border-right: 3px solid rgb(252, 169, 184);
border-radius: 3px;
padding-top: 3px;
padding-bottom: 3px;
}
td.code {

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-700.woff Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-700.woff2 Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-700italic.woff Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-700italic.woff2 Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-italic.woff Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-italic.woff2 Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-regular.woff Normal file
View File

Binary file not shown.

BIN
_site/assets/fonts/source-code-pro-v22-latin-ext_latin-regular.woff2 Normal file
View File

Binary file not shown.

65
_site/assets/images/link.svg Normal file
View File

@ -0,0 +1,65 @@
<svg version="1.1" id="prefix__SEO" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 128 128"
xml:space="preserve">
<style>
.prefix__st0 {
display: none
}
.prefix__st1 {
display: inline
}
.prefix__st1,
.prefix__st2,
.prefix__st3 {
fill: #fca9b8;
}
.prefix__st2 {
display: inline;
fill-rule: evenodd;
clip-rule: evenodd
}
.prefix__st3 {
display: none
}
</style>
<g id="prefix__row3" class="prefix__st0">
<path id="prefix__icon:5_2_" class="prefix__st1"
d="M29 64v20h70V64H29zm66.7 16.7H78.2V67.3h17.5v13.4zM0 6.1v115.8h128V6.1H0zm49.1 15.2c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1c2.8.1 5.1 2.3 5.1 5.1zm-14.2 0c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1 5.1 2.3 5.1 5.1zm-14.2 0c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1 5.1 2.3 5.1 5.1zm101.2 94.5H6.1V35.6h115.8v80.2z" />
<path id="prefix__icon:4_2_" class="prefix__st2"
d="M109.9 53.8c0-3.6-12.6-5.5-13.5-8.8-.9-3.4 9-11.3 7.3-14.4-1.8-3-13.6 1.6-16.1-.8-2.5-2.5 2.2-14.3-.8-16.1-3-1.7-10.9 8.2-14.4 7.3-3.3-.9-5.2-13.5-8.8-13.5-3.6 0-5.5 12.6-8.8 13.5-3.4.9-11.4-9-14.4-7.3-3 1.8 1.6 13.6-.8 16.1-2.5 2.5-14.3-2.2-16.1.8-1.7 3 8.2 10.9 7.3 14.4-.9 3.3-13.5 5.2-13.5 8.8 0 3.6 12.6 5.5 13.5 8.8.9 3.4-9 11.3-7.3 14.3.3.5.8.8 1.5.9 3.8.8 12.5-2.2 14.6-.1 2.5 2.5-2.2 14.3.8 16.1 1.4.8 4-1 6.6-3.1 2.9-2.2 5.9-4.7 7.7-4.3 3.3.9 5.2 13.5 8.8 13.5 3.6 0 5.5-12.6 8.8-13.5 2.3-.6 6.5 3.6 10 6 1.8 1.2 3.3 1.9 4.3 1.4 3-1.8-1.6-13.6.8-16.1 2.2-2.2 11.6 1.2 15 0 .5-.2.8-.4 1.1-.8 1.7-3-8.2-10.9-7.3-14.3 1.1-3.4 13.7-5.2 13.7-8.8zm-46.2 32c-17.7 0-32-14.3-32-32s14.3-32 32-32 32 14.3 32 32c0 17.6-14.3 32-32 32zm25.1-32c0 13.9-11.3 25.1-25.1 25.1S38.6 67.6 38.6 53.8c0-13.9 11.3-25.1 25.1-25.1s25.1 11.2 25.1 25.1zM42.6 95.4l-25.1 25.1-3.9-13.6L0 103l20.5-20.6c3.8.8 12.5-2.2 14.6-.1 2.5 2.5-2.2 14.3.8 16.1 1.5.9 4-1 6.7-3zM128 103l-13.6 3.9-3.9 13.6-23.4-23.4c1.8 1.2 3.3 1.9 4.3 1.4 3-1.8-1.6-13.6.8-16.1 2.2-2.2 11.6 1.2 15 0L128 103z" />
<path id="prefix__icon:3_2_" class="prefix__st2"
d="M39.7 60.2L0 99.3V28.4l39.7 31.8zM4.8 24.6L64 72.1l59.2-47.5H4.8zM83.6 64L64 79.7 44.4 64 4.2 103.4h119.5L83.6 64zm4.7-3.8L128 99.3V28.4L88.3 60.2z" />
<path id="prefix__icon:2_2_" class="prefix__st2"
d="M38.4 63.3s9.2-6.6 15.3-15.7c5.9-8.7 8.8-15.2 8.8-15.2s2.5-8.5.6-17.7c-1-5 4.3-8 10.7-5.9 5.1 1.6 7.5 13 7.9 15.9 1.9 14.2-4.5 28.9-4.5 28.9H115s13.4-.3 13 8.2c-.5 9.8-16.3 9.4-16.3 9.4s10.5 1.4 10.5 8.8c-.1 7.4-12.8 9.2-12.8 9.2s9.2 1.7 8.6 7.6c-.6 5.5-11.4 7.4-11.4 7.4s6.7 1.8 5.7 8.1c-.8 4.9-8.2 4.6-8.2 4.6l-65.5-.1V63.3zm-2.6-2.7v59.3H5.2L0 60.6h35.8zm-8.9 46.9c0-3-2.4-5.4-5.4-5.4-3 0-5.4 2.4-5.4 5.4 0 3 2.4 5.4 5.4 5.4 3 .1 5.4-2.4 5.4-5.4z" />
<path id="prefix__icon:1_2_" class="prefix__st1"
d="M115.4 128H12.6V0h102.8v128zm-97.5-5.4H110V5.4H17.9v117.2zM66 27.4c-1.2-6.3-6.7-11.1-13.4-11.1C45.1 16.3 39 22.5 39 30c0 7.5 6.1 13.7 13.6 13.7 6.6 0 12.2-4.8 13.4-11.1h28.5V18.9h-5.1v8.5h-2.8v-8.5h-5.1v8.5H66zM52.6 38.5c-4.7 0-8.5-3.8-8.5-8.5s3.8-8.5 8.5-8.5 8.5 3.8 8.5 8.5-3.8 8.5-8.5 8.5zm48.7 17.2H24.9v3.6h76.4v-3.6zm0 10.7H24.9V70h76.4v-3.6zm0 10.7H24.9v3.6h76.4v-3.6zm0 10.8H24.9v3.6h76.4v-3.6zm0 10.7H24.9v3.6h76.4v-3.6zm0 10.7H24.9v3.6h76.4v-3.6z" />
</g>
<g id="prefix__row2" class="prefix__st0">
<path id="prefix__icon:5_1_" class="prefix__st1"
d="M64 0C37.8 0 16.5 21.3 16.5 47.5c0 12 4.5 23 11.9 31.4L63.8 128l35.9-49.3c7.3-8.4 11.8-19.3 11.8-31.2C111.5 21.3 90.2 0 64 0zm0 7.1c22.2 0 40.3 18.1 40.3 40.3S86.2 87.8 64 87.8 23.7 69.7 23.7 47.5 41.8 7.1 64 7.1zm-8.3 66.3L40.3 45.7l8.3-4.6L56 54.4c6.7-10 20.3-27.3 34.9-30l1.7 9.3C79.4 36.2 64.5 57.9 59.8 66l-4.1 7.4z" />
<path id="prefix__icon:4_1_" class="prefix__st1"
d="M90.3 76.4c-3.9-3.9-8.6-3-12.6 1s-6 8.7-1.6 13.2c4.3 4.3 9.2 2.4 13.2-1.6 3.9-4 4.9-8.8 1-12.6zm0 0c-3.9-3.9-8.6-3-12.6 1s-6 8.7-1.6 13.2c4.3 4.3 9.2 2.4 13.2-1.6 3.9-4 4.9-8.8 1-12.6zm35.3-.1L55.4 6.1c-1.7-1.7-4-2.8-6.5-3L8.5 0C3.6-.4-.4 3.6 0 8.5l3.1 40.4c.2 2.4 1.2 4.7 3 6.5l70.2 70.2c3.2 3.2 8.3 3.2 11.4.1l38-38c3.1-3.1 3.1-8.2-.1-11.4zM8.8 16.1c-2-2-2-5.2 0-7.2s5.2-2 7.2 0 2 5.2 0 7.2-5.2 2-7.2 0zm21.9 36.7c-6-6-5.7-11.7-3.5-14 1.2-1.2 2.8-1.1 4 0 2.6 2.6-1.9 5.7 3 10.5 2.5 2.5 5.2 2.5 6.6 1.1.8-.8 1.4-2.2.1-4.2l-4-6.7c-3.2-5.4-1.6-8.6.6-10.8 4.6-4.6 10.7-2.1 14.7 1.9 3.7 3.7 6 10.2 3.2 13-1.2 1.2-2.9.9-4.1-.3-2.2-2.2 1.3-4.9-3.1-9.3-2.2-2.2-4.4-2.4-5.9-1-1.4 1.4-.2 3.7 1 5.5l3.1 4.9c3.4 5.3 1.9 9-.6 11.5-3.7 3.7-9.4 3.7-15.1-2.1zm26.8 25.9L46.1 67.3c-1.7-1.7-2.1-3.5 0-5.6l15.3-15.3c2.1-2.1 3.9-1.7 5.6 0l11.2 11.2c1.4 1.4 2 2.8.5 4.3s-2.9.9-4.3-.5l-9.2-9.2-4.5 4.5 8.1 8.1c1.2 1.2 1.9 2.6.4 4.1s-2.8.8-4.1-.4L57 60.4l-5 5 9.4 9.4c1.4 1.4 2 2.8.5 4.3s-3 1-4.4-.4zm14.7 15.7c-7.5-7.5-5.7-15.4.6-21.7 6.1-6.1 14.4-7 21.2-.1 6.8 6.8 6 15.1-.1 21.2-5.8 5.8-14.5 7.7-21.7.6zm18.1-18c-3.9-3.9-8.6-3-12.6 1s-6 8.7-1.6 13.2c4.3 4.3 9.2 2.4 13.2-1.6 3.9-4 4.9-8.8 1-12.6z" />
<path id="prefix__icon:3_1_" class="prefix__st1"
d="M128 95c0 6.4-5.2 11.6-11.6 11.6-6.4 0-11.6-5.2-11.6-11.6 0-.5 0-1 .1-1.4l-27-10.1C74.5 89.8 67.9 94 60.3 94c-6.8 0-12.7-3.4-16.3-8.6L22.9 96.2c.2.9.3 1.8.3 2.7 0 6.4-5.2 11.6-11.6 11.6-6.4 0-11.6-5.2-11.6-11.6s5.2-11.6 11.7-11.6c3.6 0 6.8 1.6 8.9 4.1l21.1-10.7c-.7-2-1.1-4.3-1.1-6.5 0-5.3 2.1-10.2 5.5-13.7L29.5 39.6c-1.5.7-3.2 1.1-4.9 1.1-6.4 0-11.6-5.2-11.6-11.6s5.2-11.6 11.6-11.6c6.4 0 11.7 5.2 11.7 11.6 0 2.7-.9 5.2-2.5 7.2l16.5 20.8c3-1.8 6.4-2.8 10.1-2.8 4.4 0 8.4 1.4 11.7 3.8l21.7-22.7c-1.2-1.8-1.9-4-1.9-6.3 0-6.4 5.2-11.6 11.6-11.6 6.4 0 11.6 5.2 11.6 11.6s-5.2 11.6-11.6 11.6c-2.1 0-4.1-.6-5.9-1.6L75.9 61.8c2.7 3.4 4.3 7.7 4.3 12.4 0 1.5-.2 3-.5 4.4l27 10.1c2.1-3.1 5.6-5.2 9.7-5.2 6.4-.1 11.6 5.1 11.6 11.5z" />
<path id="prefix__icon:2_1_" class="prefix__st1"
d="M128 104.9v7.1H0V16h7v88.9h12.7V54.3h22.7v50.6h5.3V43.7h22.8v61.2h5.2V64.4h22.8v40.5z" />
<path id="prefix__icon:1_3_" class="prefix__st1"
d="M0 6.1v115.8h128V6.1H0zm49.1 15.2c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1c2.8.1 5.1 2.3 5.1 5.1zm-14.2 0c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1 5.1 2.3 5.1 5.1zm-14.2 0c0 2.8-2.3 5.1-5.1 5.1s-5.1-2.3-5.1-5.1 2.3-5.1 5.1-5.1 5.1 2.3 5.1 5.1zm101.2 94.5H6.1V35.6h115.8v80.2zM94.8 80.5V70.1h-7.9c-.6-2.7-1.7-5.3-3.1-7.6l5.6-5.6-7.4-7.4-5.6 5.6c-2.3-1.5-4.9-2.6-7.6-3.2V44H58.3v8c-2.7.6-5.3 1.7-7.6 3.2l-5.6-5.6-7.4 7.4 5.6 5.6c-1.5 2.3-2.5 4.9-3.1 7.6h-7.9v10.4h8c.6 2.7 1.7 5.3 3.1 7.5l-5.6 5.6 7.4 7.4 5.7-5.7c2.3 1.5 4.8 2.5 7.5 3.1v8h10.4v-8c2.7-.6 5.3-1.7 7.5-3.1l5.7 5.7 7.4-7.4-5.6-5.6c1.5-2.3 2.5-4.8 3.1-7.6h7.9zM74.6 79l-.6 1.5c-1.1 2.3-3 4.1-5.3 5.2-.5.2-1 .5-1.5.6-1.2.4-2.4.6-3.7.6s-2.5-.2-3.7-.6l-1.5-.6c-2.3-1.1-4.1-3-5.3-5.2-.2-.5-.5-1-.6-1.5-.4-1.2-.6-2.5-.6-3.8 0-1.3.2-2.5.6-3.7.2-.5.4-1 .6-1.4 1.1-2.3 3-4.2 5.3-5.3.5-.2.9-.4 1.4-.6 1.2-.4 2.5-.6 3.8-.6 1.3 0 2.6.2 3.8.6.5.2 1 .4 1.4.6 2.3 1.1 4.2 3 5.3 5.3l.6 1.5c.4 1.2.6 2.4.6 3.7 0 1.3-.2 2.6-.6 3.7z" />
</g>
<g id="prefix__row1">
<path id="prefix__icon:5" class="prefix__st3"
d="M117.8 96.1V31.3c0-4.2-3.4-7.7-7.7-7.7H19.9c-4.2 0-7.7 3.4-7.7 7.7V96H0v8.3h128V96h-10.2zM17.3 31.3c0-1.4 1.2-2.6 2.6-2.6h90.2c1.4 0 2.6 1.1 2.6 2.6v61.6c0 1.4-1.1 2.6-2.6 2.6H19.9c-1.4 0-2.6-1.2-2.6-2.6V31.3zM107.5 75c0 3-2.4 5.4-5.4 5.4S96.6 78 96.6 75c0-.7.1-1.4.4-2L81.7 59.4c-.9.7-2 1.1-3.2 1.1-.7 0-1.3-.1-1.9-.3l-7.7 9c.3.7.5 1.4.5 2.2 0 3-2.4 5.4-5.4 5.4s-5.4-2.4-5.4-5.4c0-.2 0-.4.1-.6l-22.3-15c-.9.7-2 1.1-3.2 1.1-3 0-5.4-2.4-5.4-5.4 0-3 2.4-5.4 5.4-5.4s5.4 2.4 5.4 5.4c0 .5-.1.9-.2 1.4l21.8 14.7c1-.9 2.3-1.5 3.8-1.5.9 0 1.7.2 2.4.6l7.4-8.7a5.376 5.376 0 014.6-8.2c3 0 5.4 2.4 5.4 5.4 0 .5-.1.9-.2 1.4l15.6 13.8c.8-.4 1.7-.7 2.6-.7 3.2-.1 5.7 2.3 5.7 5.3z" />
<path id="prefix__icon:4"
d="M81 57.4c-1.6-4.1-4.1-7.7-7.3-10.5l-.1-.1c-7.3-6.5-18-8.7-27.8-4.9L17.3 53C3.4 58.5-3.6 74.2 1.8 88.2c2.6 6.7 7.7 12.1 14.4 15 3.5 1.5 7.2 2.3 11 2.3 3.3 0 6.6-.6 9.8-1.9l26.9-10.5c-3.8-1-7.4-2.6-10.7-4.9l-19.3 7.5c-4.6 1.8-9.7 1.7-14.3-.3-4.6-2-8.1-5.7-9.9-10.3-3.7-9.6 1-20.5 10.7-24.2L49 49.8c2.2-.9 4.5-1.3 6.7-1.3 2.6 0 5.1.5 7.6 1.6 4.6 2 8.1 5.7 9.9 10.3 1.6 4.1 1.7 8.5.3 12.7 1.1-.1 2.3-.4 3.3-.8l5.9-2.3c.5-4.1-.1-8.4-1.7-12.6zm-6.7 29.8c-3.7 0-7.4-.8-11-2.3-6.7-2.9-11.8-8.2-14.4-15-1.3-3.4-1.9-7-1.8-10.6l8.4.3c-.1 2.5.3 4.9 1.3 7.3 1.8 4.6 5.3 8.3 9.9 10.3 4.6 2 9.7 2.1 14.3.3l26.6-10.3c4.6-1.8 8.3-5.3 10.3-9.9 2-4.6 2.1-9.7.3-14.3-3.7-9.6-14.6-14.4-24.2-10.7l-20.7 8.1-3.1-7.9L91 24.4c13.9-5.4 29.7 1.5 35.1 15.5 2.6 6.7 2.4 14.1-.5 20.8-2.9 6.7-8.2 11.8-15 14.4L84.1 85.3c-3.2 1.2-6.5 1.9-9.8 1.9z"
fill="#fca9b8" />
<path id="prefix__icon:3" class="prefix__st3"
d="M117.1 30.7l1.5-13-17.1 8-2.3 10.5-11.8 5.6c-7.9-14.5-23.2-24.3-40.8-24.3C20.8 17.5 0 38.4 0 64s20.8 46.5 46.5 46.5S93 89.6 93 64c0-6.2-1.2-12.1-3.4-17.6l11.8-5.6 9.6 5 17.1-8-11-7.1zm-70.6 72.9C24.6 103.6 6.9 85.9 6.9 64s17.8-39.6 39.6-39.6c14.9 0 27.9 8.2 34.6 20.4l-5.3 2.5c-5.8-10.2-16.8-17-29.3-17-18.6 0-33.8 15.2-33.8 33.8s15.2 33.8 33.8 33.8S80.3 82.6 80.3 64c0-4.3-.8-8.3-2.3-12.1l5.3-2.5c1.8 4.5 2.8 9.5 2.8 14.6 0 21.9-17.8 39.6-39.6 39.6zM67.3 64c0 11.5-9.3 20.8-20.8 20.8S25.7 75.5 25.7 64 35 43.2 46.5 43.2c7.3 0 13.8 3.8 17.5 9.6l-10.5 5c-1.7-1.9-4.2-3.2-7-3.2-5.1 0-9.3 4.2-9.3 9.3s4.2 9.3 9.3 9.3 9.3-4.2 9.3-9.3c0-.5 0-1-.1-1.5l10.6-5c.6 2.1 1 4.3 1 6.6zM46.5 39.8c-13.4 0-24.2 10.9-24.2 24.2s10.9 24.2 24.2 24.2S70.7 77.4 70.7 64c0-2.8-.5-5.5-1.4-8.1l5.5-2.6c1.3 3.3 1.9 6.9 1.9 10.7 0 16.7-13.6 30.3-30.3 30.3S16.1 80.7 16.1 64s13.6-30.3 30.3-30.3c11.2 0 20.9 6.1 26.2 15.1l-5.5 2.6c-4.2-7-11.9-11.6-20.6-11.6z" />
<path id="prefix__icon:2" class="prefix__st3"
d="M47.3 34v28.1c0 2.8-2.3 5.1-5.1 5.1H21.7c-2.8 0-5.1-2.3-5.1-5.1V34c0-2.8 2.3-5.1 5.1-5.1h20.4c2.9 0 5.2 2.3 5.2 5.1zM0 48.1c0 8.5 5.7 15.3 12.8 15.3V32.8C5.7 32.8 0 39.6 0 48.1zM52.2 65l56.7 31.6v-92L52.2 30.5V65zm68.5-28.7c-.1 0-.3 0-.4.1V2.1h-7.7v97.1h7.7V67.9c.1.1.3.1.4.1 4 0 7.3-7.1 7.3-15.9 0-8.7-3.3-15.8-7.3-15.8zm-96 68.8c0 19 29.3 30.6 21.7 9.5s0-42.3 0-42.3H19.2s5.5 13.9 5.5 32.8z" />
<path id="prefix__icon:1" class="prefix__st3"
d="M115 75.7c18.5-18.5 17.2-49.3-3.7-66.1C94.9-3.5 71-3.1 55.1 10.4c-18.8 15.9-20.8 43.5-5.9 61.8L37.8 83.6l-3.3-3.3L2.7 112c-3.6 3.6-3.6 9.6 0 13.2 3.6 3.6 9.6 3.6 13.2 0l31.8-31.8-3.3-3.3 11.3-11.3c17.5 14.1 43.1 13.1 59.3-3.1zM58.9 19.6c13.7-13.7 35.9-13.7 49.5 0s13.7 35.9 0 49.5c-13.7 13.7-35.9 13.7-49.5 0s-13.7-35.9 0-49.5z" />
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

0
articles/f91w/images/f91w-strap.svg → _site/assets/images/sensor-watch/f91w-strap.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 294 B

After

Width:  |  Height:  |  Size: 294 B

0
articles/f91w/images/f91w.svg → _site/assets/images/sensor-watch/f91w.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.4 KiB

After

Width:  |  Height:  |  Size: 7.4 KiB

BIN
_site/cv.pdf Normal file
View File

Binary file not shown.

55
_site/cv/main.tex Normal file
View File

@ -0,0 +1,55 @@
\documentclass[letterpaper,11pt]{article}
% Choose bibliography style for formatting list of publications
\usepackage[style=ieee,url=false,doi=false,maxbibnames=99,sorting=ydnt,dashed=false]{biblatex}
\bibliography{papers}
% Choose theme, e.g. black, RedViolet, ForestGreen, MidnightBlue
\def\theme{BlueViolet}
% More predefined colors can be found in
% https://en.wikibooks.org/wiki/LaTeX/Colors
% Example photograph taken from Wikimedia Commons
% https://commons.wikimedia.org/wiki/File:Kiara_Krit_passport.jpg
\usepackage{simplecv}
\boldname{Bond-Preston}{Jack}{Mr.}
\begin{document}
\thispagestyle{empty}
% Heading
\headinginline{Jack Bond-Preston}{
Website: \website{jackbondpreston.me} \\
Email: \email{jackbondpreston@outlook.com} \\
LinkedIn: \linkedin{jack-bond-preston-922706150} \\
GitHub: \github{jackbondpreston}
}
% \headingphoto{Name Surname}{
% Website: \website{example.com} \\
% Email: \email{example@example.edu} \\
% LinkedIn: \linkedin{name-surname} \\
% GitHub: \github{example}
% }{photo.jpg}
% Page One
\import{sections/}{education.tex}
\import{sections/}{experience.tex}
%\import{sections/}{publications.tex}
%\pagebreak
% Page Two
%\import{sections/}{teaching.tex}
% \sidebyside
\import{sections/}{skills.tex}
% {\import{sections/}{languages.tex}}
%\import{sections/}{projects.tex}
%\import{sections/}{awards.tex}
%\import{sections/}{extracurricular.tex}
\end{document}

20
_site/cv/sections/awards.tex Normal file
View File

@ -0,0 +1,20 @@
\section{Scholarships and Awards}
\denseouterlist{
\entry{Some Scholarship \hfill 2018\textendash 2020}
\entry{Some Award \hfill 2018\fillyear{\textendash 2018}}
\entry{Some Award \hfill 2017\fillyear{\textendash 2017}}
\entry{Some Award \hfill 2016\fillyear{\textendash 2016}}
\entry{Some Scholarship \hfill 2013\textendash 2018}
\entry{Some Scholarship \hfill 2013\textendash 2018}
\entry{Some Award \hfill 2013\fillyear{\textendash 2013}}
}

14
_site/cv/sections/education.tex Normal file
View File

@ -0,0 +1,14 @@
\section{Education}
\outerlist{
\entrybig
{\textbf{University of Bristol}}{Bristol, UK}
{BSc in Computer Science (1st Class Hons)}{2017\textendash 2020}
\vspace{-0.75em}
\innerlist{
\entry{Awarded prize for best second-year group software development project.}
}
}

45
_site/cv/sections/experience.tex Normal file
View File

@ -0,0 +1,45 @@
\section{Experience}
\outerlist{
\entrybig
{\textbf{AMD, Inc. (formerly Xilinx)}}{Cambridge, UK}
{Software Engineer in Adaptive and Embedded Computing Group}{2022\textendash Current}
\innerlist{
\entry{Developing AMDs Onload userspace network stack.}
}
\entrybig
{\textbf{Arm Ltd.}}{Cambridge, UK}
{Graduate Software Engineer in Open Source Software Group}{2021\textendash2022}
\innerlist{
\entry{Porting low-level software to the Morello (CHERI) platform.}
\entryextra{Produced patches in C and AArch64 assembly as part of a project porting the open-source C standard library implementation musl to a new prototype platform.}
\entryextra{Ported larger components of the C library, including the memory allocator and POSIX threads. Considered security and hardening against memory safety bugs at every stage of design and implementation.}
\entryextra{Created a minimal test distribution of Linux for use on an Arm Fixed Virtual Platform, with the ability to run userspace applications in pure-capability mode. This provided the framework for adding FVP-based testing to the CI pipeline (alongside existing emulator-based testing) for further proof of functionality.}
\entryextra{Liased with multiple teams to ensure coordination between libc, kernel ABI, compilers and debuggers.}
\entryextra{Provided code review including feedback and improvements for patches developed by others for the musl project.}
}
\entrybig
{\textbf{University of Bristol}}{Bristol, UK}
{Teaching Assistant in Department of Computer Science}{2019\textendash 2020}
\innerlist{
\entry{Delivered and created content for several Computer Science courses, including content involving operating systems, concurrency, and a software engineering project.}
\entryextra{Provided guidance and troubleshooting assistance to students in both in-person and online lab sessions, including for a course in which students develop a basic Armv7-A multitasking kernel.}
\entryextra{Interviewed students in viva-style coursework assessments, and assisted with subsequent coursework marking.}
\entryextra{Assisted with the creation and improvement of lab sheets (including skeleton and solution code).}
}
% \entrybig
% {\textbf{Evolve East Anglia CIC}}{Norwich, UK}
% {Support Worker}{2020\textendash Current}
% \innerlist{
% \entry{Assisting vulnerable adults with transitioning to a permanent living situation after suffering mental difficulties.}
% \entryextra{Handled crises swiftly, independently and effectively.}
% \entryextra{Built upon existing communication skills and knowledge about wellbeing and mental health.}
% }
}

22
_site/cv/sections/extracurricular.tex Normal file
View File

@ -0,0 +1,22 @@
\section{Extracurricular Activities}
\denseouterlist{
\entrymid[\textbullet]
{Member at Some Club}{2017\textendash Current}
{Detailed explanation of what you do at this club}
\entrymid[\textbullet]
{Member at Some Club}{2016\textendash 2017}
{Detailed explanation of what you do at this club}
\entrymid[\textbullet]
{Volunteer at Some Event}{Fall 2019}
{Detailed explanation of what you do in this event}
\entrymid[\textbullet]
{Volunteer at Some Event}{Winter 2015}
{Detailed explanation of what you do in this event}
}

7
_site/cv/sections/languages.tex Normal file
View File

@ -0,0 +1,7 @@
\section{Languages}
\denseouterlist{
\entry{\textbf{English:} Native speaker}
\entry{\textbf{German:} CEFR A2/B1 (Elementary/Low Intermediate)}
}

28
_site/cv/sections/projects.tex Normal file
View File

@ -0,0 +1,28 @@
\section{Projects}
See full list of projects on \website{example.com/projects}
\vspace{1em}
\begin{minipage}[t]{0.505\textwidth}
\outerlist{
\entrybig[\textbullet]
{Project Title (Technology Used, 2019)}{}
{Short explanation of the project}{}
}
\end{minipage}
\begin{minipage}[t]{0.48\textwidth}
\outerlist{
\entrybig[\textbullet]
{Project Title (Technology Used, 2019)}{}
{Short explanation of the project}{}
}
\end{minipage}

9
_site/cv/sections/publications.tex Normal file
View File

@ -0,0 +1,9 @@
\nocite{*}
\printbibliography[title=Publications]
% Can instead manually enter publications as shown:
% \section{Publications}
% \orderedouterlist{
% \entry{S. Petridis, J. Shen, \textbf{D. Cetin} and M. Pantic, "Visual-Only Recognition of Normal, Whispered And Silent Speech", \textit{IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), April 2018}}
% }

11
_site/cv/sections/skills.tex Normal file
View File

@ -0,0 +1,11 @@
\section{Skills}
\denseouterlist{
\entry{\textbf{Low-Level Software \& Architecture:} C, C++ (inc. 11/17/20 standards), Armv7/8/9 (assembly \& architecture), RISC-V, CHERI, GNU Make, CMake.}
\entry{\textbf{Software Engineering:} Git, Gerrit, Linux, Bash \& Zsh, Python, Java, Haskell, Agile, Jira.}
\entry{\textbf{Web Development:} HTML5, Modern CSS, ECMAScript 2015+ \& Typescript, Vue.js, Spring Boot, SQL.}
\entry{\textbf{Teaching:} Giving lectures \& seminars, interviewing, marking coursework, giving knowledge sharing presentations.}
\entry{\textbf{Design:} 3D modelling, vector graphics, Photoshop.}
}

12
_site/cv/sections/teaching.tex Normal file
View File

@ -0,0 +1,12 @@
\section{Teaching}
\denseouterlist{
\entrymid[\textbullet]
{\textbf{Head Teaching Assistant} at University Name}{Spring 2019}{Course Name (COURSE CODE)}
\entrymid[\textbullet]
{\textbf{Teaching Assistant} at University Name}{Spring 2017}{Course Name (COURSE CODE)}
}

149
_site/cv/simplecv.sty Normal file
View File

@ -0,0 +1,149 @@
\ProvidesPackage{simplecv}
% Packages
\usepackage[cm]{fullpage} % Margins
\usepackage[hidelinks]{hyperref} % Hyperlinks
\usepackage{titlesec} % Title formatting
\usepackage{subfiles} % File importing
\usepackage{multicol} % Multiple columns
\usepackage[usenames,dvipsnames]{xcolor} % Coloring
\usepackage{enumitem} % List customization
\usepackage{lastpage} % Page numbering
\usepackage{fancyhdr} % Footers
\usepackage[russian,english]{babel} % Language styles
\usepackage{graphicx} % Importing graphics
\usepackage[export]{adjustbox} % Aligning margins
% % Chinese
% \usepackage{xeCJK}
% \setCJKmainfont{BabelStone Han}
% % Cyrillic/Russian
% \usepackage{hyphenat}
% \babelfont{rm}{Droid Sans}
% Styling
\pagestyle{fancy}
\fancyhf{}
\renewcommand{\headrulewidth}{0pt}
\renewcommand{\footrulewidth}{0pt}
\urlstyle{same}
\raggedbottom
\raggedright
\setlength{\tabcolsep}{0in}
% Quotes
\usepackage[autostyle,english=american]{csquotes}
\MakeOuterQuote{"}
% Hyperlinks
% \newcommand{\link}[2]{\href{#1}{\underline{\smash{#2}}}}
\newcommand{\link}[2]{\href{#1}{#2}}
% Define colors
\definecolor{color-text}{gray}{0.10} % light black
\definecolor{color-detail}{gray}{0.40} % dark gray
\colorlet{color-title}{\theme} % black
% Set text color
\makeatletter
\newcommand{\globalcolor}[1]{\color{#1}\global\let\default@color\current@color}
\makeatother
\AtBeginDocument{\globalcolor{color-text}}
% Shorthand
\newcommand{\github}[1]{\href{https://github.com/#1/}{github.com/#1}}
\newcommand{\email}[1]{\href{mailto:#1}{#1}}
\newcommand{\website}[1]{\href{https://#1/}{#1}}
\newcommand{\linkedin}[1]{\href{https://www.linkedin.com/in/#1/}{#1}}
% Dummy environment
\newenvironment*{dummyenv}{}{}
% Inline heading
\newcommand{\headinginline}[2]{
\begin{minipage}[t]{0.50\textwidth}
\vspace*{\fill}
\Huge \textcolor{color-title}{#1}
\end{minipage}
\begin{minipage}[t]{0.45\textwidth}
\begin{flushright}
#2
\end{flushright}
\end{minipage}
}
% Photo heading
\newcommand{\headingphoto}[3]{
\begin{minipage}[t]{0.60\textwidth}
\begin{dummyenv}
\vspace*{\fill}
\Huge \textcolor{color-title}{#1}
\end{dummyenv}
\vspace{5mm}\\
#2
\end{minipage}
\begin{minipage}[t]{0.35\textwidth}
\begin{flushright}
\includegraphics[width=.5\linewidth,valign=t]{#3}
\end{flushright}
\end{minipage}
}
% Two-columns
\newcommand{\sidebyside}[2]{
\begin{multicols}{2}
#1 \columnbreak
#2 \end{multicols}
}
% Section titles
\titleformat{\section}{
\scshape\raggedright\Large\color{color-title}}{}{0em}{}[\color{color-title}\titlerule
\vspace{-\smallskipamount}]
% Footer
\fancyfoot[R]{Page \thepage \hspace{1pt} of \pageref{LastPage}}
% Lists
\newcommand{\outerlist}[1]{
\begin{itemize}[leftmargin=*] #1 \end{itemize}}
\newcommand{\denseouterlist}[1]{
\begin{itemize}[leftmargin=*,itemsep=0pt] #1 \end{itemize}}
\newcommand{\innerlist}[1]{
\begin{itemize}[topsep=0pt] #1 \end{itemize}}
\newcommand{\orderedouterlist}[1]{
\begin{enumerate}[leftmargin=*] #1 \end{enumerate}}
% List items
\newcommand{\entry}[1]{\item\small{#1}}
\newcommand{\entryextra}[1]{\textcolor{color-detail}{\entry{#1}}}
\newcommand{\entrylabeled}[2][]{\item[#1]\small{#2}}
\newcommand{\entrymid}[4][]{
\item[#1] \small{#2} \hfill \small{#3}
\vspace{-\smallskipamount} \item[]\small{\textit{#4}}}
\newcommand{\entrybig}[5][]{\item[#1]
\begin{tabular*}{0.97\textwidth}{l@{\extracolsep{\fill}}r}
#2 & #3 \\ {\small#4} & {\small #5} \\ \end{tabular*}}
% Fill year
\newcommand{\fillyear}[1]{\phantom{#1}}
% Make author name bold: https://tex.stackexchange.com/a/327046
\newcommand*{\boldname}[3]{%
\def\lastname{#1}%
\def\firstname{#2}%
\def\firstinit{#3}}
\boldname{}{}{}
\renewcommand{\mkbibnamegiven}[1]{%
\ifboolexpr{ ( test {\ifdefequal{\firstname}{\namepartgiven}} or test {\ifdefequal{\firstinit}{\namepartgiven}} ) and test {\ifdefequal{\lastname}{\namepartfamily}} }
{\mkbibbold{#1}}{#1}%
}
\renewcommand{\mkbibnamefamily}[1]{%
\ifboolexpr{ ( test {\ifdefequal{\firstname}{\namepartgiven}} or test {\ifdefequal{\firstinit}{\namepartgiven}} ) and test {\ifdefequal{\lastname}{\namepartfamily}} }
{\mkbibbold{#1}}{#1}%
}

BIN
_site/generated/assets/images/sensor-watch/pcb-1000-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
_site/generated/assets/images/sensor-watch/pcb-400-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
_site/generated/assets/images/sensor-watch/pcb-600-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
_site/generated/assets/images/sensor-watch/pcb-800-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
_site/generated/sensor-watch/c7c8-1000-418506084.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
_site/generated/sensor-watch/c7c8-1000-4c01589bc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
_site/generated/sensor-watch/c7c8-400-418506084.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
_site/generated/sensor-watch/c7c8-400-4c01589bc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

BIN
_site/generated/sensor-watch/c7c8-600-418506084.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
_site/generated/sensor-watch/c7c8-600-4c01589bc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
_site/generated/sensor-watch/c7c8-800-418506084.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
_site/generated/sensor-watch/c7c8-800-4c01589bc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
_site/generated/sensor-watch/pcb-1000-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
_site/generated/sensor-watch/pcb-1000-c27ab3576.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
_site/generated/sensor-watch/pcb-400-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
_site/generated/sensor-watch/pcb-400-c27ab3576.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
_site/generated/sensor-watch/pcb-600-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
_site/generated/sensor-watch/pcb-600-c27ab3576.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
_site/generated/sensor-watch/pcb-800-c21b83783.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
_site/generated/sensor-watch/pcb-800-c27ab3576.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
_site/generated/sensor-watch/watch1-1000-370dbdf66.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
_site/generated/sensor-watch/watch1-1000-d4fc580e6.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
_site/generated/sensor-watch/watch1-400-370dbdf66.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.2 KiB

BIN
_site/generated/sensor-watch/watch1-400-d4fc580e6.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

BIN
_site/generated/sensor-watch/watch1-600-370dbdf66.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
_site/generated/sensor-watch/watch1-600-d4fc580e6.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
_site/generated/sensor-watch/watch1-800-370dbdf66.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
_site/generated/sensor-watch/watch1-800-d4fc580e6.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.8 KiB

BIN
_site/generated/sensor-watch/watch2-1000-66db436da.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
_site/generated/sensor-watch/watch2-1000-7609c3dcc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
_site/generated/sensor-watch/watch2-400-66db436da.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.8 KiB

BIN
_site/generated/sensor-watch/watch2-400-7609c3dcc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
_site/generated/sensor-watch/watch2-600-66db436da.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
_site/generated/sensor-watch/watch2-600-7609c3dcc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

BIN
_site/generated/sensor-watch/watch2-800-66db436da.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
_site/generated/sensor-watch/watch2-800-7609c3dcc.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.9 KiB

BIN
_site/generated/sensor-watch/wrist-1000-551704392.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
_site/generated/sensor-watch/wrist-1000-abd25cd51.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
_site/generated/sensor-watch/wrist-400-551704392.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
_site/generated/sensor-watch/wrist-400-abd25cd51.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
_site/generated/sensor-watch/wrist-600-551704392.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
_site/generated/sensor-watch/wrist-600-abd25cd51.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
_site/generated/sensor-watch/wrist-800-551704392.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
_site/generated/sensor-watch/wrist-800-abd25cd51.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.4 KiB

52
_site/index.html Normal file
View File

@ -0,0 +1,52 @@
<!DOCTYPE html>
<!--
  l、
゙(゚、 。
 l、゙ ~ヽ
 じしf_, )
-->
<html lang=" en-US">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>jack bond-preston - jack bond-preston</title>
<link rel="stylesheet" href="/assets/css/main.css">
<link rel="stylesheet" href="/assets/css/pygments.css">
</head>
<body>
<h1 id="jack-bond-preston">jack bond-preston</h1>
<h2 id="contact">contact<a href="#contact" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>you can contact me via <a href="mailto:jackbondpreston@outlook.com">email</a> or on <a href="https://www.linkedin.com/in/jack-bond-preston-922706150/">linkedin</a></p>
<p>my cv is available for viewing <a href="cv.pdf">here</a>.</p>
<h2 id="open-source">open source<a href="#open-source" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<p>i have personal accounts on <a href="https://github.com/jackbondpreston">github</a> and <a href="https://gitlab.com/jackbondpreston">gitlab</a></p>
<p>some of my work at arm on <a href="https://www.arm.com/architecture/cpu/morello">morello</a> is available on the
d <a href="https://git.morello-project.org/morello/musl-libc/-/commits/morello/master?author=Jack%20Bond-Preston">morello musl gitlab</a></p>
<p>my <a href="https://www.xilinx.com/products/boards-and-kits/x2-series/onload.html">onload</a> commits at amd can be found on <a href="https://github.com/Xilinx-CNS/onload/commits?author=jbondpre-amd">the github repo</a></p>
<h2 id="articles">articles<a href="#articles" class="header-link">[<img src="/assets/images/link.svg" />]</a></h2>
<li>
[19/11/2022] <a href="/2022/11/19/cheri.html">CHERI</a>
</li>
<li>
[14/11/2022] <a href="/2022/11/14/sensor-watch.html">sensor watch</a>
</li>
</body>
</html>

0
articles/f91w/images/c7c8.jpg → _site/pictures/sensor-watch/c7c8.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 203 KiB

After

Width:  |  Height:  |  Size: 203 KiB

0
articles/f91w/images/pcb.jpg → _site/pictures/sensor-watch/pcb.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 228 KiB

After

Width:  |  Height:  |  Size: 228 KiB

BIN
_site/pictures/sensor-watch/watch1.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 MiB

Some files were not shown because too many files have changed in this diff Show More