Trusted Device Driver

> We will be porting an existing Solaris 10 (serial)

> device driver to Trusted Solaris in the next few

> months. Can you point us to documentation that

> specifies what criteria is used for saying a driver

> is trusted ?For instance, are there changes to the

> DDI/DDK required to support trusted drivers, and if

> so, where is that documentation ?Please note we

> are assuming the port is not a simple plug and play

> i.e., we assume some changes are required.

The most important thing is to be VERY STRICT about

following DDI/DKI. Deviations which Solaris forgives can

cause problems in the TS OE. Especially, never build

your own OS-standard structures, use DDI/DKI to obtain them.

TX might be a little less vulnerable to such issues

since it sits on top of the Solaris OE instead of replacing it.

Are you talking TS8 or TX?

It would be ideal if you could avoid straight-up UID 0

checks and look for privs instead, but I don't know if this

is documented or not. Other software components, like

daemons, config utilities, and libraries, should be developed

according to the guidelines in the Answer Book online.

Did you look at docs.sun.com ==> Solaris (The Trusted

Solaris 8 OE is under All Solaris Versions, and I think the

most-recent TX docs would be either under Open Solaris or

future docs for the S10U3 OE.

Also, if you're talking about Trusted Extensions for Solaris,

make sure you really debug well with zones, and look up

"least privilege" wherever you can -- both of these are available

with or without the Trusted Extensions add-on packages.

Message was edited by:

Impa

Impa at 2007-7-7 1:56:08 >