<p><span class="h-card" translate="no"><a href="https://donotsta.re/users/mwk" class="u-url mention">@<span>mwk</span></a></span> <span class="h-card" translate="no"><a href="https://oldbytes.space/@millihertz" class="u-url mention">@<span>millihertz</span></a></span> <span class="h-card" translate="no"><a href="https://tech.lgbt/@becomethewaifu" class="u-url mention">@<span>becomethewaifu</span></a></span> the basic idea is, you run a tiny trusted loader stub that creates a page table with maps for a subset of the RAM and one axi interface to PL, sets the interrupt vector table to an unmapped address, disables interrupts, and drops to userspace.</p><p>Now you're stuck running your application in a "padded cell" with no access to the outside world except a single mailbox channel via that axi interface to the PL (most notably, no access to other hard peripherals or the DRP).</p><p>And it's locked in userspace with no way to ever get back into kernel mode (since there's no interrupts and even if you did manage to trigger one you'd just hard fault with a bad vector table)</p><p>So great, you have an isolated application security domain, but how do you do threading?</p>
