Replace printf with private RawSerial

printf uses a globally modifiable `stdio_uart` object that can be used
for arbitrary code execution in secure boxes. Replace the use of printf
with a private RawSerial object.

Fixes #2

Author: Patater

source/client_a.cpp

@@ -22,6 +22,7 @@
 
 struct box_context {
     uint32_t number;
+    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -55,7 +56,7 @@ static void box_async_runner(const void *)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            printf("%c: %s '0x%08x'\n", (char) uvisor_box_id_self() + '0', (ret == 0) ? "Wrote" : "Failed to write", (unsigned int) number);
+            uvisor_ctx->pc->printf("%c: %s '0x%08x'\n", (char) uvisor_box_id_self() + '0', (ret == 0) ? "Wrote" : "Failed to write", (unsigned int) number);
             /* FIXME: Add better error handling. */
             if (!status) {
                 break;
@@ -71,14 +72,21 @@ static void box_sync_runner(const void *)
     while (1) {
         /* Synchronous access to the number. */
         const uint32_t number = secure_number_get_number();
-        printf("%c: Read '0x%08x'\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
+        uvisor_ctx->pc->printf("%c: Read '0x%08x'\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
 
         Thread::wait(7000);
     }
 }
 
 static void client_a_main(const void *)
 {
+    /* Allocate serial port to ensure that code in this secure box won't touch
+     * the handle in the default security context when printing. */
+    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
+    if (!uvisor_ctx->pc) {
+        return;
+    }
+
     srand(uvisor_box_id_self());
     new Thread(box_sync_runner, NULL);
     new Thread(box_async_runner, NULL);

source/client_b.cpp

@@ -22,6 +22,7 @@
 
 struct box_context {
     uint32_t number;
+    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -44,6 +45,13 @@ static uint32_t get_a_number()
 
 static void client_b_main(const void *)
 {
+    /* Allocate serial port to ensure that code in this secure box won't touch
+     * the handle in the default security context when printing. */
+    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
+    if (!uvisor_ctx->pc) {
+        return;
+    }
+
     /* The entire box code runs in its main thread. */
     while (1) {
         uvisor_rpc_result_t result;
@@ -57,15 +65,15 @@ static void client_b_main(const void *)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            printf("%c: %s '0x%08x'\n", (char) uvisor_box_id_self() + '0', (ret == 0) ? "Wrote" : "Failed to write", (unsigned int) number);
+            uvisor_ctx->pc->printf("%c: %s '0x%08x'\n", (char) uvisor_box_id_self() + '0', (ret == 0) ? "Wrote" : "Failed to write", (unsigned int) number);
             if (!status) {
                 break;
             }
         }
 
         /* Synchronous access to the number. */
         number = secure_number_get_number();
-        printf("%c: Read '0x%08x'\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
+        uvisor_ctx->pc->printf("%c: Read '0x%08x'\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
 
         Thread::wait(3000);
     }

source/secure_number.cpp

@@ -24,6 +24,7 @@ struct box_context {
     int trusted_id;
     int previous_box_caller;
     int caller_id;
+    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -81,7 +82,7 @@ static int set_number(uint32_t number)
         static const char * trusted_namespace = "client_a";
         if (memcmp(name, trusted_namespace, sizeof(*trusted_namespace)) == 0) {
             uvisor_ctx->trusted_id = id;
-            printf("Trusted client a has box id %u\n", id);
+            uvisor_ctx->pc->printf("Trusted client a has box id %u\n", id);
         } else {
             return 1;
         }
@@ -102,6 +103,13 @@ static int set_number(uint32_t number)
 
 static void number_store_main(const void *)
 {
+    /* Allocate serial port to ensure that code in this secure box won't touch
+     * the handle in the default security context when printing. */
+    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
+    if (!uvisor_ctx->pc) {
+        return;
+    }
+
     /* Today we only allow client a to write to the number. */
     uvisor_ctx->trusted_id = -1;
 
@@ -118,7 +126,7 @@ static void number_store_main(const void *)
         status = rpc_fncall_waitfor(my_fn_array, 2, &uvisor_ctx->caller_id, UVISOR_WAIT_FOREVER);
 
         if (status) {
-            printf("Failure is not an option.\r\n");
+            uvisor_ctx->pc->printf("Failure is not an option.\r\n");
             uvisor_error(USER_NOT_ALLOWED);
         }
     }