Hi David,
On 29.06.2015 09:20, Stefan Kalkowski wrote:
So, my approach would be using software interrupts which sould be routed to the normal world. I played around with the svc (supervisor call) instruction, but I don't know how to route this to the secure world.
Indeed, this seems to be the most promising approach triggering a software interrupt on the secure side, and handle it in the normal world. Everything that needs to be done is marking a designated SPI (ARM terminology for software-triggered IRQ) as a non-secure interrupt, and delegate that interrupt to your kernel module within the guest OS. Moreover, you will need to extend the VM session interface with the ability to trigger that designated "TrustZone interrupt", as the user-level VMM is not able to access the interrupt controller directly, which has to be done by the kernel itself.
On my working branches [1] I've implemented IRQ injection to provide a pseudo block device in a non-secure linux guest. Maybe this code gives you some good hints. Especially the linux commits [2] and the Genode commits [3] should be interesting. Please be aware that this code is still in progress and should not be considered as final solution.
Don't hesitate to ask if you have further questions ;)
Cheers, Martin
[1] https://github.com/m-stein/genode/tree/1497_usb_armory_demo https://github.com/m-stein/linux/tree/1497_usb_armory_demo
[2] 0fa1c63 .handle multiple replies and end interrupt 9ca75d0 .injected IRQ reaches the stub-block handler in linux
[3] 08a3b09 .prototype of inject_vm_irq kernel call 2927f04 .Vm_session::inject_irq(unsigned irq) 42865c4 .injected IRQ reaches the stub-block handler in linux