Hello,
First, thank you very much Chirag and Stefan for your answers.
I tried to debug my simple kernel on the i.MX6 through the DS5 JTAG debugger. Prior to running the kernel using the debugger, the imx6 board is configured to run u-boot from an SD card and after the initialization u-boot holds and waits to execute the kernel code.
As we can see in the debug messages below, I was able to do a step by step walk through the source code from the assembler to the C code. It seems that it is working...
Also I tested this kernel on the Qemu Realview Baseboard Platform explorer for cortex-a9 and it worked.
I also created a repository in which I added the sources of the simple kernel. https://github.com/macdi/simple-arm-kernel
*>a complete run-script that shows above results.*
In my test case I used the command $>make run/vmm to run the bare-hw and vmm. I attached the generated file boot_modules.s. Is this the run script you request or another one? Could you please tell where to look for it?
*>When looking at your disassemly I'm wondering why your kernel is linked>to 0x70000000 whereby it is loaded to 0x20000100?*
Could you please tell me how did you figure out that it is linked to the address 0x70000000?
*>And is it really loaded to 0x20000100 where the IP points to?*
Is it possible to tell me how to verify that it is loaded to the address 0x20000100?
Thanks very much in advance.
Best regards,
Mahdi
Loaded section .text: S:0x20000100 ~ S:0x2000026F (size 0x170) Loaded section .rodata: S:0x20000270 ~ S:0x2000028F (size 0x20) Entry point S:0x20000100 cd "/home/aichouch/DS-5-Workspace-examples" Working directory "/home/aichouch/DS-5-Workspace-examples" directory "/home/aichouch/dev/bare_metal_arm" Source directories searched: /home/aichouch/dev/bare_metal_arm:$cdir:$cwd:$idir set debug-from main start Starting target with image /home/aichouch/dev/bare_metal/simple-arm-kernel/kernel.elf Running from entry point WARNING(CMD399-COR168): ! Failed to start the target ! No function named "main" could be found WARNING(CMD407): Trying the entry point instead wait Execution stopped at: S:0x20000100 In kernel.elf (no debug info) S:0x20000100 LDR sp,[pc,#4] ; [0x2000010C] = 0x20001290 wait next Execution stopped at: S:0x20000104 S:0x20000104 BL _init ; 0x20000258 wait step Execution stopped at: S:0x20000258 In kernel.c S:0x20000258 16,0 { wait next Execution stopped at: S:0x20000260 S:0x20000260 17,0 print_uart0("bare metal: Hello world!\n"); wait next Execution stopped at: S:0x2000026C S:0x2000026C 19,0 while(1); wait next Execution stopped at: S:0x2000026C S:0x2000026C 19,0 while(1); wait next Execution stopped at: S:0x2000026C S:0x2000026C 19,0 while(1); wait continue interrupt Execution stopped at: S:0x2000026C S:0x2000026C 19,0 while(1); wait continue interrupt Execution stopped at: S:0x2000026C S:0x2000026C 19,0 while(1);
On Wed, Jan 7, 2015 at 10:35 AM, Stefan Kalkowski < stefan.kalkowski@...1...> wrote:
Hi,
On 01/06/2015 02:24 PM, Mahdi Aichouch wrote:
Hello,
I am trying to port the bare-hw trustzone to the Freescale i.MX 6 quad-core Sabre SD board.
I started from the source code given in this repository: https://github.com/decaprox/genode
I adapted the TSC-380 driver from the versatile express version as a TZASC to the i.MX-6 board.
At this moment, I just configure the existing TSC-380 with the right base address, but I did not yet configured it to secure any memory
region.
Also, I did not yet used the CSU that was implemented for the i.MX53 to secure any device.
I partitioned the the memory space into two parts:
0x1000 0000 - 0x2000 0000 : as a secure memory space 0x2000 0000 - 0x4000 0000 : as a non secure memory space
I implemented a small kernel in order to test the implementation.
I like your approach to start with a minimal kernel so that you really know what shall be going on. However, did you tested your small kernel without Genode by directly loading it via u-boot?
My simple kernel is just an assembly code that call C function, that prints a message on the serial port.
I get an error after running the run/vmm test case. Here are the debug messages that I get
void Kernel::trustzone_initialization(Kernel::Pic*): --- IMX6 trustzone INIT --- Core memory allocator
Allocator 102d46c0 dump: Block: [10000000,1000001c) size=0000001c avail=00000000
max_avail=00000000
Block: [1000001c,10000038) size=0000001c avail=00000000
max_avail=00000000
Block: [10000038,10000054) size=0000001c avail=00000000
max_avail=1fd28000
Block: [10000054,10000070) size=0000001c avail=00000000
max_avail=00000000
Block: [10000070,1000008c) size=0000001c avail=00000000
max_avail=00000000
Block: [1000008c,10001000) size=00000f74 avail=00000f74
max_avail=1fd28000
Block: [102d8000,30000000) size=1fd28000 avail=1fd28000
max_avail=1fd28000
=> mem_size=533893120 (509 MB) / mem_avail=533892980 (509 MB)
IO memory allocator
Allocator 102d4b1c dump: Block: [00000000,02020000) size=02020000 avail=02020000
max_avail=02020000
Block: [02024000,020d0000) size=000ac000 avail=000ac000
max_avail=0df2c000
Block: [020d4000,10000000) size=0df2c000 avail=0df2c000
max_avail=0df2c000
Block: [100ec000,100f0000) size=00004000 avail=00004000
max_avail=20000000
Block: [20000000,40000000) size=20000000 avail=20000000
max_avail=20000000
=> mem_size=805289984 (767 MB) / mem_avail=805289984 (767 MB)
IRQ allocator
Allocator 102d53d4 dump: Block: [00000000,0000003a) size=0000003a avail=0000003a
max_avail=0000003a
Block: [0000003b,00000058) size=0000001d avail=0000001d
max_avail=000003a7
Block: [00000059,00000400) size=000003a7 avail=000003a7
max_avail=000003a7
=> mem_size=1022 (0 MB) / mem_avail=1022 (0 MB)
ROM filesystem
Rom_fs 102d5814 dump: Rom: [100a5000,100a5358) linux Rom: [1004f000,1007fedc) init Rom: [100a7000,100a71ef) config Rom: [100a6000,100a601f) initrd.gz Rom: [10080000,100a409c) vmm
int main(): --- create local services --- int main(): --- start init --- int main(): transferred 508 MB to init int main(): --- init created, waiting for exit condition --- [init] Could not open file "ld.lib.so http://ld.lib.so" [init] parent provides [init] service "ROM" [init] service "RAM" [init] service "IRQ" [init] service "IO_MEM" [init] service "CAP" [init] service "PD" [init] service "RM" [init] service "CPU" [init] service "LOG" [init] service "SIGNAL" [init] service "VM" [init] child "vmm" [init] RAM quota: 3932160 [init] ELF binary: vmm [init] priority: 0 [init -> vmm] Start virtual machine [init -> vmm] Curious exception occurred [init -> vmm] Cpu state: [init -> vmm] r0 = 00000000 [init -> vmm] r1 = 000008e0 [init -> vmm] r2 = 20000100 [init -> vmm] r3 = 00000000 [init -> vmm] r4 = 00000000 [init -> vmm] r5 = 00000000 [init -> vmm] r6 = 00000000 [init -> vmm] r7 = 00000000 [init -> vmm] r8 = 00000000 [init -> vmm] r9 = 00000000 [init -> vmm] r10 = 00000000 [init -> vmm] r11 = 00000000 [init -> vmm] r12 = 00000000 [init -> vmm] sp = 00000000 [init -> vmm] lr = 00000000 [init -> vmm] ip = 20000100 [init -> vmm] cpsr = 00000093 [init -> vmm] sp_und = 00000000 [init -> vmm] lr_und = 00000000 [init -> vmm] spsr_und = 00000000 [init -> vmm] sp_svc = 00000000 [init -> vmm] lr_svc = 00000000 [init -> vmm] spsr_svc = 00000000 [init -> vmm] sp_abt = 00000000 [init -> vmm] lr_abt = 00000000 [init -> vmm] spsr_abt = 00000000 [init -> vmm] sp_irq = 00000000 [init -> vmm] lr_irq = 00000000 [init -> vmm] spsr_irq = 00000000 [init -> vmm] sp_fiq = 00000000 [init -> vmm] lr_fiq = 00000000 [init -> vmm] spsr_fiq = 00000000 [init -> vmm] exception = reset virtual void
Genode::Signal_session_component::free_context(Genode::Signal_context_capability):
Not implemented
Note: The file linux and initrd.gz showed here are not real. I named my simple kernel as linux, and the initrd.gz file is an empty file.
The VMM version I am using loads an elf binary kernel.
I attached the assembly file of my simple kernel. From the dump of the CPU state, we can see that the IP register shows the first instruction of the kernel, which apparently generates an exception.
Could someone tell me how to track down the source of the error and help me to debug it.
When looking at your disassemly I'm wondering why your kernel is linked to 0x70000000 whereby it is loaded to 0x20000100? And is it really loaded to 0x20000100 where the IP points to? To be able to reproduce your results and possibly help you, it would be fine if you provide a branch, which contains your simple kernel and a complete run-script that shows above results.
BTW. I don't think the CSU is a problem at this stage. It comes into play when firstly touching a peripheral (e.g.: the UART). Whereby I don't know how it behaves in reset state on i.MX6, whether it grants or denies access for the non-secure world by default.
Regards Stefan
Thanks very much in advance.
Kind regards, Mahdi
Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is
your
hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take
a
look and join the conversation now. http://goparallel.sourceforge.net
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
-- Stefan Kalkowski Genode Labs
http://www.genode-labs.com/ · http://genode.org/
Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main