I can run the SABRE tablet Genode demo: https://github.com/skalk/genode/blob/i.MX53_tablet_demo/os/src/server/vmm/imx53/README. The demo is on SD card, and the android is on e-mmc. According to https://sourceforge.net/p/genode/mailman/message/33919618/, I changed the e-mmc android to imx-android-r10.4_bundle_BSP.tar.gz, so that it matches the android kernel in the genode demo.  

I can use the front camera of the SABRE tablet to take pictures, when android is started directly from emmc (sw26 and sw28 reconfigured). But when I boot the genode demo and then start android from within it, pressing the camera icon says “Cannot connect to camera”.

Question 1: I understand that the genode demo needed the display, touchscreen and capacitive sensors kernel code to be moved to secure world. Did that screw up the camera functionality of the android in the normal world? Maybe the camera needs the display for preview, which it cannot get? Did your secure-world implementation of the display/touchscreen/capacitive sensor drivers come with some APIs, that the normal world should call to access forbidden resources? Are those APIs part of the normal world kernel and uses the smc() functionality to request forbidden resources? Does that mean that the camera is failing, as it is not calling the proper API to request the display?

Question 2: My goal is to move the camera device driver to the secure world. At http://genode.org/documentation/articles/trustzone, under the section “Additional Device Driver”, you say that “The task of CREATING the drivers…”. I understand that the android in e-mmc already supported the display, touchscreen and capacitive sensors. So couldn’t you look at the android source and see where these drivers are, instead of creating these drivers using the documentation? Since I need to repeat the process of moving the camera device drivers from the normal to the secure world, some more details of how you approached the problem for touchscreen/display/capacitive sensor will be super useful. For example, looking at the source code of imx-android-r10.4_bundle_BSP.tar.gz, I can see 

$ls ~/myandroid/hardware/mx5x/libcamera/
Android.mk     Camera_pmem.cpp  CaptureDeviceInterface.cpp  JpegEncoderInterface.h   PostProcessDeviceInterface.cpp  PP_ipulib.h            V4l2CsiDevice.cpp
CameraHal.cpp  Camera_pmem.h    CaptureDeviceInterface.h    JpegEncoderSoftware.cpp  PostProcessDeviceInterface.h    V4l2CapDeviceBase.cpp  V4l2CsiDevice.h
CameraHal.h    Camera_utils.h   JpegEncoderInterface.cpp    JpegEncoderSoftware.h    PP_ipulib.cpp                   V4l2CapDeviceBase.h    V4l2UVCDevice.h

Do some of those needed to be moved to the secure world kernel, or do we need to write a camera device driver from scratch? 

Thanks!
Riju