Hello Franc
On 01/19/2015 08:21 PM, Franc sylvester wrote:
Hello Christian,
Thanks a lot for your reply. Essentially I want to demonstrate following TrustZone scenario over the imx53 QSB board.
Now, I want to switch the control from Normal world OS (Genode) back to the Secure world OS (Genode) by triggering(running a particular script in Normal world). So what could be the right approach to achieve this objective ?
To switch to the secure world you can trigger a 'smc' assembler instruction, which will end up as a hypercall in the VMM. The 'smc' instruction needs to be executed in privileged mode (pl1 or higher). Therefore, if you want to trigger it via a script from userland, you need to create some kernel module first that executes the 'smc' instruction.
Regards Stefan
From the above discussion as much i understood, It requires to add a kernel module which will execute smc instruction and next it should be triggered via a script from userland.
Originally when giving above explanation, I implicitly assumed you want to run a Linux guest in the normal world. That's why I've talked about a "kernel module". If you really want to run Genode in the normal world as well as within the secure world, although I can't see a good reason for this, it is best to offer a new service for doing hypercalls within the core process. The core process itself can use a core-privileged syscall to the kernel, which triggers the actual world switch via a 'smc' instruction. The advantage of offering an explicit service for doing hypercalls is that you can use the normal policy mechanisms of Genode to restrict hypercall usage by userland components.
Just out of curiosity, can you explain why you want to run Genode beside Genode in both TrustZone worlds?
Best Regards Stefan
Regards, Franc
On Mon, Jan 19, 2015 at 4:18 PM, Christian Helmuth <christian.helmuth@...1... mailto:christian.helmuth@...1...> wrote:
Hello Franc, On Mon, Jan 19, 2015 at 03:34:06PM +0530, Franc sylvester wrote: > I am stuck at one point because of lack of understanding in Genode, > Actually I want to execute some assembly instruction in privileged mode in > base-hw kernel from a user script. > > So I need to know, How will I add a kernel module which will execute > assembly instruction and how can I call this module from the user space. > > And if there is already any such modules exist in Genode that will really > help me to understand the flow mechanism, Let me know. The answer to your question heavily depends on the task you address. >From my point of view, it's better to stay away from any "general" solution to load code into the kernel resp. execute arbitrary instructions in kernel mode. At last, base-hw is a microkernel and should stay that way. To give an example, we extended base-hw for USB SOF interrupt filtering for the Raspberry Pi last autumn to highly reduce the impact on the system load. Therefore, we implemented a special case in the interrupt handling code https://github.com/genodelabs/genode/commit/58a1e42201d2ad26eb1eee398fbf792683925bd8 The feature does not affect the kernel integrity as it just moves one single aspect of the driver into the kernel: Filter high-frequency interrupts that do not have to be handled in user mode. The kernel interrupt handler drops all incoming interrupts of the DWC device while the incoming frame number is smaller than the frame number scheduled by the user-level device driver. Could you provide us with more information about what you like to achieve? Is it really necessary to add a new system call? Would it be feasible to introduce an abstraction that solves the issue? Regards -- Christian Helmuth Genode Labs http://www.genode-labs.com/ · http://genode.org/ https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/ Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net <mailto:genode-main@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/genode-main
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main