Hello Tiago,
On 05/25/2016 04:56 PM, Tiago Brito wrote:
Hi, I have an i.MX53 QSB development board and I want to experiment with ARM TrustZone.
I'm a beginner with regards to genode and kernel development in general.
I was able to run tz_vmm on the QSB and interact with the linux which runs in normal world. What I want to do next is a fairly simple system where inside linux I can call an SMC and switch to the secure world, then whilst in secure world print something (like "Hello From Secure World" and also print some argument from the normal world) and then go back to linux.
I have read some of the messages in the mailing list and I noticed some of you (other mailing list subscribers) already achieved similar communication protocols but because I'm new to genode I don't know where to start.
Well, the very first pointer to gain more understanding of this concrete scenario ist to read the detailed documentation of it:
http://genode.org/documentation/articles/trustzone
Most of your questions, e.g., how to build the Linux kernel?, or is it a modified Linux kernel? are already answered there.
I know I probably have to create a kernel module for the linux running in normal world so I can call SMC from a userspace application, but I don't know how to do that since I don't see where the linux is being compiled for genode [1]. Do I have to compile another linux? How do I incorporate this new linux version to work with genode?
Actually the Linux kernel version you are using when executing the tz_vmm run-script already issues SMC calls that switch to the secure world, where the VMM handles those calls and afterwards returns to the normal world.
Besides this I also don't know where to start modifying tz_vmm in order to achieve my goals. I know where tz_vmm's code is but I don't know where to start changing it. I have also seen some mailing list questions regarding the world switch from secure world to normal world. It seems that from normal to secure you should call an SMC, but from secure to normal the monitor mode implementation cannot handle entries from the secure world and thus no SMC can be called directly [2].
The typical activity flow is:
* Linux kernel issues an SMC call, e.g., to tell the VMM where its framebuffer is located in physical memory [1] * the HW kernel of Genode receives an exception, pauses the Linux VM, and delivers a signal to the related VMM [2] * the VMM receives the signal that the VM got paused due to an SMC call [3] * the VMM informs the HW kernel that the VM should be executed again after handling the call [4] * next time the scheduler of the HW kernel chooses the VM, it issues a world-switch to it [5]
Regards Stefan
[1] https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636... [2] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec... [3] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [4] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [5] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec...
Can you give my some feedback on how to achieve these things on the i.MX53 QSB?
Thanks in advance, Tiago
[1] - https://sourceforge.net/p/genode/mailman/message/33244107/ [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main