Hi, We have built a trap and emulation secure world application based on the genode tz_vmm demo, to run on the IMX53 QSB and Sabre Tablet. This allows us to handle applications like reliably turning on/off some peripherals. E.g. for Bluetooth radio, we make GPIO 3/4 secure in CSU. When Android tries to turn on Bluetooth, we get an external data abort in secure world for which we do nothing and give back control. Android gives up after a few retries. For other peripherals that use GPIO 3/4 and therefore share the CSU setting, we also get the external abort, but we emulate the instruction in secure world before giving back control to linux.
The current secure world has 27539 LOC. The baseline can be https://athena.smu.edu.sg/mobisys/backend/mobisys/assets/paper_list/pdf_vers..., which also turned on/off peripherals, rewriting normal world device drivers from secure world. It has only about 4K LoC in TCB (section 6 para 2 and 3).
Looking at the .d files in hw_imx53 with sloc, we get the following break-down. The bulk of the code is coming from genode OS framework. The question I have is: does the tz_vmm demo minimally use genode components? If yes, then maybe this is the best TCB size we can expect? If not, then what are some parts that can be cut down?
Thanks! Riju
Secure world user space component tz_vmm (~3.5K LoC) (1) loads and monitors the normal world linux in original genode demo, we added our instruction emulation code here - 1353 LoC (2) ARM instruction decoding library DARM - 2070 LoC
Hardware related files (~2.5K LoC) (1) for ARM, ARM_V7, ARM CORTEX_A8, IMX, IMX53, TRUSTZONE, CSU - 2316 LoC
Genode OS: (~19K LoC) http://genode.org/documentation/general-overview/index https://genode.org/documentation/api/base_index (1) C/C++ standard library functions, data structures, other programming utitlies - 2634 LoC (2) Memory allocation and management - 2710 LoC (3) Device access - 707 LoC (4) Thread and synchronization - 1768 LoC (5) CPU - 1286 LoC (6) Debugging - 1248 LoC (7) Inter-Process Communication - 2595 LoC (8) Client server framework - 406 LoC (9) Other stuff ....