Hello Vasan,

On Tue, May 24, 2022 at 03:14:24PM +0530, Vasan VS wrote:

Hi Genodians,

I was extremely thrilled to read through the extensive documentation on how Genode has been experimented with Trustzone of ARM available at:

https://genode.org/documentation/articles/trustzone

I am very interested to know if the same has been experimented on the latest ARM cores/SoCs that are there in the market currently and any feedback on that.

It is nice to hear that our TrustZone article felt into good ground. We did not "experimented" with TrustZone features using latest ARM SoCs, but whenever necessary we bootstrap the CPU cores to the point, where we can use e.g. virtualization facilities. To enter the hypervisor mode on platforms where the bootloader left the CPU in TrustZone's secure world, we first setup it (resp. the TrustZone monitor), and then enter the normal world to be able to use the virtualization facilities.

This kind of bootstrapping however is generic code and not dependent on a specific SoC. We did not coped with any special TrustZone-aware devices, like the i.MX-specific "Central Security Unit" described in the mentioned article nor similar. Although we analyzed the potential of the TrustZone mechnisms by the described experimentsm, it is not in the main interest of the Genode framework, because on systems that run Genode-only the protection given by a MMU and a S-MMU are sufficient. Moreover, on most platforms where a Genode system can be booted, the TrustZone secure world is already occupied by some firmware, for example the ARM Trusted Firmware, so that we do not make any use of it.

Regards Stefan

Regards

Vasan

---

Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users