Hi, I have an i.MX53 QSB development board and I want to experiment with ARM TrustZone.
I'm a beginner with regards to genode and kernel development in general.
I was able to run tz_vmm on the QSB and interact with the linux which runs in normal world. What I want to do next is a fairly simple system where inside linux I can call an SMC and switch to the secure world, then whilst in secure world print something (like "Hello From Secure World" and also print some argument from the normal world) and then go back to linux.
I have read some of the messages in the mailing list and I noticed some of you (other mailing list subscribers) already achieved similar communication protocols but because I'm new to genode I don't know where to start.
I know I probably have to create a kernel module for the linux running in normal world so I can call SMC from a userspace application, but I don't know how to do that since I don't see where the linux is being compiled for genode [1]. Do I have to compile another linux? How do I incorporate this new linux version to work with genode?
Besides this I also don't know where to start modifying tz_vmm in order to achieve my goals. I know where tz_vmm's code is but I don't know where to start changing it. I have also seen some mailing list questions regarding the world switch from secure world to normal world. It seems that from normal to secure you should call an SMC, but from secure to normal the monitor mode implementation cannot handle entries from the secure world and thus no SMC can be called directly [2].
Can you give my some feedback on how to achieve these things on the i.MX53 QSB?
Thanks in advance, Tiago
[1] - https://sourceforge.net/p/genode/mailman/message/33244107/ [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
Hello Tiago,
On 05/25/2016 04:56 PM, Tiago Brito wrote:
Hi, I have an i.MX53 QSB development board and I want to experiment with ARM TrustZone.
I'm a beginner with regards to genode and kernel development in general.
I was able to run tz_vmm on the QSB and interact with the linux which runs in normal world. What I want to do next is a fairly simple system where inside linux I can call an SMC and switch to the secure world, then whilst in secure world print something (like "Hello From Secure World" and also print some argument from the normal world) and then go back to linux.
I have read some of the messages in the mailing list and I noticed some of you (other mailing list subscribers) already achieved similar communication protocols but because I'm new to genode I don't know where to start.
Well, the very first pointer to gain more understanding of this concrete scenario ist to read the detailed documentation of it:
http://genode.org/documentation/articles/trustzone
Most of your questions, e.g., how to build the Linux kernel?, or is it a modified Linux kernel? are already answered there.
I know I probably have to create a kernel module for the linux running in normal world so I can call SMC from a userspace application, but I don't know how to do that since I don't see where the linux is being compiled for genode [1]. Do I have to compile another linux? How do I incorporate this new linux version to work with genode?
Actually the Linux kernel version you are using when executing the tz_vmm run-script already issues SMC calls that switch to the secure world, where the VMM handles those calls and afterwards returns to the normal world.
Besides this I also don't know where to start modifying tz_vmm in order to achieve my goals. I know where tz_vmm's code is but I don't know where to start changing it. I have also seen some mailing list questions regarding the world switch from secure world to normal world. It seems that from normal to secure you should call an SMC, but from secure to normal the monitor mode implementation cannot handle entries from the secure world and thus no SMC can be called directly [2].
The typical activity flow is:
* Linux kernel issues an SMC call, e.g., to tell the VMM where its framebuffer is located in physical memory [1] * the HW kernel of Genode receives an exception, pauses the Linux VM, and delivers a signal to the related VMM [2] * the VMM receives the signal that the VM got paused due to an SMC call [3] * the VMM informs the HW kernel that the VM should be executed again after handling the call [4] * next time the scheduler of the HW kernel chooses the VM, it issues a world-switch to it [5]
Regards Stefan
[1] https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636... [2] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec... [3] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [4] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [5] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec...
Can you give my some feedback on how to achieve these things on the i.MX53 QSB?
Thanks in advance, Tiago
[1] - https://sourceforge.net/p/genode/mailman/message/33244107/ [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
2016-05-31 10:35 GMT+01:00 Stefan Kalkowski < stefan.kalkowski@...1...>:
Hello Tiago,
Hi Stefan, thanks for your response. It really helps!
On 05/25/2016 04:56 PM, Tiago Brito wrote:
Hi, I have an i.MX53 QSB development board and I want to experiment with ARM TrustZone.
I'm a beginner with regards to genode and kernel development in general.
I was able to run tz_vmm on the QSB and interact with the linux which
runs
in normal world. What I want to do next is a fairly simple system where inside linux I can call an SMC and switch to the secure world, then
whilst
in secure world print something (like "Hello From Secure World" and also print some argument from the normal world) and then go back to linux.
I have read some of the messages in the mailing list and I noticed some
of
you (other mailing list subscribers) already achieved similar
communication
protocols but because I'm new to genode I don't know where to start.
Well, the very first pointer to gain more understanding of this concrete scenario ist to read the detailed documentation of it:
http://genode.org/documentation/articles/trustzone
Most of your questions, e.g., how to build the Linux kernel?, or is it a modified Linux kernel? are already answered there.
I read this and I now understand the flow which makes tz_vmm work.
I know I probably have to create a kernel module for the linux running in normal world so I can call SMC from a userspace application, but I don't know how to do that since I don't see where the linux is being compiled
for
genode [1]. Do I have to compile another linux? How do I incorporate this new linux version to work with genode?
Actually the Linux kernel version you are using when executing the tz_vmm run-script already issues SMC calls that switch to the secure world, where the VMM handles those calls and afterwards returns to the normal world.
I understand this, but is there a way to make a user-level application to trigger an SMC (with an identifier) so that the secure world, after trapping the SMC, can do something accordingly?
What I read from other posts is that I have to change tz_vmm's Linux in order to support this. I think other people from this mailing list already did so by adding system calls or kernel modules which trigger the SMC. This way my user-level application can use this system call/kernel module in order to manually switch to the secure world.
Besides this I also don't know where to start modifying tz_vmm in order
to
achieve my goals. I know where tz_vmm's code is but I don't know where to start changing it. I have also seen some mailing list questions regarding the world switch from secure world to normal world. It seems that from normal to secure you should call an SMC, but from secure to normal the monitor mode implementation cannot handle entries from the secure world
and
thus no SMC can be called directly [2].
The typical activity flow is:
- Linux kernel issues an SMC call, e.g., to tell the VMM where its framebuffer is located in physical memory [1]
- the HW kernel of Genode receives an exception, pauses the Linux VM, and delivers a signal to the related VMM [2]
- the VMM receives the signal that the VM got paused due to an SMC call [3]
- the VMM informs the HW kernel that the VM should be executed again after handling the call [4]
- next time the scheduler of the HW kernel chooses the VM, it issues a world-switch to it [5]
From tz_vmm's code I understand that both r0 and r1 registers can be used
as arguments for the SMC, which solves the identifier problem I mentioned. This way I can change tz_vmm so that when the SMC triggered by the user-level app is caught I can print something to the serial console.
Regards Stefan
Thanks again!
Best Regards, Tiago
[1]
https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636... [2]
https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec... [3]
https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [4]
https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [5]
https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec...
Can you give my some feedback on how to achieve these things on the
i.MX53
QSB?
Thanks in advance, Tiago
[1] - https://sourceforge.net/p/genode/mailman/message/33244107/ [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
Hello Tiago,
On 05/31/2016 12:52 PM, Tiago Brito wrote:
2016-05-31 10:35 GMT+01:00 Stefan Kalkowski < stefan.kalkowski@...1...>:
Hello Tiago,
Hi Stefan, thanks for your response. It really helps!
On 05/25/2016 04:56 PM, Tiago Brito wrote:
Hi, I have an i.MX53 QSB development board and I want to experiment with ARM TrustZone.
I'm a beginner with regards to genode and kernel development in general.
I was able to run tz_vmm on the QSB and interact with the linux which
runs
in normal world. What I want to do next is a fairly simple system where inside linux I can call an SMC and switch to the secure world, then
whilst
in secure world print something (like "Hello From Secure World" and also print some argument from the normal world) and then go back to linux.
I have read some of the messages in the mailing list and I noticed some
of
you (other mailing list subscribers) already achieved similar
communication
protocols but because I'm new to genode I don't know where to start.
Well, the very first pointer to gain more understanding of this concrete scenario ist to read the detailed documentation of it:
http://genode.org/documentation/articles/trustzone
Most of your questions, e.g., how to build the Linux kernel?, or is it a modified Linux kernel? are already answered there.
I read this and I now understand the flow which makes tz_vmm work.
I know I probably have to create a kernel module for the linux running in normal world so I can call SMC from a userspace application, but I don't know how to do that since I don't see where the linux is being compiled
for
genode [1]. Do I have to compile another linux? How do I incorporate this new linux version to work with genode?
Actually the Linux kernel version you are using when executing the tz_vmm run-script already issues SMC calls that switch to the secure world, where the VMM handles those calls and afterwards returns to the normal world.
I understand this, but is there a way to make a user-level application to trigger an SMC (with an identifier) so that the secure world, after trapping the SMC, can do something accordingly?
What I read from other posts is that I have to change tz_vmm's Linux in order to support this. I think other people from this mailing list already did so by adding system calls or kernel modules which trigger the SMC. This way my user-level application can use this system call/kernel module in order to manually switch to the secure world.
Incorporating an interface into the Linux kernel so that a user-land program can communicate with a kernel subsystem is really beyond the scope of this mailing-list. Moreover, there are plenty of resources about such topics that can be found in the web.
Anyway, I think there are probably different approaches for this. I would build a Linux kernel module that provides a file with a corresponding ioctl interface. Maybe there is a more convenient way to do so, but this is the path I would follow being in your position.
In all scenarios we built, communication to the secure world was initiated within Linux kernel subsystems only.
Besides this I also don't know where to start modifying tz_vmm in order
to
achieve my goals. I know where tz_vmm's code is but I don't know where to start changing it. I have also seen some mailing list questions regarding the world switch from secure world to normal world. It seems that from normal to secure you should call an SMC, but from secure to normal the monitor mode implementation cannot handle entries from the secure world
and
thus no SMC can be called directly [2].
The typical activity flow is:
- Linux kernel issues an SMC call, e.g., to tell the VMM where its framebuffer is located in physical memory [1]
- the HW kernel of Genode receives an exception, pauses the Linux VM, and delivers a signal to the related VMM [2]
- the VMM receives the signal that the VM got paused due to an SMC call [3]
- the VMM informs the HW kernel that the VM should be executed again after handling the call [4]
- next time the scheduler of the HW kernel chooses the VM, it issues a world-switch to it [5]
From tz_vmm's code I understand that both r0 and r1 registers can be used
as arguments for the SMC, which solves the identifier problem I mentioned. This way I can change tz_vmm so that when the SMC triggered by the user-level app is caught I can print something to the serial console.
In general you can use all general-purpose registers, as long as you preserve them, to communicate between both worlds. What kind of protocol you use, and how the VMM reacts to SMC is up to you.
Regards Stefan
Regards Stefan
Thanks again!
Best Regards, Tiago
[1]
https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636... [2]
https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec... [3]
https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [4]
https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/... [5]
https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec...
Can you give my some feedback on how to achieve these things on the
i.MX53
QSB?
Thanks in advance, Tiago
[1] - https://sourceforge.net/p/genode/mailman/message/33244107/ [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
-
Stefan Kalkowski -
Tiago Brito