Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive documentation on how Genode has experimented with the Trustzone of ARM. I want to explore the Trustzone and run an application in the secure mode, but I wanted to know if it is possible to do with virt_qemu_arm.
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and exception-level (EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive documentation on how Genode has experimented with the Trustzone of ARM. I want to explore the Trustzone and run an application in the secure mode, but I wanted to know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Dear Genodians,
I hope this message finds you well. I am writing to follow up on our previous discussion regarding running kernels in secure mode using QEMU.
As per your suggestion, we have investigated the use of QEMU for this purpose and found that it does support the required kernels. However, we require further guidance on setting up an exception vector for the EL3. Could you kindly provide us with the necessary steps to accomplish this task?
Additionally, we are interested in running a simple program similar to the one demonstrated in the IMX demo. Could you please suggest any relevant documents or threads that could assist us in achieving this objective?
Thank you for your time and assistance.
Sincerely,
Divya
On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and exception-level (EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive
documentation
on how Genode has experimented with the Trustzone of ARM. I want to
explore
the Trustzone and run an application in the secure mode, but I wanted to know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Hello Divya,
On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
Dear Genodians,
I hope this message finds you well. I am writing to follow up on our previous discussion regarding running kernels in secure mode using QEMU.
As per your suggestion, we have investigated the use of QEMU for this purpose and found that it does support the required kernels. However, we require further guidance on setting up an exception vector for the EL3. Could you kindly provide us with the necessary steps to accomplish this task?
This goes _far_ beyond the scope of an easy to answer "How to..." question.
My first counter question would be: what do you want to achieve? What is your goal: do you want different fully functional OSes on both sides: secure world and normal world, or "just" some library OS functionality on the secure side for doing for instance some cryptographic work? Is Genode running on both sides, or what is running in the normal world?
If you only want to "play" with the current possibilities of the Genode framework only, this goes far beyond this scope. You would need to develop certain functionalities not yet implemented for ARMv8. In that case, much more knowledge about your envisioned system is needed.
Additionally, we are interested in running a simple program similar to the one demonstrated in the IMX demo. Could you please suggest any relevant documents or threads that could assist us in achieving this objective?
I don't know which "simple program" you mean actually? The only visible TrustZone examples for i.MX53 I'm aware of are Linux or Android running in the normal world, and Genode's base-hw kernel, some drivers and a kind of TrustZone VMM running in the secure world. This is actually no simple scenario at all.
If you want to re-produce this scenario, you have to:
* Analyze functionality and security-wise, which system registers have to be saved / restored by the secure-monitor on ARMv8 * Implement (in assembler) a world-switch routine from the normal-to-secure world (this is the exception vector), and vice-versa * Setup the secure-monitor mode, e.g. by setting the exception vector's address in EL3 mode * Re-write or extend the TrustZone VMM to handle ARMv8
Regards Stefan
Thank you for your time and assistance.
Sincerely,
Divya
On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and exception-level (EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive
documentation
on how Genode has experimented with the Trustzone of ARM. I want to
explore
the Trustzone and run an application in the secure mode, but I wanted to know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
To be more specific we want to create an app/program on Linux/Android and for cryptographic work, we want to switch to a trusted os, Genode. so we need to work on 2 things 1) switching between Normal os to secure os and vice versa 2) set up Linux/android on top of genode.
please suggest something for 2nd option.
Regards Divya
On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Divya,
On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
Dear Genodians,
I hope this message finds you well. I am writing to follow up on our previous discussion regarding running kernels in secure mode using QEMU.
As per your suggestion, we have investigated the use of QEMU for this purpose and found that it does support the required kernels. However, we require further guidance on setting up an exception vector for the EL3. Could you kindly provide us with the necessary steps to accomplish this task?
This goes _far_ beyond the scope of an easy to answer "How to..." question.
My first counter question would be: what do you want to achieve? What is your goal: do you want different fully functional OSes on both sides: secure world and normal world, or "just" some library OS functionality on the secure side for doing for instance some cryptographic work? Is Genode running on both sides, or what is running in the normal world?
If you only want to "play" with the current possibilities of the Genode framework only, this goes far beyond this scope. You would need to develop certain functionalities not yet implemented for ARMv8. In that case, much more knowledge about your envisioned system is needed.
Additionally, we are interested in running a simple program similar to
the
one demonstrated in the IMX demo. Could you please suggest any relevant documents or threads that could assist us in achieving this objective?
I don't know which "simple program" you mean actually? The only visible TrustZone examples for i.MX53 I'm aware of are Linux or Android running in the normal world, and Genode's base-hw kernel, some drivers and a kind of TrustZone VMM running in the secure world. This is actually no simple scenario at all.
If you want to re-produce this scenario, you have to:
- Analyze functionality and security-wise, which system registers have to be saved / restored by the secure-monitor on ARMv8
- Implement (in assembler) a world-switch routine from the normal-to-secure world (this is the exception vector), and vice-versa
- Setup the secure-monitor mode, e.g. by setting the exception vector's address in EL3 mode
- Re-write or extend the TrustZone VMM to handle ARMv8
Regards Stefan
Thank you for your time and assistance.
Sincerely,
Divya
On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and
exception-level
(EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive
documentation
on how Genode has experimented with the Trustzone of ARM. I want to
explore
the Trustzone and run an application in the secure mode, but I
wanted to
know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Hello,
On Tue, Feb 28, 2023 at 06:26:06PM +0530, Divya Sharma wrote:
To be more specific we want to create an app/program on Linux/Android and for cryptographic work, we want to switch to a trusted os, Genode. so we need to work on 2 things
- switching between Normal os to secure os and vice versa
- set up Linux/android on top of genode.
Okay. Please be aware, that you have to partition the devices to be used by either side, only TrustZone-aware devices can get "shared" resp. used by both sides, e.g., the CPU and interrup-controller.
please suggest something for 2nd option.
The steps necessary for this use-case I've already sketched in my last response. Please read that carefully. If you have more specific implementation and design questions regarding our software stack, please feel free to ask.
Regards Stefan
Regards Divya
On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Divya,
On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
Dear Genodians,
I hope this message finds you well. I am writing to follow up on our previous discussion regarding running kernels in secure mode using QEMU.
As per your suggestion, we have investigated the use of QEMU for this purpose and found that it does support the required kernels. However, we require further guidance on setting up an exception vector for the EL3. Could you kindly provide us with the necessary steps to accomplish this task?
This goes _far_ beyond the scope of an easy to answer "How to..." question.
My first counter question would be: what do you want to achieve? What is your goal: do you want different fully functional OSes on both sides: secure world and normal world, or "just" some library OS functionality on the secure side for doing for instance some cryptographic work? Is Genode running on both sides, or what is running in the normal world?
If you only want to "play" with the current possibilities of the Genode framework only, this goes far beyond this scope. You would need to develop certain functionalities not yet implemented for ARMv8. In that case, much more knowledge about your envisioned system is needed.
Additionally, we are interested in running a simple program similar to
the
one demonstrated in the IMX demo. Could you please suggest any relevant documents or threads that could assist us in achieving this objective?
I don't know which "simple program" you mean actually? The only visible TrustZone examples for i.MX53 I'm aware of are Linux or Android running in the normal world, and Genode's base-hw kernel, some drivers and a kind of TrustZone VMM running in the secure world. This is actually no simple scenario at all.
If you want to re-produce this scenario, you have to:
- Analyze functionality and security-wise, which system registers have to be saved / restored by the secure-monitor on ARMv8
- Implement (in assembler) a world-switch routine from the normal-to-secure world (this is the exception vector), and vice-versa
- Setup the secure-monitor mode, e.g. by setting the exception vector's address in EL3 mode
- Re-write or extend the TrustZone VMM to handle ARMv8
Regards Stefan
Thank you for your time and assistance.
Sincerely,
Divya
On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and
exception-level
(EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive
documentation
on how Genode has experimented with the Trustzone of ARM. I want to
explore
the Trustzone and run an application in the secure mode, but I
wanted to
know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Hello Divya,
my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported.
Regards Stefan
On Tue, Feb 28, 2023 at 02:28:14PM +0100, Stefan Kalkowski wrote:
Hello,
On Tue, Feb 28, 2023 at 06:26:06PM +0530, Divya Sharma wrote:
To be more specific we want to create an app/program on Linux/Android and for cryptographic work, we want to switch to a trusted os, Genode. so we need to work on 2 things
- switching between Normal os to secure os and vice versa
- set up Linux/android on top of genode.
Okay. Please be aware, that you have to partition the devices to be used by either side, only TrustZone-aware devices can get "shared" resp. used by both sides, e.g., the CPU and interrup-controller.
please suggest something for 2nd option.
The steps necessary for this use-case I've already sketched in my last response. Please read that carefully. If you have more specific implementation and design questions regarding our software stack, please feel free to ask.
Regards Stefan
Regards Divya
On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Divya,
On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
Dear Genodians,
I hope this message finds you well. I am writing to follow up on our previous discussion regarding running kernels in secure mode using QEMU.
As per your suggestion, we have investigated the use of QEMU for this purpose and found that it does support the required kernels. However, we require further guidance on setting up an exception vector for the EL3. Could you kindly provide us with the necessary steps to accomplish this task?
This goes _far_ beyond the scope of an easy to answer "How to..." question.
My first counter question would be: what do you want to achieve? What is your goal: do you want different fully functional OSes on both sides: secure world and normal world, or "just" some library OS functionality on the secure side for doing for instance some cryptographic work? Is Genode running on both sides, or what is running in the normal world?
If you only want to "play" with the current possibilities of the Genode framework only, this goes far beyond this scope. You would need to develop certain functionalities not yet implemented for ARMv8. In that case, much more knowledge about your envisioned system is needed.
Additionally, we are interested in running a simple program similar to
the
one demonstrated in the IMX demo. Could you please suggest any relevant documents or threads that could assist us in achieving this objective?
I don't know which "simple program" you mean actually? The only visible TrustZone examples for i.MX53 I'm aware of are Linux or Android running in the normal world, and Genode's base-hw kernel, some drivers and a kind of TrustZone VMM running in the secure world. This is actually no simple scenario at all.
If you want to re-produce this scenario, you have to:
- Analyze functionality and security-wise, which system registers have to be saved / restored by the secure-monitor on ARMv8
- Implement (in assembler) a world-switch routine from the normal-to-secure world (this is the exception vector), and vice-versa
- Setup the secure-monitor mode, e.g. by setting the exception vector's address in EL3 mode
- Re-write or extend the TrustZone VMM to handle ARMv8
Regards Stefan
Thank you for your time and assistance.
Sincerely,
Divya
On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < stefan.kalkowski@genode-labs.com> wrote:
Hello Devashish,
in its currently used form on ARMv8: if Genode's own kernel variant "base-hw" gets booted into TrustZone's secure mode at all, it leaves it without doing any additional setup into the normal world resp. directly into EL2 hypervisor mode to prepare that.
With other words, without modifications you can't use the secure world right now. On most platforms this is actually already in use by ARM's Trusted Firmware (ATF), which implements things like multi-processor wakeup, suspend etc., so we can't make use of it without replacing the whole ATF.
In general it is however possible to do so, but you'll need to do several in-depth modifications to make that work. First you need to find out whether on Qemu the kernel gets started in secure mode. If yes you would need at least to setup an exception vector for the EL3 secure-monitor mode, so that you handle for instance SMC-calls. Probably you'll need to setup the MMU for the EL3 mode. To sum it up it is some serious work to do. If you are interested in exploring that, please have a look into the current CPU and
exception-level
(EL) setup in file: repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc That would be a good starting point to hook in.
Regards Stefan
On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 wrote:
Dear Genodians, I am working with virt_qemu_arm_v8a, and I read the extensive
documentation
on how Genode has experimented with the Trustzone of ARM. I want to
explore
the Trustzone and run an application in the secure mode, but I
wanted to
know if it is possible to do with virt_qemu_arm.
-- Regards, Devashish Dewangan CS21M017
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-- Stefan Kalkowski Genode labs
https://github.com/skalk | https://genode.org
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski stefan.kalkowski@genode-labs.com wrote:
Hello Divya,
my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported.
Regards Stefan
This is the only sensible option. As Stefan explained; it is very large amount of work to device some kind of secure vmm from scratch. It is possible to overwrite ATF and run "simple" functions from the new exception table.
Another option is to use something I have tinkered with. I use a dedicated CPU core and since it is started without any EL switching it can run , in the background behind Genode, and can be kept secure. In order to communicate with it you probably need to do a exception vector for the CPU cores Genode runs on. When all is setup , you can message your crypto routines running on the dedicated CPU core by doing SVC calls and in the vector entries use the soc's mailboxing.
But, *really*, "normal" virtualization is the best option. Every other option requires a lot of assembly and would step away from Genodes software design.
Regards, MIchael
Thanks, MIchael for suggesting the another approach.
With the normal virtualization, do you mean the arm virtualization which works at PL2? Do you mean we can achieve the same secured or normal isolation level with normal virtualization as we would have achieved with the Trustzone?As our main goal is to execute the normal application( cryptographic work) in the secure world compared to the normal world. If yes, how can we achieve a normal and secure world in virtualization? Can you provide any references or anything to achieve this from scratch if possible?
Best, Divya.
On Wed, Mar 1, 2023 at 4:52 PM Michael Grunditz michael.grunditz@gmail.com wrote:
On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski stefan.kalkowski@genode-labs.com wrote:
Hello Divya,
my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported.
Regards Stefan
This is the only sensible option. As Stefan explained; it is very large amount of work to device some kind of secure vmm from scratch. It is possible to overwrite ATF and run "simple" functions from the new exception table.
Another option is to use something I have tinkered with. I use a dedicated CPU core and since it is started without any EL switching it can run , in the background behind Genode, and can be kept secure. In order to communicate with it you probably need to do a exception vector for the CPU cores Genode runs on. When all is setup , you can message your crypto routines running on the dedicated CPU core by doing SVC calls and in the vector entries use the soc's mailboxing.
But, *really*, "normal" virtualization is the best option. Every other option requires a lot of assembly and would step away from Genodes software design.
Regards, MIchael
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Hello,
with normal virtualization, hardware-assisted virtualization for ARM was meant.
You can achieve similar isolation like the TrustZone separation, not in between "secure" and "normal" but in between host and guest OS. The host OS Genode can provide special cryptographic means to the Android guest via a special virtual device, or as backend of an already existing device category, e.g. network.
Regards Stefan
On Thu, Mar 02, 2023 at 01:33:00PM +0530, Divya Sharma wrote:
Thanks, MIchael for suggesting the another approach.
With the normal virtualization, do you mean the arm virtualization which works at PL2? Do you mean we can achieve the same secured or normal isolation level with normal virtualization as we would have achieved with the Trustzone?As our main goal is to execute the normal application( cryptographic work) in the secure world compared to the normal world. If yes, how can we achieve a normal and secure world in virtualization? Can you provide any references or anything to achieve this from scratch if possible?
Best, Divya.
On Wed, Mar 1, 2023 at 4:52 PM Michael Grunditz michael.grunditz@gmail.com wrote:
On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski stefan.kalkowski@genode-labs.com wrote:
Hello Divya,
my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported.
Regards Stefan
This is the only sensible option. As Stefan explained; it is very large amount of work to device some kind of secure vmm from scratch. It is possible to overwrite ATF and run "simple" functions from the new exception table.
Another option is to use something I have tinkered with. I use a dedicated CPU core and since it is started without any EL switching it can run , in the background behind Genode, and can be kept secure. In order to communicate with it you probably need to do a exception vector for the CPU cores Genode runs on. When all is setup , you can message your crypto routines running on the dedicated CPU core by doing SVC calls and in the vector entries use the soc's mailboxing.
But, *really*, "normal" virtualization is the best option. Every other option requires a lot of assembly and would step away from Genodes software design.
Regards, MIchael
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
-
Devashish Dewangan cs21m017 -
Divya Sharma -
Michael Grunditz -
Stefan Kalkowski