Virtualization with trustzone into mx53

Stefan Kalkowski stefan.kalkowski at ...1...
Wed Nov 27 22:47:51 CET 2013

Hi Pablo,

On 11/26/2013 06:11 PM, panton wrote:
> Hello,
> I want to create a virtualized system with Genode in my imx53 board. At 
> the moment, I am able to run Genode on the board with base-foc and also 
> directly on hardware (base-hw). Thus, my plan was to run a linux kernel 
> as a child node and hopefully run it into trustzone NS. Looking into 
> Genode code I found base-hw/include/vm_session that seems to deal with 
> virtualization. Furthermore there is a into 
> base-hw/src/core.., but without real useful code.

well, this depends. There are files for different
platforms/configurations. In general, that file only contains additional
kernel initialization routines needed. For instance, configuring IRQs to
be "secure", or "non-secure", or configure TrustZone specific devices
that can be configured in supervisor mode only.
For configurations where no TrustZone is supported, or used that file
contains an empty initialization indeed. I assume you've found that file.

> I was wondering if there are implemented virtualization capabilities 
> using trustzone or even without trustzone?

In fact, there is some kind of virtualization support using TrustZone.
Although, TrustZone isn't designed to be a virtualization solution.
Therefore, the "guest" needs to be aware what devices it is allowed to
use. In contrast to the CPU (including MMU, Caches, etc.), there is no
support to virtualize physical memory (including memory mapped I/O) for
the non-secure "guest". That means guest physical addresses are in fact
physical addresses. Dependent on the concrete platform, it might be
possible to deny non-secure access to certain physical memory regions,
like I/O memory of certain devices, and then use a trap-emulate
approach. But in general this approach isn't guaranteed to work.
Dependent on where the unit, which controls peripheral device memory (if
existent at all), is located in the bus hierarchy of the SoC, it might
provoke asynchronous external data-aborts in the CPU core, instead of
synchronous ones. Thereby, it is impossible to recover the state, in
which the protection fault was raised.
To sum it up, the non-secure guest has to behave cooperatively, or it
will fail. Trap-and-emulate doesn't work in general. Therefore, some
lightweight form of para-virtualization of the guest OS is needed.

On ARM platforms, apart from the TrustZone "virtualization", Genode
includes support of L4Linux, a para-virtualized Linux for the Fiasco.OC
kernel. ARM's virtualization extensions aren't supported yet, but we'll
investigate it certainly.

> If so, it would be great to
> have an example of how to use it.

A working basic example is available on Genode's current staging branch,
and will be available in Genode's upcoming release 13.11, that will be
announced this week.
The example should work out of the box for ARM's Versatile Express
Coretile A9x4, and Freescale's i.MX53 Quickstart board. You'll have to
create a build directory for 'hw_imx53'. After creating the build
directory, you've to adapt the 'etc/specs.conf' file, and add the
following SPEC variable:

  SPECS += trustzone

After that, do a 'make run/tz_vmm' in the build directory. The resulting
image is located in 'var/run/tz_vmm/uImage'. The example scenario starts
Genode's hw kernel, core, init, and the virtual machine monitor, which
will boot Linux with a small busybox initramfs on the non-secure side.

A more sophisticated example, which runs on the i.MX53 SABRE tablet
only, can be found on this topic branch:

That example include virtual touchscreen support for the non-secure
guest, so that you can interact with the secure Genode system, and the
non-secure Android guest side-by-side.

> Thanks in advance for answers!

You're welcome.

Best Regards

> Best regards,
> Pablo Anton
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> _______________________________________________
> Genode-main mailing list
> Genode-main at

Stefan Kalkowski
Genode Labs ยท

More information about the users mailing list