i.mx53qsb and ARM Trustzone Techology
Stefan Kalkowski
stefan.kalkowski at ...1...
Fri Dec 12 12:00:27 CET 2014
Hi Joseph,
On 12/11/2014 02:54 AM, Joseph Lee wrote:
> Thanks Stefan for your detailed explanation.
>
> Is there something similar to the |/dev/mem| and system call |mmap() technique to |access
> physical memory region in guest VM RAM from VMM?
In Genode there is no global view regarding physical memory like
"/dev/mem" in Linux. Corresponding to your system's policy you can gain
a specific amount of anonymous RAM from the system, or specific I/O
memory regions (e.g. for device drivers) referenced by their physical
memory address. For the TrustZone scenario we added a fixed portion of
RAM to the I/O memory regions administered by the core process. Thereby,
the VMM is able to request the VM's RAM via an IOMEM session during its
startup routine. Such memory is mapped as uncached to the VMM's address
space. The VMM has to copy over at least the kernel to the VM's RAM
before starting the non-secure guest OS.
To sum it up, you don't need to care about gaining the VM's physical
memory nor about mapping it, as it is already present in the VMM's
address space. But if you want to read/write from/to it, you have to
assure that the guest OS will either not cache the memory region used
for hypervisor communication, or the guest OS has to flush the related
cache lines whenever it wrote to it, or invalidates them before reading it.
Regards
Stefan
>
> Thanks in advance for answers
>
> Kind regards,
>
> Joseph
>
>
> On Mon, Nov 17, 2014 at 8:03 AM, Stefan Kalkowski
> <stefan.kalkowski at ...1...
> <mailto:stefan.kalkowski at ...1...>> wrote:
>
> Hello Joseph,
>
> On 11/17/2014 04:04 AM, Joseph Lee wrote:
> > Hi
> >
> > From the article in this link
> > http://genode.org/documentation/articles/trustzone , I understood that
> > the DDR RAM in i.mx53 QSB is partitioned off between normal world and
> > secure world. I just want to read a file in the normal world from
> > application running in the secure side. Is there any possibility
> to get
> > access to any file in normal world from the secure world? thanks for
> > your help in advance.
> >
>
> If you want to access files in the "secure world", you first need some
> interface in between, which is not existent right now, at least not for
> file access. When designing such an interface, e.g. by adding a special
> file system driver in Linux that communicates via hypercalls with the
> "secure world", you can of course define a dedicated memory area of the
> "normal world" to be used to transfer payload.
>
> Although the DDR RAM is partitioned between both worlds that doesn't
> mean the "secure world" can't access memory of the "normal world". It
> only means that the memory assigned to the "secure world" can be
> accessed exclusively by it, and not by the "normal world".
>
> Nevertheless, caution is advised when using shared memory in between
> both worlds, as long as the memory might land in the cache of either of
> both worlds. The cache is TrustZone aware, and tags all cache lines to
> be secure, or non-secure, thereby effectively partitioning the cache.
> So if you use shared memory in between "secure" and "normal world" it
> needs to be either marked as uncached, or you need to clean the
> corresponding cache-lines after writing data to shared memory
> respectively invalidate cache-lines before reading data from shared
> memory.
>
> I hope this clarifies your question?
>
> Regards
> Stefan
>
> > Regards,
> > Joseph
> >
> >
> >
> ------------------------------------------------------------------------------
> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> > from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards
> > with Interactivity, Sharing, Native Excel Exports, App Integration
> & more
> > Get technology previously reserved for billion-dollar
> corporations, FREE
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> >
> >
> >
> > _______________________________________________
> > genode-main mailing list
> > genode-main at lists.sourceforge.net
> <mailto:genode-main at lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/genode-main
> >
>
> --
> Stefan Kalkowski
> Genode Labs
>
> http://www.genode-labs.com/ · http://genode.org/
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration &
> more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> <mailto:genode-main at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
--
Stefan Kalkowski
Genode Labs
http://www.genode-labs.com/ · http://genode.org/
More information about the users
mailing list