tz_vmm : VM access a address which isn't allowed

Stefan Kalkowski stefan.kalkowski at ...1...
Tue Dec 16 10:06:24 CET 2014


Hi,

On 12/16/2014 08:39 AM, chirag garg wrote:
> Hi all,
> 
> I am trying to run *tz_vmm* script on the *imx6 platform*. In which I
> have tried to put Genode (without trustzone) OS image instead of linux
> image as a guest OS which is configured according to normal world. we
> changed the CSU also according to imx6 security manual. So now we are
> getting the following error :
> 
> 
> Starting kernel ...
> 
> kernel initialized
> Genode 14.08
> int main(): --- create local services ---
> Core virtual memory allocator
> ---------------------
> Allocator 101318e4 dump:
>  Block: [00001000,00002000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [00002000,00003000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [00003000,00004000) size=00001000 avail=00000000 max_avail=ef9c1000
>  Block: [00004000,00005000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [00005000,00006000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [00006000,10001000) size=0fffb000 avail=0fffb000 max_avail=ef9c1000
>  Block: [1062f000,ffff0000) size=ef9c1000 avail=ef9c1000 max_avail=ef9c1000
>  => mem_size=4288417792 (4089 MB) / mem_avail=4288397312 (4089 MB)
> 
> RAM memory allocator
> ---------------------
> Allocator 10130888 dump:
>  Block: [10000000,10001000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [1062f000,10630000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [10630000,10631000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [10631000,10632000) size=00001000 avail=00000000 max_avail=1f9cd000
>  Block: [10632000,10633000) size=00001000 avail=00000000 max_avail=00000000
>  Block: [10633000,30000000) size=1f9cd000 avail=1f9cd000 max_avail=1f9cd000
>  => mem_size=530391040 (505 MB) / mem_avail=530370560 (505 MB)
> 
> IO memory allocator
> -------------------
> Allocator 1013294c dump:
>  Block: [00000000,00a00000) size=00a00000 avail=00a00000 max_avail=00a00000
>  Block: [00a02000,020d0000) size=016ce000 avail=016ce000 max_avail=016ce000
>  Block: [020d4000,021c0000) size=000ec000 avail=000ec000 max_avail=20000000
>  Block: [021c1000,021e8000) size=00027000 avail=00027000 max_avail=00027000
>  Block: [021ec000,10000000) size=0de14000 avail=0de14000 max_avail=20000000
>  Block: [30000000,50000000) size=20000000 avail=20000000 max_avail=20000000
>  => mem_size=805261312 (767 MB) / mem_avail=805261312 (767 MB)
> 
> IRQ allocator
> -------------------
> Allocator 101339a8 dump:
>  Block: [00000000,00000400) size=00000400 avail=00000400 max_avail=00000400
>  => mem_size=1024 (0 MB) / mem_avail=1024 (0 MB)
> 
> int main(): --- start init ---
> int main(): transferred 505 MB to init
> int main(): --- init created, waiting for exit condition ---
> [init] Could not open file "ld.lib.so <http://ld.lib.so>"
> [init] parent provides
> [init]   service "ROM"
> [init]   service "RAM"
> [init]   service "IRQ"
> [init]   service "IO_MEM"
> [init]   service "CAP"
> [init]   service "PD"
> [init]   service "RM"
> [init]   service "CPU"
> [init]   service "LOG"
> [init]   service "SIGNAL"
> [init]   service "VM"
> [init] child "tz_vmm"
> [init]   RAM quota:  3932160
> [init]   ELF binary: tz_vmm
> [init]   priority:   0
> [init -> tz_vmm] Start virtual machine
> [init -> tz_vmm] *Vm tried to access 30008040 which isn't allowed*
> [init -> tz_vmm] Cpu state:
> [init -> tz_vmm]   Register     Virt     Phys
> [init -> tz_vmm] ---------------------------------
> [init -> tz_vmm]   r0         = 00000000 [00000000]
> [init -> tz_vmm]   r1         = 00000eb9 [00000000]
> [init -> tz_vmm]   r2         = 30000100 [00000000]
> [init -> tz_vmm]   r3         = 00000000 [00000000]
> [init -> tz_vmm]   r4         = 00000000 [00000000]
> [init -> tz_vmm]   r5         = 00000000 [00000000]
> [init -> tz_vmm]   r6         = 00000000 [00000000]
> [init -> tz_vmm]   r7         = 00000000 [00000000]
> [init -> tz_vmm]   r8         = 00000000 [00000000]
> [init -> tz_vmm]   r9         = 00000000 [00000000]
> [init -> tz_vmm]   r10        = 00000000 [00000000]
> [init -> tz_vmm]   r11        = 00000000 [00000000]
> [init -> tz_vmm]   r12        = 00000000 [00000000]
> [init -> tz_vmm]   sp         = 00000000 [00000000]
> [init -> tz_vmm]   lr         = 00000000 [00000000]
> [init -> tz_vmm]   ip         = 30008000 [00000000]
> [init -> tz_vmm]   cpsr       = 00000093
> [init -> tz_vmm]   sp_und     = 00000000 [00000000]
> [init -> tz_vmm]   lr_und     = 00000000 [00000000]
> [init -> tz_vmm]   spsr_und   = 00000000 [00000000]
> [init -> tz_vmm]   sp_svc     = 00000000 [00000000]
> [init -> tz_vmm]   lr_svc     = 00000000 [00000000]
> [init -> tz_vmm]   spsr_svc   = 00000000 [00000000]
> [init -> tz_vmm]   sp_abt     = 00000000 [00000000]
> [init -> tz_vmm]   lr_abt     = 00000000 [00000000]
> [init -> tz_vmm]   spsr_abt   = 00000000 [00000000]
> [init -> tz_vmm]   sp_irq     = 00000000 [00000000]
> [init -> tz_vmm]   lr_irq     = 00000000 [00000000]
> [init -> tz_vmm]   spsr_irq   = 00000000 [00000000]
> [init -> tz_vmm]   sp_fiq     = 00000000 [00000000]
> [init -> tz_vmm]   lr_fiq     = 00000000 [00000000]
> [init -> tz_vmm]   spsr_fiq   = 00000000 [00000000]
> [init -> tz_vmm]   ttbr0      = 112a1041
> [init -> tz_vmm]   ttbr1      = 93a2c043
> [init -> tz_vmm]   ttbrc      = 00000000
> [init -> tz_vmm]   dfar       = 00000000 [00000000]
> [init -> tz_vmm]   *exception  = data_abort*
> [init -> tz_vmm] *Could not handle data-abort will exit!*
> [init -> tz_vmm] *Destructing undissolved signal context*
> 
> I divided the RAM into two portions: 0x10000000-0x30000000 for secure
> world and 0x30000000-0x50000000 for Normal world.
> 
> After VM start, we are getting "*VM tried to access 30008040 which isn't
> allowed"  *error. Also, tried to compile the image by changing this
> address to 0x10001000 in the file spec_hw_imx6.mk
> <http://spec_hw_imx6.mk> file (for the normal world OS image). We get
> the same error as above but only with the memory address changed in the
> error message.
> Kindly let us know the possible reasons behind getting this error.

If you want to run Genode's hw kernel as normal world OS beside the
secure world version, you have to link it to the right address. For
doing so, use the LD_TEXT_ADDR variable in the spec file you already
mentioned. Nevertheless, of course you have to set the instruction
pointer according to the binary's entrypoint which is probably not
0x30008000 as long as you didn't linked the kernel to that address.

The next question would be: how do you load the Genode normal world
guest? Do you use an ELF image, a raw binary, or an u-boot image? The
original VMM implementation only handles a raw Linux kernel binary, no
ELF nor u-boot image.

I wonder what code base do you used for implementing the VMM for your
example? In the mainline Genode repository there is one for i.MX53 and
one for Versatile Express. Although both are looking quite similar they
are using completely different TrustZone-aware devices of the related
SoCs to provide protection. When looking at your print messages it seems
you are using the Versatile Express code, do you?

Regards
Stefan

> 
> Thanks in advance.
> 
> Regards
> 
> Chirag Garg
> IIT Madras , Rise Lab
> 
> 
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> 
> 
> 
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ ยท http://genode.org/




More information about the users mailing list