Virtualization with trustzone into mx53

Stefan Kalkowski stefan.kalkowski at ...1...
Thu Jan 23 10:55:25 CET 2014


Hi Pablo,

the i.MX53 framebuffer driver does't detect your current display setup
automatically. It only checks whether it's running on top of i.MX53
Quickstart board, or the i.MX53 SABRE tablet. When running on the first
one, it assumes you've a connected LCD display (MCIMX28LCD), and when
running on the tablet it uses the tablet screen.

I assume you're using the Quickstart board? Do you use Genode's current
staging, or master branch?

Regards
Stefan

On 01/22/2014 06:39 PM, panton wrote:
> Regarding my incompetence with trustzone and framebuffer, I have tried 
> to check if at least the framebuffer implemented in Genode works (for 
> sure it works) without any trustzone module. I have run 
> os/src/test/framebuffer/main.cc toguether with drivers/fb_drv, 
> drivers/timer, drivers/gpio_drv, drivers/platform_drv. Everything seems 
> to work fine (except some "no found config file" output).
> 
> .....
> [init -> test-framebuffer] framebuffer is 800x480 at ...23...
> [init -> test-framebuffer] black
> [init -> test-framebuffer] blue
> [init -> test-framebuffer] green
> 
> The problem is that I get nothing on screen. Whit VGA I have no signal 
> on the screen, with the lvds connector I get screen signal at least. Any 
> ideas??
> 
> Sorry to be boring about that matter, and thanks.
> 
> Regards,
> Pablo.
> 
> El 22.01.2014 15:36, panton escribió:
>> Hi Stefan,
>>
>> thanks again for your help.
>>
>>> Nevertheless, if you don't want Genode to access the IPU at all, but
>>> use
>>> it from the non-secure side exclusively, that is of course possible
>>> too.
>>> In fact, it is a much easier solution to implement. Assuming input
>>> events are handled exclusively by Linux too, you can remove the
>>> corresponding drivers (input_drv, fb_drv) from Genode's configuration,
>>> and remove all of my changes to the Linux kernel regarding IPU,
>>> touchscreen, GPIO, and I2C access. Probably you just need to remove 
>>> the
>>> last four commits from the "imx53-tz" branch.
>>
>> I did some changes according with indications you gave me.
>> Unfortunately,  I can not say it was success. I am having troubles when
>> linux try to configure some GPIO directions. Should I change some
>> specific thing into Genode to allow Linux handle GPIO?
>>
>> Thanks.
>>
>> Regards,
>> Pablo.
>>
>>
>> El 17.01.2014 22:40, Stefan Kalkowski escribió:
>>> Hi Pablo,
>>>
>>> On 01/15/2014 05:50 PM, panton wrote:
>>>> Hi all,
>>>>
>>>> We continue working with Genode and Trustzone. We have created a
>>>> architecture a little more complex that the one into 
>>>> os/server/tz_vmm.
>>>> The idea is to have a secure DRM app (running on genode side) and a
>>>> player App running on Non Secure linux. At this point, we would like
>>>> to
>>>> have some video output controling by non secure linux side.
>>>>
>>>> Looking at specific modified Linux for imx53, we have realised about
>>>> several modifications into drivers/video/mxc/mxc_ipuv3_fb.c which
>>>> avoid
>>>> the access to IPU directly from linux (making a smc call that is
>>>> handled
>>>> by vmm). I am wondering if will be possible of configuring the system
>>>> to
>>>> allow mxc framebuffer working on linux without the knowledge of
>>>> Genode?
>>>>
>>>
>>> first I've to say, in our TrustZone Genode/Android scenario both 
>>> worlds
>>> secure and non-secure side can render output on the screen, but the
>>> secure, Genode side controls where/when the non-secure framebuffer is
>>> displayed. The 'smc' call from Linux to the VMM only transfers the
>>> memory address of the framebuffer, which Linux is using. The VMM uses 
>>> a
>>> special overlay mechanism of the Freescale IPU hardware via our
>>> framebuffer driver, to show Linux' framebuffer at some offset of the
>>> screen. With other words, the hardware directly copies Linux
>>> framebuffer
>>> content without additional interaction with the VMM. Moreover,
>>> Linux/Android also uses the GPU directly and exclusively for 2D and 3D
>>> optimizations. Therefore, Linux/Android's graphical performance is
>>> almost the same, running natively on the hardware, or within the
>>> non-secure environment, and without direct access to the IPU.
>>>
>>> Nevertheless, if you don't want Genode to access the IPU at all, but
>>> use
>>> it from the non-secure side exclusively, that is of course possible
>>> too.
>>> In fact, it is a much easier solution to implement. Assuming input
>>> events are handled exclusively by Linux too, you can remove the
>>> corresponding drivers (input_drv, fb_drv) from Genode's configuration,
>>> and remove all of my changes to the Linux kernel regarding IPU,
>>> touchscreen, GPIO, and I2C access. Probably you just need to remove 
>>> the
>>> last four commits from the "imx53-tz" branch.
>>>
>>> Regards
>>> Stefan
>>>
>>>> Thanks in advance,
>>>> Pablo.
>>>>
>>>>
>>>>
>>>>
>>>> El 17.12.2013 13:54, panton escribió:
>>>>> Hi Stefan,
>>>>>
>>>>> thank you again. I added a "flush_cache_all();" before the "smc #0"
>>>>> just
>>>>> to see the result and it works! Now, I am going to look for a better
>>>>> option, since I guess flushing all cache is not necessary.
>>>>>
>>>>> Regards.
>>>>> Pablo
>>>>>
>>>>> El 17.12.2013 11:24, Stefan Kalkowski escribió:
>>>>>> Hi Pablo,
>>>>>>
>>>>>> On 12/16/2013 05:06 PM, panton wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am having some unexpected behavior accessing from Genode VMM to
>>>>>>> guest
>>>>>>> VM RAM.
>>>>>>>
>>>>>>>
>>>>>>>> Assuming, you've put the corresponding memory
>>>>>>>> region's address into register r3 within your para-virtualization
>>>>>>>> code
>>>>>>>> in the guest VM. Then the following procedure will give you the
>>>>>>>> memory
>>>>>>>> region within the VMM object:
>>>>>>>>
>>>>>>>>   addr_t phys_addr = _vm->va_to_pa(_vm->state()->r3);  // Only if
>>>>>>>> r3
>>>>>>>> has a virtual address
>>>>>>>>   addr_t virt_addr = _vm->ram()->va(phys_addr);
>>>>>>>
>>>>>>>
>>>>>>> Following the indication Stefan gave me, I am able to access to
>>>>>>> linux
>>>>>>> guest's memory by passing virtual address of desired memory region
>>>>>>> into
>>>>>>> registers (_vm->state()->r3), it also could be performed by 
>>>>>>> passing
>>>>>>> physical addr instead of virtual addr and removing first
>>>>>>> instruction.
>>>>>>>
>>>>>>> Problem is when you access to calculated virtual address's content
>>>>>>> (virt_addr), it is not always correct. First time I run my example
>>>>>>> app
>>>>>>> everything works fine, but next times, I gets unexpected values. I
>>>>>>> ckeck
>>>>>>> the physical address is right and the virtual address is just:
>>>>>>>
>>>>>>>   virt_addr = _local + (phys - _base);
>>>>>>>
>>>>>>> I really don't know why that happen, the loaded memory sometime is
>>>>>>> the
>>>>>>> good one and sometimes is not. The MMU implementation used on VMM
>>>>>>> works
>>>>>>> fine, since it gives correct physical address from virtual one. 
>>>>>>> The
>>>>>>> address passes into the register is also correct. Any idea of what
>>>>>>> could
>>>>>>> be happening??? Probably, I am missing some concepts of how mmu
>>>>>>> works,
>>>>>>> but I do not understand why it just fail in some cases.
>>>>>>
>>>>>> If you observe differences between VMM and VM when accessing the
>>>>>> same
>>>>>> physical memory region, there are two possibilities. First: the
>>>>>> cache
>>>>>> of
>>>>>> the non-secure side isn't flushed, or second the secure side is
>>>>>> using
>>>>>> the non-secure side's RAM portion through the cache. As both side's
>>>>>> cache entries are handled independently of each other, the secure
>>>>>> side
>>>>>> doesn't see non-secure cache entries, and vice versa.
>>>>>>
>>>>>> On the secure side, we've enforced that the non-secure side's RAM
>>>>>> doesn't pollute the cache, by marking the corresponding page table
>>>>>> entries as being non-cacheable.
>>>>>>
>>>>>> On the VM's side, you've to ensure to either mark the corresponding
>>>>>> memory region, you want to share with the secure side, as being
>>>>>> non-cacheable memory (like it's done for I/O memory), or by
>>>>>> selectively
>>>>>> flushing that memory area within the cache, before doing a VMM 
>>>>>> call.
>>>>>>
>>>>>> Best regards
>>>>>> Stefan
>>>>>>
>>>>>>>
>>>>>>> Thanks in advanced.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Pablo Anton.
>>>>>>>
>>>>>>> El 10.12.2013 11:49, Stefan Kalkowski escribió:
>>>>>>>> Hi Pablo,
>>>>>>>>
>>>>>>>> On 12/09/2013 04:31 PM, panton wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I am a little confused about creating a share memory between a
>>>>>>>>> Non
>>>>>>>>> Secure and Secure worlds. As far as I understood, memory region
>>>>>>>>> should
>>>>>>>>> be placed in Non Secure Side (Linux in tz_vmm example), when a
>>>>>>>>> change
>>>>>>>>> of
>>>>>>>>> context is done you can send the addresses of that regions using
>>>>>>>>> cpu
>>>>>>>>> registers and looking into vm_state struct. Then, from Secure
>>>>>>>>> side
>>>>>>>>> must
>>>>>>>>> be a method to access to that region but I do not find the good
>>>>>>>>> way
>>>>>>>>> to
>>>>>>>>> configure Genode to perform that access. Is there any example of
>>>>>>>>> how
>>>>>>>>> that works?
>>>>>>>>
>>>>>>>> actually, the whole main memory used by the non-secure side is
>>>>>>>> available
>>>>>>>> in the virtual machine monitor of our small example. Before
>>>>>>>> booting,
>>>>>>>> it
>>>>>>>> is used to put the kernel image, and initramfs into it. After
>>>>>>>> that,
>>>>>>>> it
>>>>>>>> can be used to reproduce processing of the virtual machine, for
>>>>>>>> instance
>>>>>>>> you might walk the page-tables of the VM to reconstruct pointers
>>>>>>>> in
>>>>>>>> the
>>>>>>>> VM's registers etc.
>>>>>>>>
>>>>>>>> Of course, you can use the shared main memory to transfer data
>>>>>>>> between
>>>>>>>> VMM and VM too. However, you would have to either transfer the
>>>>>>>> physical
>>>>>>>> address of the corresponding memory region via the VM's 
>>>>>>>> registers,
>>>>>>>> or
>>>>>>>> implement an appropriated software MMU to translate the VM's
>>>>>>>> virtual
>>>>>>>> address in the register into a physical address that can be
>>>>>>>> located
>>>>>>>> by
>>>>>>>> the VMM. Luckily, there is already a simplified software MMU
>>>>>>>> implementation within the VMM example code
>>>>>>>> ('os/src/server/tz_vmm/include/mmu.h'). Once you've a physical
>>>>>>>> address
>>>>>>>> of the memory region laying in the main memory of the VM, you've
>>>>>>>> of
>>>>>>>> course to translate again that physical address to the position 
>>>>>>>> in
>>>>>>>> the
>>>>>>>> address space of the VMM. Assuming, you've put the corresponding
>>>>>>>> memory
>>>>>>>> region's address into register r3 within your para-virtualization
>>>>>>>> code
>>>>>>>> in the guest VM. Then the following procedure will give you the
>>>>>>>> memory
>>>>>>>> region within the VMM object:
>>>>>>>>
>>>>>>>>   addr_t phys_addr = _vm->va_to_pa(_vm->state()->r3);
>>>>>>>>   addr_t virt_addr = _vm->ram()->va(phys_addr);
>>>>>>>>
>>>>>>>> I hope this is what you're looking for.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Stefan
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Pablo Anton.
>>>>>>>>>
>>>>>>>>> El 02.12.2013 16:19, Stefan Kalkowski escribió:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> On 12/02/2013 03:48 PM, panton wrote:
>>>>>>>>>>> Hi Stefan,
>>>>>>>>>>>
>>>>>>>>>>> I know this is not a question about genode but I am having
>>>>>>>>>>> troubles
>>>>>>>>>>> compiling linux image for tz-vmm. Did you use genode
>>>>>>>>>>> toolchain??
>>>>>>>>>>> Could
>>>>>>>>>>> I
>>>>>>>>>>> ask you the config options file you used for compiling (I was
>>>>>>>>>>> not
>>>>>>>>>>> able
>>>>>>>>>>> to get it from linux image)??
>>>>>>>>>>
>>>>>>>>>> I didn't used the Genode toolchain, but the Codesourcery ARM
>>>>>>>>>> cross
>>>>>>>>>> compiler for Linux (Sourcery G++ Lite 2009q1-203). As the 
>>>>>>>>>> Genode
>>>>>>>>>> toolchain isn't used to compile a Linux system, it misses
>>>>>>>>>> certain
>>>>>>>>>> defines you need when compiling the Linux kernel.
>>>>>>>>>>
>>>>>>>>>> The adapted kernel configuration file is part of the Linux fork
>>>>>>>>>> I've
>>>>>>>>>> mentioned in my previous mail. Here is the concrete file:
>>>>>>>>>>
>>>>>>>>>> https://github.com/skalk/linux/blob/imx53-tz/arch/arm/configs/imx5_android_tz_defconfig
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Stefan
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks you in advance.
>>>>>>>>>>>
>>>>>>>>>>> Best regards.
>>>>>>>>>>> Pablo Anton.
>>>>>>>>>>>
>>>>>>>>>>> El 28.11.2013 11:07, Stefan Kalkowski escribió:
>>>>>>>>>>>> Hi Pablo,
>>>>>>>>>>>>
>>>>>>>>>>>> On 11/28/2013 10:52 AM, panton wrote:
>>>>>>>>>>>>> Hi Stefan,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thank you very much for your detailed explication. I am
>>>>>>>>>>>>> really
>>>>>>>>>>>>> lucky
>>>>>>>>>>>>> beacause it seems you are working right now on that matter
>>>>>>>>>>>>> (last
>>>>>>>>>>>>> genode/staging branch update was yesterday :)).
>>>>>>>>>>>>>
>>>>>>>>>>>>>> well, this depends. There are trustzone.cc files for
>>>>>>>>>>>>>> different
>>>>>>>>>>>>>> platforms/configurations. In general, that file only
>>>>>>>>>>>>>> contains
>>>>>>>>>>>>>> additional
>>>>>>>>>>>>>> kernel initialization routines needed. For instance,
>>>>>>>>>>>>>> configuring
>>>>>>>>>>>>>> IRQs
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>> be "secure", or "non-secure", or configure TrustZone
>>>>>>>>>>>>>> specific
>>>>>>>>>>>>>> devices
>>>>>>>>>>>>>> that can be configured in supervisor mode only.
>>>>>>>>>>>>>> For configurations where no TrustZone is supported, or used
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> file
>>>>>>>>>>>>>> contains an empty initialization indeed. I assume you've
>>>>>>>>>>>>>> found
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> file.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Now I am able to see files on
>>>>>>>>>>>>> ./base-hw/src/core/imx53/trustzone.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> To sum it up, the non-secure guest has to behave
>>>>>>>>>>>>>> cooperatively,
>>>>>>>>>>>>>> or
>>>>>>>>>>>>>> it
>>>>>>>>>>>>>> will fail. Trap-and-emulate doesn't work in general.
>>>>>>>>>>>>>> Therefore,
>>>>>>>>>>>>>> some
>>>>>>>>>>>>>> lightweight form of para-virtualization of the guest OS is
>>>>>>>>>>>>>> needed.
>>>>>>>>>>>>>
>>>>>>>>>>>>> So, I assume the linux image on
>>>>>>>>>>>>> http://genode.org/files/images/imx53_qsb/linux_trustzone.bin
>>>>>>>>>>>>> is
>>>>>>>>>>>>> not
>>>>>>>>>>>>> a
>>>>>>>>>>>>> normal linux image for imx53_loco but neither a L4Linux
>>>>>>>>>>>>> (since
>>>>>>>>>>>>> the
>>>>>>>>>>>>> example is running without Fiasco.OC). Is there any
>>>>>>>>>>>>> repository
>>>>>>>>>>>>> where
>>>>>>>>>>>>> we
>>>>>>>>>>>>> could take that linux code?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Sure, branches including the changes for Versatile Express,
>>>>>>>>>>>> and
>>>>>>>>>>>> i.MX53
>>>>>>>>>>>> QSB/Tablet can be found on Github too:
>>>>>>>>>>>>
>>>>>>>>>>>>   git at ...116...:skalk/linux.git
>>>>>>>>>>>>
>>>>>>>>>>>> The branches are titled 'vexpress-tz', and 'imx53-tz'
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> About the example I only can say "Great work".
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks, that's music to my ears.
>>>>>>>>>>>>
>>>>>>>>>>>>> I was able to run it on
>>>>>>>>>>>>> hardware. Some little details that could help people:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> After that, do a 'make run/tz_vmm' in the build directory.
>>>>>>>>>>>>>> The
>>>>>>>>>>>>>> resulting
>>>>>>>>>>>>>> image is located in 'var/run/tz_vmm/uImage'
>>>>>>>>>>>>>
>>>>>>>>>>>>> The resulting image is on elf, if you want to run it with
>>>>>>>>>>>>> uboot
>>>>>>>>>>>>> you
>>>>>>>>>>>>> should create a valid uImage using mkimage tool.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> If you add a '--target uboot' to the RUN_OPT environment
>>>>>>>>>>>> variable,
>>>>>>>>>>>> the
>>>>>>>>>>>> uImage is built automatically. Just add the following to your
>>>>>>>>>>>> 'etc/build.conf' (I've missed that in the previous mail):
>>>>>>>>>>>>
>>>>>>>>>>>>   RUN_OPT = --target uboot
>>>>>>>>>>>>
>>>>>>>>>>>>> Now, I go to play!
>>>>>>>>>>>>
>>>>>>>>>>>> Good luck, and
>>>>>>>>>>>> best regards
>>>>>>>>>>>> Stefan
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best regards
>>>>>>>>>>>>> Pablo Antón.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> El 27.11.2013 22:47, Stefan Kalkowski escribió:
>>>>>>>>>>>>>> Hi Pablo,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 11/26/2013 06:11 PM, panton wrote:
>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I want to create a virtualized system with Genode in my
>>>>>>>>>>>>>>> imx53
>>>>>>>>>>>>>>> board.
>>>>>>>>>>>>>>> At
>>>>>>>>>>>>>>> the moment, I am able to run Genode on the board with
>>>>>>>>>>>>>>> base-foc
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> also
>>>>>>>>>>>>>>> directly on hardware (base-hw). Thus, my plan was to run a
>>>>>>>>>>>>>>> linux
>>>>>>>>>>>>>>> kernel
>>>>>>>>>>>>>>> as a child node and hopefully run it into trustzone NS.
>>>>>>>>>>>>>>> Looking
>>>>>>>>>>>>>>> into
>>>>>>>>>>>>>>> Genode code I found base-hw/include/vm_session that seems
>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>> deal
>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>> virtualization. Furthermore there is a trustzone.cc into
>>>>>>>>>>>>>>> base-hw/src/core.., but without real useful code.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> well, this depends. There are trustzone.cc files for
>>>>>>>>>>>>>> different
>>>>>>>>>>>>>> platforms/configurations. In general, that file only
>>>>>>>>>>>>>> contains
>>>>>>>>>>>>>> additional
>>>>>>>>>>>>>> kernel initialization routines needed. For instance,
>>>>>>>>>>>>>> configuring
>>>>>>>>>>>>>> IRQs
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>> be "secure", or "non-secure", or configure TrustZone
>>>>>>>>>>>>>> specific
>>>>>>>>>>>>>> devices
>>>>>>>>>>>>>> that can be configured in supervisor mode only.
>>>>>>>>>>>>>> For configurations where no TrustZone is supported, or used
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> file
>>>>>>>>>>>>>> contains an empty initialization indeed. I assume you've
>>>>>>>>>>>>>> found
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> file.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I was wondering if there are implemented virtualization
>>>>>>>>>>>>>>> capabilities
>>>>>>>>>>>>>>> using trustzone or even without trustzone?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In fact, there is some kind of virtualization support using
>>>>>>>>>>>>>> TrustZone.
>>>>>>>>>>>>>> Although, TrustZone isn't designed to be a virtualization
>>>>>>>>>>>>>> solution.
>>>>>>>>>>>>>> Therefore, the "guest" needs to be aware what devices it is
>>>>>>>>>>>>>> allowed
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>> use. In contrast to the CPU (including MMU, Caches, etc.),
>>>>>>>>>>>>>> there
>>>>>>>>>>>>>> is
>>>>>>>>>>>>>> no
>>>>>>>>>>>>>> support to virtualize physical memory (including memory
>>>>>>>>>>>>>> mapped
>>>>>>>>>>>>>> I/O)
>>>>>>>>>>>>>> for
>>>>>>>>>>>>>> the non-secure "guest". That means guest physical addresses
>>>>>>>>>>>>>> are
>>>>>>>>>>>>>> in
>>>>>>>>>>>>>> fact
>>>>>>>>>>>>>> physical addresses. Dependent on the concrete platform, it
>>>>>>>>>>>>>> might
>>>>>>>>>>>>>> be
>>>>>>>>>>>>>> possible to deny non-secure access to certain physical
>>>>>>>>>>>>>> memory
>>>>>>>>>>>>>> regions,
>>>>>>>>>>>>>> like I/O memory of certain devices, and then use a
>>>>>>>>>>>>>> trap-emulate
>>>>>>>>>>>>>> approach. But in general this approach isn't guaranteed to
>>>>>>>>>>>>>> work.
>>>>>>>>>>>>>> Dependent on where the unit, which controls peripheral
>>>>>>>>>>>>>> device
>>>>>>>>>>>>>> memory
>>>>>>>>>>>>>> (if
>>>>>>>>>>>>>> existent at all), is located in the bus hierarchy of the
>>>>>>>>>>>>>> SoC,
>>>>>>>>>>>>>> it
>>>>>>>>>>>>>> might
>>>>>>>>>>>>>> provoke asynchronous external data-aborts in the CPU core,
>>>>>>>>>>>>>> instead
>>>>>>>>>>>>>> of
>>>>>>>>>>>>>> synchronous ones. Thereby, it is impossible to recover the
>>>>>>>>>>>>>> state,
>>>>>>>>>>>>>> in
>>>>>>>>>>>>>> which the protection fault was raised.
>>>>>>>>>>>>>> To sum it up, the non-secure guest has to behave
>>>>>>>>>>>>>> cooperatively,
>>>>>>>>>>>>>> or
>>>>>>>>>>>>>> it
>>>>>>>>>>>>>> will fail. Trap-and-emulate doesn't work in general.
>>>>>>>>>>>>>> Therefore,
>>>>>>>>>>>>>> some
>>>>>>>>>>>>>> lightweight form of para-virtualization of the guest OS is
>>>>>>>>>>>>>> needed.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On ARM platforms, apart from the TrustZone 
>>>>>>>>>>>>>> "virtualization",
>>>>>>>>>>>>>> Genode
>>>>>>>>>>>>>> includes support of L4Linux, a para-virtualized Linux for
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> Fiasco.OC
>>>>>>>>>>>>>> kernel. ARM's virtualization extensions aren't supported
>>>>>>>>>>>>>> yet,
>>>>>>>>>>>>>> but
>>>>>>>>>>>>>> we'll
>>>>>>>>>>>>>> investigate it certainly.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If so, it would be great to
>>>>>>>>>>>>>>> have an example of how to use it.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> A working basic example is available on Genode's current
>>>>>>>>>>>>>> staging
>>>>>>>>>>>>>> branch,
>>>>>>>>>>>>>> and will be available in Genode's upcoming release 13.11,
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> will
>>>>>>>>>>>>>> be
>>>>>>>>>>>>>> announced this week.
>>>>>>>>>>>>>> The example should work out of the box for ARM's Versatile
>>>>>>>>>>>>>> Express
>>>>>>>>>>>>>> Coretile A9x4, and Freescale's i.MX53 Quickstart board.
>>>>>>>>>>>>>> You'll
>>>>>>>>>>>>>> have
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>> create a build directory for 'hw_imx53'. After creating the
>>>>>>>>>>>>>> build
>>>>>>>>>>>>>> directory, you've to adapt the 'etc/specs.conf' file, and
>>>>>>>>>>>>>> add
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> following SPEC variable:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>   SPECS += trustzone
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> After that, do a 'make run/tz_vmm' in the build directory.
>>>>>>>>>>>>>> The
>>>>>>>>>>>>>> resulting
>>>>>>>>>>>>>> image is located in 'var/run/tz_vmm/uImage'. The example
>>>>>>>>>>>>>> scenario
>>>>>>>>>>>>>> starts
>>>>>>>>>>>>>> Genode's hw kernel, core, init, and the virtual machine
>>>>>>>>>>>>>> monitor,
>>>>>>>>>>>>>> which
>>>>>>>>>>>>>> will boot Linux with a small busybox initramfs on the
>>>>>>>>>>>>>> non-secure
>>>>>>>>>>>>>> side.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> A more sophisticated example, which runs on the i.MX53 
>>>>>>>>>>>>>> SABRE
>>>>>>>>>>>>>> tablet
>>>>>>>>>>>>>> only, can be found on this topic branch:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://github.com/skalk/genode/tree/i.MX53_tablet_demo
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> That example include virtual touchscreen support for the
>>>>>>>>>>>>>> non-secure
>>>>>>>>>>>>>> guest, so that you can interact with the secure Genode
>>>>>>>>>>>>>> system,
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> non-secure Android guest side-by-side.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks in advance for answers!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> You're welcome.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best Regards
>>>>>>>>>>>>>> Stefan
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>>>> Pablo Anton
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>>> Rapidly troubleshoot problems before they affect your
>>>>>>>>>>>>>>> business.
>>>>>>>>>>>>>>> Most
>>>>>>>>>>>>>>> IT
>>>>>>>>>>>>>>> organizations don't have a clear picture of how 
>>>>>>>>>>>>>>> application
>>>>>>>>>>>>>>> performance
>>>>>>>>>>>>>>> affects their revenue. With AppDynamics, you get 100%
>>>>>>>>>>>>>>> visibility
>>>>>>>>>>>>>>> into
>>>>>>>>>>>>>>> your
>>>>>>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Genode-main mailing list
>>>>>>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Stefan Kalkowski
>>>>>>>>>>>>>> Genode Labs
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>> Rapidly troubleshoot problems before they affect your
>>>>>>>>>>>>>> business.
>>>>>>>>>>>>>> Most
>>>>>>>>>>>>>> IT
>>>>>>>>>>>>>> organizations don't have a clear picture of how application
>>>>>>>>>>>>>> performance
>>>>>>>>>>>>>> affects their revenue. With AppDynamics, you get 100%
>>>>>>>>>>>>>> visibility
>>>>>>>>>>>>>> into
>>>>>>>>>>>>>> your
>>>>>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL
>>>>>>>>>>>>>> of
>>>>>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Genode-main mailing list
>>>>>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>>>>>
>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>> Rapidly troubleshoot problems before they affect your
>>>>>>>>>>>>> business.
>>>>>>>>>>>>> Most
>>>>>>>>>>>>> IT
>>>>>>>>>>>>> organizations don't have a clear picture of how application
>>>>>>>>>>>>> performance
>>>>>>>>>>>>> affects their revenue. With AppDynamics, you get 100%
>>>>>>>>>>>>> visibility
>>>>>>>>>>>>> into
>>>>>>>>>>>>> your
>>>>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL 
>>>>>>>>>>>>> of
>>>>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Genode-main mailing list
>>>>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Stefan Kalkowski
>>>>>>>>>>>> Genode Labs
>>>>>>>>>>>>
>>>>>>>>>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>>>>>>>>>
>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>> Rapidly troubleshoot problems before they affect your
>>>>>>>>>>>> business.
>>>>>>>>>>>> Most
>>>>>>>>>>>> IT
>>>>>>>>>>>> organizations don't have a clear picture of how application
>>>>>>>>>>>> performance
>>>>>>>>>>>> affects their revenue. With AppDynamics, you get 100%
>>>>>>>>>>>> visibility
>>>>>>>>>>>> into
>>>>>>>>>>>> your
>>>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Genode-main mailing list
>>>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> Rapidly troubleshoot problems before they affect your 
>>>>>>>>>>> business.
>>>>>>>>>>> Most
>>>>>>>>>>> IT
>>>>>>>>>>> organizations don't have a clear picture of how application
>>>>>>>>>>> performance
>>>>>>>>>>> affects their revenue. With AppDynamics, you get 100%
>>>>>>>>>>> visibility
>>>>>>>>>>> into
>>>>>>>>>>> your
>>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Genode-main mailing list
>>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Stefan Kalkowski
>>>>>>>>>> Genode Labs
>>>>>>>>>>
>>>>>>>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>> Rapidly troubleshoot problems before they affect your business.
>>>>>>>>>> Most
>>>>>>>>>> IT
>>>>>>>>>> organizations don't have a clear picture of how application
>>>>>>>>>> performance
>>>>>>>>>> affects their revenue. With AppDynamics, you get 100% 
>>>>>>>>>> visibility
>>>>>>>>>> into
>>>>>>>>>> your
>>>>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>>>>>> AppDynamics Pro!
>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Genode-main mailing list
>>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Sponsored by Intel(R) XDK
>>>>>>>>> Develop, test and display web and hybrid apps with a single code
>>>>>>>>> base.
>>>>>>>>> Download it for free now!
>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>>>>>>>>> _______________________________________________
>>>>>>>>> Genode-main mailing list
>>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stefan Kalkowski
>>>>>>>> Genode Labs
>>>>>>>>
>>>>>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Sponsored by Intel(R) XDK
>>>>>>>> Develop, test and display web and hybrid apps with a single code
>>>>>>>> base.
>>>>>>>> Download it for free now!
>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>>>>>>>> _______________________________________________
>>>>>>>> Genode-main mailing list
>>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Rapidly troubleshoot problems before they affect your business.
>>>>>>> Most
>>>>>>> IT
>>>>>>> organizations don't have a clear picture of how application
>>>>>>> performance
>>>>>>> affects their revenue. With AppDynamics, you get 100% visibility
>>>>>>> into
>>>>>>> your
>>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>>> AppDynamics Pro!
>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>>>>>>> _______________________________________________
>>>>>>> Genode-main mailing list
>>>>>>> Genode-main at lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Stefan Kalkowski
>>>>>> Genode Labs
>>>>>>
>>>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Rapidly troubleshoot problems before they affect your business. 
>>>>>> Most
>>>>>> IT
>>>>>> organizations don't have a clear picture of how application
>>>>>> performance
>>>>>> affects their revenue. With AppDynamics, you get 100% visibility
>>>>>> into
>>>>>> your
>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>> AppDynamics Pro!
>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>>>>>> _______________________________________________
>>>>>> Genode-main mailing list
>>>>>> Genode-main at lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Rapidly troubleshoot problems before they affect your business. Most
>>>>> IT
>>>>> organizations don't have a clear picture of how application
>>>>> performance
>>>>> affects their revenue. With AppDynamics, you get 100% visibility 
>>>>> into
>>>>> your
>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>> AppDynamics Pro!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>>>>> _______________________________________________
>>>>> Genode-main mailing list
>>>>> Genode-main at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>
>>>> ------------------------------------------------------------------------------
>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>>> Critical Workloads, Development Environments & Everything In Between.
>>>> Get a Quote or Start a Free Trial Today.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Genode-main mailing list
>>>> Genode-main at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>
>>>
>>> --
>>> Stefan Kalkowski
>>> Genode Labs
>>>
>>> http://www.genode-labs.com/ · http://genode.org/
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Genode-main mailing list
>>> Genode-main at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Genode-main mailing list
>> Genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
> 
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today. 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Genode-main mailing list
> Genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ · http://genode.org/




More information about the users mailing list