trustzone and application

Stefan Kalkowski stefan.kalkowski at ...1...
Mon Sep 29 09:09:59 CEST 2014


Hi Abhay,

I assume you intended to mail to the developer list, therefore I respond
there.

On 09/29/2014 04:57 AM, Abhay Amala wrote:
> Hi Stefan,
> 
> Thank you very much for your reply
> 
> I am new to kernel programing. I am wondering if you could clarify the
> implementation of the helper code for 'smc' instruction. is it similar to
> kernel module?
> 
> I understand that I can only use registers to transfer arguments during
> trap handling. am i right?  

No, as said you can use the registers, _or_ uncached memory.

> How can arguments using the general purpose
> registers transferred from the smc instruction and handled in the VMM
code?

The VMM has a dedicated dataspace (piece of memory) that contains the
register set of the TrustZone world. It can be used to bootstrap the VM,
handle traps, or inject interrupts.

> 
> Is there any similar work on this scenario? so that I can further refer it.

Yes, there is. The most interesting reference for you shall be:

  http://genode.org/documentation/articles/trustzone

including references to a sophisticated example, including the Linux
kernel code.

Moreover, there are a lot of threads in the archive of this mailing
list, which dealt with the topic of TrustZone, tz_vmm, and the i.MX53
platform.

Regards
Stefan

> 
> 
> Thank you in advance for time and consideration
> 
> Best regards,
> Abhay
> 
> 
> On Fri, Sep 26, 2014 at 8:31 AM, Stefan Kalkowski <
> stefan.kalkowski at ...1...> wrote:
> 
>> Hi Abhay,
>>
>> On 09/26/2014 04:12 AM, Abhay Amala wrote:
>>> Hi
>>>
>>> I use the tz_vmm  example and can run Genode in the secure world and
>> Linux
>>> in the normal world on i.mx53 qsb in parallel. And i can also run an
>>> application in the secure side (on top of Genode) using the tz_vmm
>>> script.
>>>
>>> I want to run a program in the normal world(Linux) and the program should
>>> get access to a service or data from an application running in secure
>> world
>>> (Genode).
>>> How can applications in different worlds interact among themselves? thank
>>> you in advance
>>
>> You can use the 'smc' instruction to exit the "normal" world, and trap
>> to the secure world. This is a privileged instruction, and cannot be
>> used in user mode. So you need to place some helper code in the Linux
>> kernel.
>> The base-hw kernel in Genode will forward the trap to the VMM
>> application. You can use all general purpose registers to transfer
>> arguments, or if this isn't enough, place it in a portion of _uncached_
>> memory. The cache lines are tagged as non-secure or secure, so when
>> using cached memory o either side you won't feel happy. In general, it
>> is possible to translate from virtual memory on the secure side to
>> physical memory on the non-secure one. However, Genode doesn't provide
>> that feature currently.
>> To answer the hypercall, the VMM places the answer within the registers,
>> or memory, and resumes its execution.
>>
>> When you want to signal something the other way asound, from the
>> "secure" world to the guest VM, you can emulate an interrupt by
>> modifying the register set of the VM within the VMM accordingly.
>> For doing so, please consult the ARM v7A reference manual B1.8 about the
>> exception handling.
>>
>> Best Regards
>> Stefan
>>
>>>
>>> regards,
>>> Abhay
>>>
>>>
>>>
>>>
>> ------------------------------------------------------------------------------
>>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>>>
>>>
>>>
>>> _______________________________________________
>>> genode-main mailing list
>>> genode-main at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>
>>
>> --
>> Stefan Kalkowski
>> Genode Labs
>>
>> http://www.genode-labs.com/ · http://genode.org/
>>
>>
>> ------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> genode-main mailing list
>> genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ · http://genode.org/




More information about the users mailing list