TrustZone: forcing instant switch from secure to normal world?

Martin Stein martin.stein at ...1...
Mon Aug 3 15:49:51 CEST 2015


Hi David,

Yes, you're right. I had the same problem when I received my first IRQ.
This is what Linux commit [1] is for. It calls tzic_end_sw_irq at the
end of event_interrupt in file [2]. Note that you have to call it with
the physical IRQ number (in my case defined through the Genode config
and read via SMC genode_block_irq) and not the virtual IRQ number, which
is normally used in Linux (e.g. on request_irq).

[1] 0fa1c63 .handle multiple replies and end interrupt

[2] <LINUX>/drivers/block/genode_block.c

On 28.07.2015 15:03, David Goltzsche wrote:
> Hi Martin,
> 
> based on the commits you mentioned, I implemented a minimal kernel
> module, which should receive the interrupts injected by genode.
> 
> Overall it works: My Handler gets called when I trigger a software
> interrupt in genode.
> 
> However, the handler is called endlessly for a single interrupt. I
> assume, i have to clear the interrupt somehow. I called
> tzic_end_sw_irq(..) before returning from the handler.
> 
> Here is my code: http://pastebin.com/NDBV6qYf
> 
> Any Hints?
> 
> David
> 
> On 06/29/2015 12:05 PM, Martin Stein wrote:
>> Hi David,
>>
>> On 29.06.2015 09:20, Stefan Kalkowski wrote:
>>>> So, my approach would be using software interrupts which sould be routed
>>>> to the normal world. I played around with the svc (supervisor call)
>>>> instruction, but I don't know how to route this to the secure world.
>>>
>>> Indeed, this seems to be the most promising approach triggering a
>>> software interrupt on the secure side, and handle it in the normal
>>> world. Everything that needs to be done is marking a designated SPI (ARM
>>> terminology for software-triggered IRQ) as a non-secure interrupt, and
>>> delegate that interrupt to your kernel module within the guest OS.
>>> Moreover, you will need to extend the VM session interface with the
>>> ability to trigger that designated "TrustZone interrupt", as the
>>> user-level VMM is not able to access the interrupt controller directly,
>>> which has to be done by the kernel itself.
>>
>> On my working branches [1] I've implemented IRQ injection to provide a
>> pseudo block device in a non-secure linux guest. Maybe this code gives
>> you some good hints. Especially the linux commits [2] and the Genode
>> commits [3] should be interesting. Please be aware that this code is
>> still in progress and should not be considered as final solution.
>>
>> Don't hesitate to ask if you have further questions ;)
>>
>> Cheers,
>> Martin
>>
>> [1]
>> https://github.com/m-stein/genode/tree/1497_usb_armory_demo
>> https://github.com/m-stein/linux/tree/1497_usb_armory_demo
>>
>> [2]
>> 0fa1c63 .handle multiple replies and end interrupt
>> 9ca75d0 .injected IRQ reaches the stub-block handler in linux
>>
>> [3]
>> 08a3b09 .prototype of inject_vm_irq kernel call
>> 2927f04 .Vm_session::inject_irq(unsigned irq)
>> 42865c4 .injected IRQ reaches the stub-block handler in linux
>>
>> ------------------------------------------------------------------------------
>> Monitor 25 network devices or servers for free with OpManager!
>> OpManager is web-based network management software that monitors 
>> network devices and physical & virtual servers, alerts via email & sms 
>> for fault. Monitor 25 devices for free with no restriction. Download now
>> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
>> _______________________________________________
>> genode-main mailing list
>> genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
> 




More information about the users mailing list