ARM TrustZone Shared Memory Crossworld

Jaemin Park jmpark81 at ...9...
Thu Dec 10 06:25:11 CET 2015


I'm not sure whether my comments can help you or not.

I also asked a similar question to the community.
The related articles are as follows:

I modified my source code referring to the above link.

Based on the answers from the community, I used the "dma_alloc_coherent()"
as follows in the device driver in the Normal World:

/* variables for buffer */
static dma_addr_t genblk_buf_phys;
static void *     genblk_buf

*genblk_buf* = dma_alloc_coherent(NULL, 1024, *&genblk_buf_phys*,

/* send smc instruction to initialize buffer */
 smc_blk(instruction_id, *genblk_buf_phys*, 1024);

In the Secure World, tz_vmm was modified to handle this as follows:

/* variables for buffer */
void *          _buf;
Genode::size_t  _buf_size;
addr_t          buf_base;
addr_t          buf_top, ram_top, buf_off;
Ram *           ram;
bool            buf_err;

buf_base = (addr_t)_vm->state()->r1;
_buf_size = (Genode::size_t)_vm->state()->r2;
buf_top  = buf_base + _buf_size;
ram      = _vm->ram();
 ram_top  = ram->base() + ram->size();

buf_err  = buf_top  <= buf_base;
buf_err |= buf_base <  ram->base();
buf_err |= buf_top  >= ram_top;
if (buf_err) {
     PERR("blk: illegal buffer constraints");
buf_off = buf_base - ram->base();
*_buf* = (void *)(ram->local() + buf_off);

After this, *_buf* is used to refer the shared buffer in the Secure World,
and *genblk_buf* is used in the Normal World.

I hope my humble comments can help you.

Jaemin Park.

On Thu, Dec 10, 2015 at 1:15 AM, Stefan Brenner <brenner at ...290...>

> Hi,
> currently we're working with the TrustZone VMM example from Genode based
> on Genode 15.05 on i.MX53 QSB.
> We have a shared buffer in normal world, which we want to use for
> cross-world communication.
> Currently the buffer is allocated using mmap MAP_SHARED | MAP_ANON.
> We're having strange issues/problems/inconsistencies when accessing the
> memory range in Genode (secure world) after normal world has written to it.
> We read that uncached memory should be used for this, or the cache lines
> have to be flushed/invalidated. However, apparently we can't get either
> of these options working.
> So our questions as follows:
> -1, 0) to allocate the buffer in normal world (Linux). Is there a better
> way to allocate uncached memory?
> 2) We've tried __cpuc_flush_user_all(), __cpuc_flush_kern_all() in order
> to invalidate all cache lines (later maybe only the affected cache lines
> once this works in general). Is this correct, to do this in normal world
> (i.e. Linux)?
> 3) At the moment we assume that Genode doesn't have to invalidate/flush
> its cache lines because as it is the VMM it should be aware of the fact
> that the cache might be stale.
> Any help is appreciated. A short hint: Currently our idea is to send an
> hypercall to the Genode VMM after Linux has written to the buffer, so
> Genode will pretty quickly access the memory after it has been written
> to from Linux.
> Best regards, Stefan.
> --
> M.Sc. Stefan Brenner
> Institute of Operating Systems and Computer Networks
> Distributed Systems Group
> TU Braunschweig
> www:
> mail: brenner at ...290...
> ------------------------------------------------------------------------------
> _______________________________________________
> genode-main mailing list
> genode-main at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list