bare-hw trustzone on the Freescale i.MX 6 Sabre SD board

Stefan Kalkowski stefan.kalkowski at ...1...
Wed Jan 7 10:35:48 CET 2015 

Hi,

On 01/06/2015 02:24 PM, Mahdi Aichouch wrote:
> Hello,
> 
> I am trying to port the bare-hw trustzone to the Freescale i.MX 6
> quad-core Sabre SD board.
> 
> I started from the source code given in this
> repository: https://github.com/decaprox/genode
> 
> I adapted the TSC-380 driver from the versatile express version as a
> TZASC to the i.MX-6 board.
> 
> At this moment, I just configure the existing TSC-380 with the right
> base address, but I did not yet configured it to secure any memory region.
> 
> Also, I did not yet used the CSU that was implemented for the i.MX53 to
> secure any device.
> 
> I partitioned the the memory space into two parts:
> 
> 0x1000 0000 - 0x2000 0000 : as a secure memory space
> 0x2000 0000 - 0x4000 0000 : as a non secure memory space
> 
> I implemented a small kernel in order to test the implementation.

I like your approach to start with a minimal kernel so that you really
know what shall be going on. However, did you tested your small kernel
without Genode by directly loading it via u-boot?

> 
> My simple kernel is just an assembly code that call C function, that
> prints a message on
> the serial port.
> 
> I get an error after running the run/vmm test case.
> Here are the debug messages that I get
> 
> void Kernel::trustzone_initialization(Kernel::Pic*): --- IMX6 trustzone
> INIT ---
> Core memory allocator
> ---------------------
> Allocator 102d46c0 dump:
>  Block: [10000000,1000001c) size=0000001c avail=00000000 max_avail=00000000
>  Block: [1000001c,10000038) size=0000001c avail=00000000 max_avail=00000000
>  Block: [10000038,10000054) size=0000001c avail=00000000 max_avail=1fd28000
>  Block: [10000054,10000070) size=0000001c avail=00000000 max_avail=00000000
>  Block: [10000070,1000008c) size=0000001c avail=00000000 max_avail=00000000
>  Block: [1000008c,10001000) size=00000f74 avail=00000f74 max_avail=1fd28000
>  Block: [102d8000,30000000) size=1fd28000 avail=1fd28000 max_avail=1fd28000
>  => mem_size=533893120 (509 MB) / mem_avail=533892980 (509 MB)
> 
> IO memory allocator
> -------------------
> Allocator 102d4b1c dump:
>  Block: [00000000,02020000) size=02020000 avail=02020000 max_avail=02020000
>  Block: [02024000,020d0000) size=000ac000 avail=000ac000 max_avail=0df2c000
>  Block: [020d4000,10000000) size=0df2c000 avail=0df2c000 max_avail=0df2c000
>  Block: [100ec000,100f0000) size=00004000 avail=00004000 max_avail=20000000
>  Block: [20000000,40000000) size=20000000 avail=20000000 max_avail=20000000
>  => mem_size=805289984 (767 MB) / mem_avail=805289984 (767 MB)
> 
> IRQ allocator
> -------------------
> Allocator 102d53d4 dump:
>  Block: [00000000,0000003a) size=0000003a avail=0000003a max_avail=0000003a
>  Block: [0000003b,00000058) size=0000001d avail=0000001d max_avail=000003a7
>  Block: [00000059,00000400) size=000003a7 avail=000003a7 max_avail=000003a7
>  => mem_size=1022 (0 MB) / mem_avail=1022 (0 MB)
> 
> ROM filesystem
> --------------
> Rom_fs 102d5814 dump:
>  Rom: [100a5000,100a5358) linux
>  Rom: [1004f000,1007fedc) init
>  Rom: [100a7000,100a71ef) config
>  Rom: [100a6000,100a601f) initrd.gz
>  Rom: [10080000,100a409c) vmm
> 
> int main(): --- create local services ---
> int main(): --- start init ---
> int main(): transferred 508 MB to init
> int main(): --- init created, waiting for exit condition ---
> [init] Could not open file "ld.lib.so <http://ld.lib.so>"
> [init] parent provides
> [init]   service "ROM"
> [init]   service "RAM"
> [init]   service "IRQ"
> [init]   service "IO_MEM"
> [init]   service "CAP"
> [init]   service "PD"
> [init]   service "RM"
> [init]   service "CPU"
> [init]   service "LOG"
> [init]   service "SIGNAL"
> [init]   service "VM"
> [init] child "vmm"
> [init]   RAM quota:  3932160
> [init]   ELF binary: vmm
> [init]   priority:   0
> [init -> vmm] Start virtual machine
> [init -> vmm] Curious exception occurred
> [init -> vmm] Cpu state:
> [init -> vmm]   r0        = 00000000
> [init -> vmm]   r1        = 000008e0
> [init -> vmm]   r2        = 20000100
> [init -> vmm]   r3        = 00000000
> [init -> vmm]   r4        = 00000000
> [init -> vmm]   r5        = 00000000
> [init -> vmm]   r6        = 00000000
> [init -> vmm]   r7        = 00000000
> [init -> vmm]   r8        = 00000000
> [init -> vmm]   r9        = 00000000
> [init -> vmm]   r10       = 00000000
> [init -> vmm]   r11       = 00000000
> [init -> vmm]   r12       = 00000000
> [init -> vmm]   sp        = 00000000
> [init -> vmm]   lr        = 00000000
> [init -> vmm]   ip        = 20000100
> [init -> vmm]   cpsr      = 00000093
> [init -> vmm]   sp_und    = 00000000
> [init -> vmm]   lr_und    = 00000000
> [init -> vmm]   spsr_und  = 00000000
> [init -> vmm]   sp_svc    = 00000000
> [init -> vmm]   lr_svc    = 00000000
> [init -> vmm]   spsr_svc  = 00000000
> [init -> vmm]   sp_abt    = 00000000
> [init -> vmm]   lr_abt    = 00000000
> [init -> vmm]   spsr_abt  = 00000000
> [init -> vmm]   sp_irq    = 00000000
> [init -> vmm]   lr_irq    = 00000000
> [init -> vmm]   spsr_irq  = 00000000
> [init -> vmm]   sp_fiq    = 00000000
> [init -> vmm]   lr_fiq    = 00000000
> [init -> vmm]   spsr_fiq  = 00000000
> [init -> vmm]   exception = reset
> virtual void
> Genode::Signal_session_component::free_context(Genode::Signal_context_capability):
> Not implemented
> 
> Note:
> The file linux and initrd.gz showed here are not real. I named my simple
> kernel as linux, and the initrd.gz file is an empty file.
> 
> The VMM version I am using loads an elf binary kernel.
> 
> I attached the assembly file of my simple kernel. From the dump of the
> CPU state, we can see that the IP register shows the first instruction
> of the kernel, which apparently generates an exception.
> 
> Could someone tell me how to track down the source of the error and help
> me to debug it.

When looking at your disassemly I'm wondering why your kernel is linked
to 0x70000000 whereby it is loaded to 0x20000100? And is it really
loaded to 0x20000100 where the IP points to? To be able to reproduce
your results and possibly help you, it would be fine if you provide a
branch, which contains your simple kernel and a complete run-script that
shows above results.

BTW. I don't think the CSU is a problem at this stage. It comes into
play when firstly touching a peripheral (e.g.: the UART). Whereby I
don't know how it behaves in reset state on i.MX6, whether it grants or
denies access for the non-secure world by default.

Regards
Stefan

> 
> Thanks very much in advance.
> 
> Kind regards,
> Mahdi
> 
> 
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> 
> 
> 
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ ยท http://genode.org/

More information about the users mailing list