bare-hw trustzone on the Freescale i.MX 6 Sabre SD board
Mahdi Aichouch
foxmehdi at ...9...
Thu Jan 8 16:36:48 CET 2015
Hello Stefan,
Thank you very much for your answer.
I created a branch that contains an adaptation of bare-hw with trustzone to
i.MX6,
and also an adaptation of the VMM.
https://github.com/macdi/genode-barehw-imx6-tz
Could you please give it a look and tell what 's not correctly configured
in my scenario.
I tried multiple runs of the test case and the symptoms are not stable, as
we can see in the logs below.
I also attached the assembly of the simple kernel.
Do you think that is related to this issue
https://github.com/genodelabs/genode/issues/567
as Chirag has previously suggested.
Thank you in advance,
best regards
Mahdi
[init -> vmm] Start virtual machine
[init -> vmm] Vm tried to access 2000000c which isn't allowed
[init -> vmm] Cpu state:
[init -> vmm] r0 = 20000174
[init -> vmm] r1 = 000008e0
[init -> vmm] r2 = 20000100
[init -> vmm] r3 = 00000000
[init -> vmm] r4 = 00000000
[init -> vmm] r5 = 00000000
[init -> vmm] r6 = 00000000
[init -> vmm] r7 = 00000000
[init -> vmm] r8 = 00000000
[init -> vmm] r9 = 00000000
[init -> vmm] r10 = 00000000
[init -> vmm] r11 = 2000118c
[init -> vmm] r12 = 00000000
[init -> vmm] sp = 00000000
[init -> vmm] lr = 00000000
[init -> vmm] ip = 20000118
[init -> vmm] cpsr = 00000093
[init -> vmm] sp_und = 00000000
[init -> vmm] lr_und = 00000000
[init -> vmm] spsr_und = 00000000
[init -> vmm] sp_svc = 20001188
[init -> vmm] lr_svc = 2000016c
[init -> vmm] spsr_svc = 00000000
[init -> vmm] sp_abt = 00000000
[init -> vmm] lr_abt = 00000000
[init -> vmm] spsr_abt = 00000000
[init -> vmm] sp_irq = 00000000
[init -> vmm] lr_irq = 00000000
[init -> vmm] spsr_irq = 00000000
[init -> vmm] sp_fiq = 00000000
[init -> vmm] lr_fiq = 00000000
[init -> vmm] spsr_fiq = 00000000
[init -> vmm] exception = irq
[init -> vmm] Could not handle data-abort will exit!
[init -> vmm] Start virtual machine
[init -> vmm] Curious exception occurred
[init -> vmm] Cpu state:
[init -> vmm] r0 = 20000174
[init -> vmm] r1 = 000008e0
[init -> vmm] r2 = 20000100
[init -> vmm] r3 = 00000000
[init -> vmm] r4 = 00000000
[init -> vmm] r5 = 00000000
[init -> vmm] r6 = 00000000
[init -> vmm] r7 = 00000000
[init -> vmm] r8 = 00000000
[init -> vmm] r9 = 00000000
[init -> vmm] r10 = 00000000
[init -> vmm] r11 = 00000000
[init -> vmm] r12 = 00000000
[init -> vmm] sp = 00000000
[init -> vmm] lr = 00000000
[init -> vmm] ip = 20000000
[init -> vmm] cpsr = 00000093
[init -> vmm] sp_und = 00000000
[init -> vmm] lr_und = 00000000
[init -> vmm] spsr_und = 00000000
[init -> vmm] sp_svc = 00000000
[init -> vmm] lr_svc = 00000000
[init -> vmm] spsr_svc = 00000000
[init -> vmm] sp_abt = 00000000
[init -> vmm] lr_abt = 00000000
[init -> vmm] spsr_abt = 00000000
[init -> vmm] sp_irq = 00000000
[init -> vmm] lr_irq = 00000000
[init -> vmm] spsr_irq = 00000000
[init -> vmm] sp_fiq = 00000000
[init -> vmm] lr_fiq = 00000000
[init -> vmm] spsr_fiq = 00000000
[init -> vmm] exception = reset
virtual void
Genode::Signal_session_component::free_context(Genode::Signal_context_capability):
Not implemented
[init -> vmm] Start virtual machine
[init -> vmm] Vm tried to access 2000000c which isn't allowed
[init -> vmm] Cpu state:
[init -> vmm] r0 = 20000174
[init -> vmm] r1 = 000008e0
[init -> vmm] r2 = 20000100
[init -> vmm] r3 = 00000000
[init -> vmm] r4 = 00000000
[init -> vmm] r5 = 00000000
[init -> vmm] r6 = 00000000
[init -> vmm] r7 = 00000000
[init -> vmm] r8 = 00000000
[init -> vmm] r9 = 00000000
[init -> vmm] r10 = 00000000
[init -> vmm] r11 = 00000000
[init -> vmm] r12 = 00000000
[init -> vmm] sp = 00000000
[init -> vmm] lr = 00000000
[init -> vmm] ip = 20000000
[init -> vmm] cpsr = 00000093
[init -> vmm] sp_und = 00000000
[init -> vmm] lr_und = 00000000
[init -> vmm] spsr_und = 00000000
[init -> vmm] sp_svc = 20001188
[init -> vmm] lr_svc = 2000016c
[init -> vmm] spsr_svc = 00000000
[init -> vmm] sp_abt = 00000000
[init -> vmm] lr_abt = 00000000
[init -> vmm] spsr_abt = 00000000
[init -> vmm] sp_irq = 00000000
[init -> vmm] lr_irq = 00000000
[init -> vmm] spsr_irq = 00000000
[init -> vmm] sp_fiq = 00000000
[init -> vmm] lr_fiq = 00000000
[init -> vmm] spsr_fiq = 00000000
[init -> vmm] exception = irq
[init -> vmm] Could not handle data-abort will exit!
On Thu, Jan 8, 2015 at 11:47 AM, Stefan Kalkowski <
stefan.kalkowski at ...1...> wrote:
> Hi,
>
> On 01/07/2015 03:54 PM, Mahdi Aichouch wrote:
> > Hello,
> >
> > First, thank you very much Chirag and Stefan for your answers.
> >
> > I tried to debug my simple kernel on the i.MX6 through the DS5 JTAG
> > debugger.
> > Prior to running the kernel using the debugger, the imx6 board is
> > configured to run u-boot from an SD
> > card and after the initialization u-boot holds and waits to execute the
> > kernel code.
> >
> > As we can see in the debug messages below, I was able to do a step by
> > step walk through
> > the source code from the assembler to the C code.
> > It seems that it is working...
> >
> > Also I tested this kernel on the Qemu Realview Baseboard Platform
> > explorer for cortex-a9 and it worked.
> >
> > I also created a repository in which I added the sources of the simple
> > kernel.
> > https://github.com/macdi/simple-arm-kernel
> >
> > />a complete run-script that shows above results./
> > /
> > /
> > In my test case I used the command $>make run/vmm to run the bare-hw and
> > vmm.
> > I attached the generated file boot_modules.s. Is this the run script you
> > request or another one?
> > Could you please tell where to look for it?
> >
>
> Ok, I see, thanks for providing the source of your simple kernel.
>
> With a complete run-script I meant a script that builds everything
> needed to execute your failing scenario. You already used such a script
> under the hood when doing "make run/vmm". Whenever you trigger "make
> run/XXX" the build system of Genode searches for a XXX.run script in the
> "repos/*/run/" directories of the enabled repositories.
> A run-script is a small TCL script that is used by Genode's "run" tool.
> It defines what needs to be build, it defines the configuration of the
> system, and everything else that needs to be done to prepare e.g. a
> system image that can be loaded via u-boot. It very much simplifies
> communication between us developers, because if I've a problem I want
> another developer to look at, I use a run-script that exactly reproduces
> the issue and the other developer just needs to execute the script to
> look at. For more information about the run tool, please have a look at:
>
>
>
> http://genode.org/documentation/developer-resources/build_system#Automated_integration_and_testing
>
> Given your above explanations I assume you are using some vmm.run script
> you are not aware of. But the current Genode repository doesn't has a
> vmm.run script, only a tz_vmm.run script. So I assume you need some
> older Genode sources as base.
>
> The even more interesting part for me is not only the run script, but
> all modifications you did to the VMM as well as the base platform to
> enable your scenario on i.MX6. Therefore I've asked for the branch you
> are using to compile your scenario. As a precaution, I reminded you to
> include the run-script you are using into that branch.
>
> > />When looking at your disassemly I'm wondering why your kernel is linked
> >>to 0x70000000 whereby it is loaded to 0x20000100?
> > /
> > /
> > /
> > Could you please tell me how did you figure out that it is linked to the
> > address 0x70000000?
>
> I just looked at the disassembly output you attached to your first mail.
> There the addresses are starting at 0x70000000 in contrast to the
> sources you provided in your last mail.
>
> > /
> > /
> > />And is it really loaded to 0x20000100 where the IP points to?//
> > /
> > /
> > /
> > Is it possible to tell me how to verify that it is loaded to the
> > address 0x20000100?
>
> You have to look and respectively instrument the code of the virtual
> machine monitor (VMM), which normally is defined at
> "os/src/server/tz_vmm" (probably "os/src/server/vmm" in your older branch).
> All parameters like: the position of the normal world's RAM used by the
> guest OS is hardcoded within the VMM. So you need to adapt the VMM
> according to the needs of your scenario.
>
> I hope that helps a bit.
>
> Regards
> Stefan
>
> >
> > Thanks very much in advance.
> >
> > Best regards,
> >
> > Mahdi
> >
> > Loaded section .text: S:0x20000100 ~ S:0x2000026F (size 0x170)
> > Loaded section .rodata: S:0x20000270 ~ S:0x2000028F (size 0x20)
> > Entry point S:0x20000100
> > cd "/home/aichouch/DS-5-Workspace-examples"
> > Working directory "/home/aichouch/DS-5-Workspace-examples"
> > directory "/home/aichouch/dev/bare_metal_arm"
> > Source directories searched:
> > /home/aichouch/dev/bare_metal_arm:$cdir:$cwd:$idir
> > set debug-from main
> > start
> > Starting target with image
> > /home/aichouch/dev/bare_metal/simple-arm-kernel/kernel.elf
> > Running from entry point
> > WARNING(CMD399-COR168):
> > ! Failed to start the target
> > ! No function named "main" could be found
> > WARNING(CMD407): Trying the entry point instead
> > wait
> > Execution stopped at: S:0x20000100
> > In kernel.elf (no debug info)
> > S:0x20000100 LDR sp,[pc,#4] ; [0x2000010C] = 0x20001290
> > wait
> > next
> > Execution stopped at: S:0x20000104
> > S:0x20000104 BL _init ; 0x20000258
> > wait
> > step
> > Execution stopped at: S:0x20000258
> > In kernel.c
> > S:0x20000258 16,0 {
> > wait
> > next
> > Execution stopped at: S:0x20000260
> > S:0x20000260 17,0 print_uart0("bare metal: Hello world!\n");
> > wait
> > next
> > Execution stopped at: S:0x2000026C
> > S:0x2000026C 19,0 while(1);
> > wait
> > next
> > Execution stopped at: S:0x2000026C
> > S:0x2000026C 19,0 while(1);
> > wait
> > next
> > Execution stopped at: S:0x2000026C
> > S:0x2000026C 19,0 while(1);
> > wait
> > continue
> > interrupt
> > Execution stopped at: S:0x2000026C
> > S:0x2000026C 19,0 while(1);
> > wait
> > continue
> > interrupt
> > Execution stopped at: S:0x2000026C
> > S:0x2000026C 19,0 while(1);
> >
> >
> > On Wed, Jan 7, 2015 at 10:35 AM, Stefan Kalkowski
> > <stefan.kalkowski at ...1...
> > <mailto:stefan.kalkowski at ...1...>> wrote:
> >
> > Hi,
> >
> > On 01/06/2015 02:24 PM, Mahdi Aichouch wrote:
> > > Hello,
> > >
> > > I am trying to port the bare-hw trustzone to the Freescale i.MX 6
> > > quad-core Sabre SD board.
> > >
> > > I started from the source code given in this
> > > repository: https://github.com/decaprox/genode
> > >
> > > I adapted the TSC-380 driver from the versatile express version as
> a
> > > TZASC to the i.MX-6 board.
> > >
> > > At this moment, I just configure the existing TSC-380 with the
> right
> > > base address, but I did not yet configured it to secure any memory
> region.
> > >
> > > Also, I did not yet used the CSU that was implemented for the
> i.MX53 to
> > > secure any device.
> > >
> > > I partitioned the the memory space into two parts:
> > >
> > > 0x1000 0000 - 0x2000 0000 : as a secure memory space
> > > 0x2000 0000 - 0x4000 0000 : as a non secure memory space
> > >
> > > I implemented a small kernel in order to test the implementation.
> >
> > I like your approach to start with a minimal kernel so that you
> really
> > know what shall be going on. However, did you tested your small
> kernel
> > without Genode by directly loading it via u-boot?
> >
> > >
> > > My simple kernel is just an assembly code that call C function,
> that
> > > prints a message on
> > > the serial port.
> > >
> > > I get an error after running the run/vmm test case.
> > > Here are the debug messages that I get
> > >
> > > void Kernel::trustzone_initialization(Kernel::Pic*): --- IMX6
> > trustzone
> > > INIT ---
> > > Core memory allocator
> > > ---------------------
> > > Allocator 102d46c0 dump:
> > > Block: [10000000,1000001c) size=0000001c avail=00000000
> > max_avail=00000000
> > > Block: [1000001c,10000038) size=0000001c avail=00000000
> > max_avail=00000000
> > > Block: [10000038,10000054) size=0000001c avail=00000000
> > max_avail=1fd28000
> > > Block: [10000054,10000070) size=0000001c avail=00000000
> > max_avail=00000000
> > > Block: [10000070,1000008c) size=0000001c avail=00000000
> > max_avail=00000000
> > > Block: [1000008c,10001000) size=00000f74 avail=00000f74
> > max_avail=1fd28000
> > > Block: [102d8000,30000000) size=1fd28000 avail=1fd28000
> > max_avail=1fd28000
> > > => mem_size=533893120 (509 MB) / mem_avail=533892980 (509 MB)
> > >
> > > IO memory allocator
> > > -------------------
> > > Allocator 102d4b1c dump:
> > > Block: [00000000,02020000) size=02020000 avail=02020000
> > max_avail=02020000
> > > Block: [02024000,020d0000) size=000ac000 avail=000ac000
> > max_avail=0df2c000
> > > Block: [020d4000,10000000) size=0df2c000 avail=0df2c000
> > max_avail=0df2c000
> > > Block: [100ec000,100f0000) size=00004000 avail=00004000
> > max_avail=20000000
> > > Block: [20000000,40000000) size=20000000 avail=20000000
> > max_avail=20000000
> > > => mem_size=805289984 (767 MB) / mem_avail=805289984 (767 MB)
> > >
> > > IRQ allocator
> > > -------------------
> > > Allocator 102d53d4 dump:
> > > Block: [00000000,0000003a) size=0000003a avail=0000003a
> > max_avail=0000003a
> > > Block: [0000003b,00000058) size=0000001d avail=0000001d
> > max_avail=000003a7
> > > Block: [00000059,00000400) size=000003a7 avail=000003a7
> > max_avail=000003a7
> > > => mem_size=1022 (0 MB) / mem_avail=1022 (0 MB)
> > >
> > > ROM filesystem
> > > --------------
> > > Rom_fs 102d5814 dump:
> > > Rom: [100a5000,100a5358) linux
> > > Rom: [1004f000,1007fedc) init
> > > Rom: [100a7000,100a71ef) config
> > > Rom: [100a6000,100a601f) initrd.gz
> > > Rom: [10080000,100a409c) vmm
> > >
> > > int main(): --- create local services ---
> > > int main(): --- start init ---
> > > int main(): transferred 508 MB to init
> > > int main(): --- init created, waiting for exit condition ---
> > > [init] Could not open file "ld.lib.so <http://ld.lib.so>
> > <http://ld.lib.so>"
> > > [init] parent provides
> > > [init] service "ROM"
> > > [init] service "RAM"
> > > [init] service "IRQ"
> > > [init] service "IO_MEM"
> > > [init] service "CAP"
> > > [init] service "PD"
> > > [init] service "RM"
> > > [init] service "CPU"
> > > [init] service "LOG"
> > > [init] service "SIGNAL"
> > > [init] service "VM"
> > > [init] child "vmm"
> > > [init] RAM quota: 3932160
> > > [init] ELF binary: vmm
> > > [init] priority: 0
> > > [init -> vmm] Start virtual machine
> > > [init -> vmm] Curious exception occurred
> > > [init -> vmm] Cpu state:
> > > [init -> vmm] r0 = 00000000
> > > [init -> vmm] r1 = 000008e0
> > > [init -> vmm] r2 = 20000100
> > > [init -> vmm] r3 = 00000000
> > > [init -> vmm] r4 = 00000000
> > > [init -> vmm] r5 = 00000000
> > > [init -> vmm] r6 = 00000000
> > > [init -> vmm] r7 = 00000000
> > > [init -> vmm] r8 = 00000000
> > > [init -> vmm] r9 = 00000000
> > > [init -> vmm] r10 = 00000000
> > > [init -> vmm] r11 = 00000000
> > > [init -> vmm] r12 = 00000000
> > > [init -> vmm] sp = 00000000
> > > [init -> vmm] lr = 00000000
> > > [init -> vmm] ip = 20000100
> > > [init -> vmm] cpsr = 00000093
> > > [init -> vmm] sp_und = 00000000
> > > [init -> vmm] lr_und = 00000000
> > > [init -> vmm] spsr_und = 00000000
> > > [init -> vmm] sp_svc = 00000000
> > > [init -> vmm] lr_svc = 00000000
> > > [init -> vmm] spsr_svc = 00000000
> > > [init -> vmm] sp_abt = 00000000
> > > [init -> vmm] lr_abt = 00000000
> > > [init -> vmm] spsr_abt = 00000000
> > > [init -> vmm] sp_irq = 00000000
> > > [init -> vmm] lr_irq = 00000000
> > > [init -> vmm] spsr_irq = 00000000
> > > [init -> vmm] sp_fiq = 00000000
> > > [init -> vmm] lr_fiq = 00000000
> > > [init -> vmm] spsr_fiq = 00000000
> > > [init -> vmm] exception = reset
> > > virtual void
> > >
> >
> Genode::Signal_session_component::free_context(Genode::Signal_context_capability):
> > > Not implemented
> > >
> > > Note:
> > > The file linux and initrd.gz showed here are not real. I named my
> > simple
> > > kernel as linux, and the initrd.gz file is an empty file.
> > >
> > > The VMM version I am using loads an elf binary kernel.
> > >
> > > I attached the assembly file of my simple kernel. From the dump of
> the
> > > CPU state, we can see that the IP register shows the first
> instruction
> > > of the kernel, which apparently generates an exception.
> > >
> > > Could someone tell me how to track down the source of the error
> > and help
> > > me to debug it.
> >
> > When looking at your disassemly I'm wondering why your kernel is
> linked
> > to 0x70000000 whereby it is loaded to 0x20000100? And is it really
> > loaded to 0x20000100 where the IP points to? To be able to reproduce
> > your results and possibly help you, it would be fine if you provide a
> > branch, which contains your simple kernel and a complete run-script
> that
> > shows above results.
> >
> > BTW. I don't think the CSU is a problem at this stage. It comes into
> > play when firstly touching a peripheral (e.g.: the UART). Whereby I
> > don't know how it behaves in reset state on i.MX6, whether it grants
> or
> > denies access for the non-secure world by default.
> >
> > Regards
> > Stefan
> >
> > >
> > > Thanks very much in advance.
> > >
> > > Kind regards,
> > > Mahdi
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------------
> > > Dive into the World of Parallel Programming! The Go Parallel
> Website,
> > > sponsored by Intel and developed in partnership with Slashdot
> Media, is your
> > > hub for all things parallel software development, from weekly
> thought
> > > leadership blogs to news, videos, case studies, tutorials and
> more. Take a
> > > look and join the conversation now.
> http://goparallel.sourceforge.net
> > >
> > >
> > >
> > > _______________________________________________
> > > genode-main mailing list
> > > genode-main at lists.sourceforge.net
> > <mailto:genode-main at lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/genode-main
> > >
> >
> > --
> > Stefan Kalkowski
> > Genode Labs
> >
> > http://www.genode-labs.com/ · http://genode.org/
> >
> >
> ------------------------------------------------------------------------------
> > Dive into the World of Parallel Programming! The Go Parallel Website,
> > sponsored by Intel and developed in partnership with Slashdot Media,
> > is your
> > hub for all things parallel software development, from weekly thought
> > leadership blogs to news, videos, case studies, tutorials and more.
> > Take a
> > look and join the conversation now.
> http://goparallel.sourceforge.net
> > _______________________________________________
> > genode-main mailing list
> > genode-main at lists.sourceforge.net
> > <mailto:genode-main at lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/genode-main
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Dive into the World of Parallel Programming! The Go Parallel Website,
> > sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> > hub for all things parallel software development, from weekly thought
> > leadership blogs to news, videos, case studies, tutorials and more. Take
> a
> > look and join the conversation now. http://goparallel.sourceforge.net
> >
> >
> >
> > _______________________________________________
> > genode-main mailing list
> > genode-main at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/genode-main
> >
>
> --
> Stefan Kalkowski
> Genode Labs
>
> http://www.genode-labs.com/ · http://genode.org/
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20150108/f9badc6a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kernel.asm
Type: application/octet-stream
Size: 5179 bytes
Desc: not available
URL: <http://lists.genode.org/pipermail/users/attachments/20150108/f9badc6a/attachment.obj>
More information about the users
mailing list