TrustZone: forcing instant switch from secure to normal world?

David Goltzsche goltzsche at ...290...
Fri Jun 26 15:57:42 CEST 2015


Hi Genode team & list,

in my master's thesis I built a framework, which enables
cross-world-communication between the normal and secure world. This was
based on your tz_vmm demo. If this sounds familiar: I already posted a
few questions on this list related to my thesis ;)

My framework relied on periodic world switches triggered by Genode's
scheduler (The normal world is running within a Genode thread, so the
scheduler prevents both worlds from starving). Of course, simply waiting
for world switches leads to high latencies and a low throughput.

To speed things up, we already improved the communication from normal to
secure world: The normal world instantly hands over control to the
secure world utilizing the smc instruction, when a message is available.
We extended the hypercall handler in the Vmm class to notify the
receiver via a semaphore.

Unfortunately, forcing a world switch from secure to normal world does
not seem to be that easy: Genode's monitor mode implementation cannot
handle entries from the secure world. Hence, usage of the smc
instruction is not possible.

So, my approach would be using software interrupts which sould be routed
to the normal world. I played around with the svc (supervisor call)
instruction, but I don't know how to route this to the secure world.

Any hints?

Thanks in advance
David
-- 
M.Sc. David Goltzsche
Institute of Operating Systems and Computer Networks
Distributed Systems Group
TU Braunschweig

www: https://www.ibr.cs.tu-bs.de/users/goltzsch
mail: goltzsche at ...290...




More information about the users mailing list