TrustZone: forcing instant switch from secure to normal world?

Martin Stein martin.stein at ...1...
Mon Jun 29 12:05:39 CEST 2015


Hi David,

On 29.06.2015 09:20, Stefan Kalkowski wrote:
>> So, my approach would be using software interrupts which sould be routed
>> to the normal world. I played around with the svc (supervisor call)
>> instruction, but I don't know how to route this to the secure world.
> 
> Indeed, this seems to be the most promising approach triggering a
> software interrupt on the secure side, and handle it in the normal
> world. Everything that needs to be done is marking a designated SPI (ARM
> terminology for software-triggered IRQ) as a non-secure interrupt, and
> delegate that interrupt to your kernel module within the guest OS.
> Moreover, you will need to extend the VM session interface with the
> ability to trigger that designated "TrustZone interrupt", as the
> user-level VMM is not able to access the interrupt controller directly,
> which has to be done by the kernel itself.

On my working branches [1] I've implemented IRQ injection to provide a
pseudo block device in a non-secure linux guest. Maybe this code gives
you some good hints. Especially the linux commits [2] and the Genode
commits [3] should be interesting. Please be aware that this code is
still in progress and should not be considered as final solution.

Don't hesitate to ask if you have further questions ;)

Cheers,
Martin

[1]
https://github.com/m-stein/genode/tree/1497_usb_armory_demo
https://github.com/m-stein/linux/tree/1497_usb_armory_demo

[2]
0fa1c63 .handle multiple replies and end interrupt
9ca75d0 .injected IRQ reaches the stub-block handler in linux

[3]
08a3b09 .prototype of inject_vm_irq kernel call
2927f04 .Vm_session::inject_irq(unsigned irq)
42865c4 .injected IRQ reaches the stub-block handler in linux




More information about the users mailing list