synchronization between normal and secure world
Norman Feske
norman.feske at ...1...
Wed May 6 10:26:26 CEST 2015
Hi Stefan,
> It would be more suitable for my app to not do the critical action in
> normal world, but ask the secure world to do it. Then it would be
> synchronized as well, but only one world switch back and forth necessary.
>
> I think I have to bite the apple and implement what you mention, a mutex
> in a shared memory section. Do you have any further input for me
> according to this? Especially about the "mapped uncached" property?
I hope you don't mind me chiming in. I doubt that mutex-based
synchronization of a shared buffer between both worlds is the best way
forward. Instead, I would investigate a protocol similar to Genode's
synchronous bulk transfer approach as described in Section 3.6.5 of the
upcoming manual [1].
In short, while the normal world is active, it can freely access the
memory without the need for synchronization. To hand over the data to
the secure world, the normal world performs a secure method call (smc)
to the secure world. While the secure world is active, the normal world
cannot (by definition [2]) be active. So the secure world can safely
consume the data (e.g., by copying out the data from the shared buffer
to a private buffer). Once the secure world is finished, the smc call
returns, which implicitly hands back the "ownership" of the shared
buffer to the normal world. Would that approach possibly work for you?
Cheers
Norman
[1]
http://genode.org/files/53bcb8e33fe6602fed25edc3c7b922c5/manual-2015-04-27.pdf
[2] On the multi-processor system, this may not be true. Here, the
normal world would need to perform the synchronization of smc calls.
But this synchronization does not involve the secure world.
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list