synchronization between normal and secure world

Norman Feske norman.feske at ...1...
Sun May 10 19:32:57 CEST 2015

Hi Stefan,

> Thanks for your answer. While in short term we are actually working with
> imx53 which is a single core your assumption holds of course. Still I am
> worried about the impact of IQs and FIQs that might disturb us while
> consuming or writing data in both (secure and normal) worlds. In long
> term we would like to even move on to a multi core plattform.
> So as far as I see it, I think in our case it is unfortunately not that
> easy. We can not just assume implicit synchronisation through TrustZone
> being either in secure or normal world at a time, but interrupts (and
> later the multi core arch) will make our life harder. Please correct me
> if I am wrong here (would be happy to be wrong, to be honest).

I don't think that interrupts are a concern here. As long as the tz_vmm
is active with processing an SMC, normal-world interrupts are masked.
The normal world will receive its next interrupt not before tz_vmm has
finished its work.

On a multi-processor system, each CPU can be in the normal or secure
world independently. Hence, it would be sensible to use a dedicated
tz_vmm handler with a separate shared memory buffer for each CPU.
Alternatively, the normal-world OS may synchronize SMC calls similar to
how it usually synchronizes the access to a peripheral device. Neither
of both designs would require mutex-based synchronization between the
secure and normal world.

Could I clear up your doubts a bit? ;-)

Best regards

Dr.-Ing. Norman Feske
Genode Labs ·

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list