tz_vmm run script

Stefan Kalkowski stefan.kalkowski at ...1...
Thu Feb 25 10:25:16 CET 2016


Hi John,

On 02/25/2016 12:58 AM, John David wrote:
> Hi Stefan,
> 
> thank you so much for your response.
> 
> On Mon, Feb 22, 2016 at 11:18 AM, Stefan Kalkowski <
> stefan.kalkowski at ...1...> wrote:
> 
>> Hi John,
>>
>> sorry for my late response, I was in holidays.
>>
>> On 02/13/2016 12:54 AM, John David wrote:
>>> Hi Stefan,
>>>
>>> Thanks a lot.
>>>
>>> I have tried to configure and run the tz_vmm example according to your
>>> explanation, but only the Linux penguin is displayed on left corner of
>> the
>>> LVDS display kit and then it hangs.
>>
>> Ok, that means Linux succeeds in using the LVDS display. When you write:
>> "it hangs" do you get any message from the Genode side, e.g. a VM
>> exception dump?
> 
> 
> no VM exception dump if i disable the serial port (CONFIG_SERIAL_MXC and
> CONFIG_SERIAL_MXC_CONSOLE) in the Linux configuration file. FYI, i use
> imx53_android_deconfig in /arch/arm/configs for building the Linux kernel.
> 
> 
> 
>> Otherwise you need to inspect the Linux kernel messages,
>> did you enabled earlyprintk, and removed the serial console redirection
>> of the kernel messages within the kernel commandline parameters?
>>
> 
> I changed the kernel commandline parameters  to *"video=mxcdi0fb:RGB666,XGA
> earlyprintk di0_primary ldb=di0*" and also enable early_printk
> (CONFIG_EARLY_PRINTK=y ), but it still displays the Linux penguin logo on
> top left conner of the LVDS display, and hangs. Do i still miss something?
> Would you please let me know?  However, If i set the UART device as
> UNSECURED and enable the the serial port in the configuration file, the
> Linux boots properly without an error and i get a shell in the serial
> console.
> 

I wonder that you do not see any kernel messages when not redirecting
the kernel console to serial line. However, potentially your Linux setup
boots successfully, but there the only TTY that is started refers to the
serial console. At least if you use the unmodified initramfs archive of
our i.MX53 TrustZone example setup this would be the case.
So you have to unpack the initramfs, patch the init's configuration so
that it will start a (login) shell on tty1.

If that does not help, you need to find out why the kernel does not show
anything (kernel messages) on screen by setting up the same scenario
without Genode with an unmodified Linux kernel and thereby tweaking the
kernel/initramfs until you see the kernel messages on screen.

> 
>>
>> regards stefan
>>
> 
> BTW, is it possible to run the guest OS unmodified in the normal world
> while Genode in the secure world using this 'tz_vmm' run example? i have a
> prebuilt Android/Linux uImage for imx53 QSB from the www.freeescale.com. Is
> it possible to run this uImage if i put it manually in place of Linux
> uImage in Genode build directory? if not, how do i modify if i get the
> source code?  Do you have any other experiment for ARM TrustZone on imx53
> QSB?

No it is not possible to run an unmodified kernel in the normal world.
TrustZone is _no_ virtualization technology. The "guest" kernel always
needs to be aware what resources it is able to access and which not. It
is hard, or in general impossible to virtualize via trap-and-emulate.
Please, have a look at our TrustZone article for further details,
including our Android scenario:

  http://genode.org/documentation/articles/trustzone

Currently, we do not have any out-of-the-box example scenarios for the
i.MX53 QSB, which make use of TrustZone. Other examples are using either
the i.MX53 SABRE Tablet, or the USB armory. For the latest, please have
a look at the development story and presentation of Martin Stein:

  http://genode.org/documentation/articles/usb_armory

http://mirrors.dotsrc.org/fosdem/2016/k4601/genodes-trustzone-demo-on-the-usb-armory.mp4

Regards
Stefan
> 
> Thanks!
> 
> 
>>> As you mentioned, I removed the last
>>> four patches from this branch (
>>> https://github.com/skalk/linux/commits/imx53-tz) and re-compiled the
>> Linux
>>> kernel. I also changed the kernel cmdline argument value in
>>> genode/os/src/server/tz_vmm/imx53/main.cc file to
>> *console=ttymxc0,115200
>>> gpu_nommu video=mxcdi0fb:RGB666,XGA di0_primary ldb=di0*. I wonder if you
>>> could tell me what is missing?
>>>
>>> Thanks!
>>>
>>>
>>>
>>> On Wed, Feb 10, 2016 at 2:52 PM, Stefan Kalkowski <
>>> stefan.kalkowski at ...1...> wrote:
>>>
>>>> Hi John,
>>>>
>>>> On 02/03/2016 10:51 PM, John David wrote:
>>>>> Hi all,
>>>>>
>>>>> I am running  tz_vmm run script on i.mx53qsb. I have LVDS display kit
>>>>> attached to the board. I want the Linux (non secure world) to be
>>>> displayed
>>>>> on the LVDS while the Genode uses the serial console. I wonder if you
>>>> could
>>>>> tell me how can i do this.
>>>>>
>>>>
>>>> You have to adjust the partitioning of the devices btween secure world
>>>> (Genode) and non-secure world (Linux). This is primarily done via the
>>>> CSU (Central Security Unit) of this Freescale SoC. You can find the
>>>> relevant configuration hardcoded within:
>>>>
>>>>   repos/base-hw/src/core/include/spec/imx53/trustzone/csu.h
>>>>
>>>> just reset mostly all devices except the UART to belong to the
>>>> non-secure world, and set the DMA channel of the GPU (line 222) to be
>>>> unsecure. Remove the relevant patches of the Linux guest OS from this
>>>> branch (I think the last 4 commits):
>>>>
>>>>   https://github.com/skalk/linux/commits/imx53-tz
>>>>
>>>> and then re-build the Linux kernel and Genode scenario.
>>>>
>>>> Regards
>>>> Stefan
>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> genode-main mailing list
>>>>> genode-main at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>>
>>>>
>>>> --
>>>> Stefan Kalkowski
>>>> Genode Labs
>>>>
>>>> http://www.genode-labs.com/ · http://genode.org/
>>>>
>>>>
>>>>
>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>>>> _______________________________________________
>>>> genode-main mailing list
>>>> genode-main at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>>
>>>
>>>
>>>
>>>
>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>>>
>>>
>>>
>>> _______________________________________________
>>> genode-main mailing list
>>> genode-main at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>>
>>
>> --
>> Stefan Kalkowski
>> Genode Labs
>>
>> http://www.genode-labs.com/ · http://genode.org/
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>> _______________________________________________
>> genode-main mailing list
>> genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
> 
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ · http://genode.org/




More information about the users mailing list