Genode freezes on USB Armory
martin.stein at ...1...
Tue May 17 13:09:24 CEST 2016
In general, I can recommend you to have a look at the article . It
gives information regarding nearly all the topics that you address.
Am 16.05.2016 um 11:27 schrieb Yevgeny Lavrov:
> So I was able to run Genode on USB Armory, and ssh into it,
> and it appears to me that I’m interacting with Linux Virtual Machine. If
> it is a Virtual Machine,
No, it is the Normal World of ARM Trustzone. It might be misleading that
we use the Genode VM-Session interface to control the Normal World but
the underlying Trustzone technology is still no Virtualization but
merely a hardware separation.
> then are there any tools available within that
> VM that I can use to talk to the outside of the Linux VM, or at least
> somehow prove/demonstrate that the Linux VM I’m currently in is running
> atop of Genode?
Yes, there are. You can use the Secure Monitor Call or SMC instruction
of ARM for that. Actually, it is already used by your Linux for the
para-virtualized SD-card  and UART . Using SMCs, you can also
install shared buffers as done in .
> The other question is about the Kernel. It appears as ARM Linux Kernel
> during boot. Is it a standard Linux Kernel or especially customized one
> to support Genode? I just need to verify this.
Just to be really clear, do you mean the initial Kernel that boots the
Genode hypervisor or the Kernel that is started by Genode in the Normal
World ([init -> tz_vmm] [vm] ...) ?
Assuming you mean the one in the Normal World, it is a patched Linux
4.2.3. You can see my two Armory patches here .
> Can you provide any tips on how to bring up any other microkernels fully
> supported by Genode that I can run on USB Armory?
There are generally three main building sites when porting another
kernel to the Normal World of tz_vmm. First, the monitor component 
acts as bootloader for the Normal World OS. This bootloader behavior
would have to be adapted to the new OS's expectations.
Second, the Normal World OS currently has to cooperate in some ways with
the Secure World. Mainly, it must not modify clock or power controls in
a way that affects the Genode hypervisor because these controls are not
Third, you have to check whether your OS attempts to use devices that
are protected. If they are mandatory, i.e. you can't skip them, you can
para-virtualize them. As mentioned above, for SDHC and UART, Genode
already provides a para-virtualized interface.
> If there are no other
> options available besides using the default Linux kernel that comes with
> the tz_vmm, then is there any other board that you can recommend me to
> use to run Genode with fully supported microkernels, as preparation for
Could you please explain this a bit further? I don't know what seL4 has
to do with a Trustzone scenario. What is your final goal?
More information about the users