[TZ_VMM] - i.MX53 QSB

Stefan Kalkowski stefan.kalkowski at ...1...
Tue May 31 14:18:42 CEST 2016 

Hello Tiago,

On 05/31/2016 12:52 PM, Tiago Brito wrote:
> 2016-05-31 10:35 GMT+01:00 Stefan Kalkowski <
> stefan.kalkowski at ...1...>:
> 
>> Hello Tiago,
>>
> 
> Hi Stefan, thanks for your response. It really helps!
> 
> 
>>
>> On 05/25/2016 04:56 PM, Tiago Brito wrote:
>>> Hi, I have an i.MX53 QSB development board and I want to experiment with
>>> ARM TrustZone.
>>>
>>> I'm a beginner with regards to genode and kernel development in general.
>>>
>>> I was able to run tz_vmm on the QSB and interact with the linux which
>> runs
>>> in normal world. What I want to do next is a fairly simple system where
>>> inside linux I can call an SMC and switch to the secure world, then
>> whilst
>>> in secure world print something (like "Hello From Secure World" and also
>>> print some argument from the normal world) and then go back to linux.
>>>
>>> I have read some of the messages in the mailing list and I noticed some
>> of
>>> you (other mailing list subscribers) already achieved similar
>> communication
>>> protocols but because I'm new to genode I don't know where to start.
>>
>> Well, the very first pointer to gain more understanding of this concrete
>> scenario ist to read the detailed documentation of it:
>>
>>   http://genode.org/documentation/articles/trustzone
>>
>> Most of your questions, e.g., how to build the Linux kernel?, or is it a
>> modified Linux kernel? are already answered there.
>>
> 
> I read this and I now understand the flow which makes tz_vmm work.
> 
> 
>>
>>>
>>> I know I probably have to create a kernel module for the linux running in
>>> normal world so I can call SMC from a userspace application, but I don't
>>> know how to do that since I don't see where the linux is being compiled
>> for
>>> genode [1]. Do I have to compile another linux? How do I incorporate this
>>> new linux version to work with genode?
>>
>> Actually the Linux kernel version you are using when executing the
>> tz_vmm run-script already issues SMC calls that switch to the secure
>> world, where the VMM handles those calls and afterwards returns to the
>> normal world.
>>
> 
> I understand this, but is there a way to make a user-level application to
> trigger an SMC (with an identifier) so that the secure world, after
> trapping the SMC, can do something accordingly?
> 
> What I read from other posts is that I have to change tz_vmm's Linux in
> order to support this.
> I think other people from this mailing list already did so by adding system
> calls or kernel modules which trigger the SMC.
> This way my user-level application can use this system call/kernel module
> in order to manually switch to the secure world.

Incorporating an interface into the Linux kernel so that a user-land
program can communicate with a kernel subsystem is really beyond the
scope of this mailing-list. Moreover, there are plenty of resources
about such topics that can be found in the web.

Anyway, I think there are probably different approaches for this. I
would build a Linux kernel module that provides a file with a
corresponding ioctl interface. Maybe there is a more convenient way to
do so, but this is the path I would follow being in your position.

In all scenarios we built, communication to the secure world was
initiated within Linux kernel subsystems only.

> 
> 
>>>
>>> Besides this I also don't know where to start modifying tz_vmm in order
>> to
>>> achieve my goals. I know where tz_vmm's code is but I don't know where to
>>> start changing it. I have also seen some mailing list questions regarding
>>> the world switch from secure world to normal world. It seems that from
>>> normal to secure you should call an SMC, but from secure to normal the
>>> monitor mode implementation cannot handle entries from the secure world
>> and
>>> thus no SMC can be called directly [2].
>>
>> The typical activity flow is:
>>
>>  * Linux kernel issues an SMC call, e.g., to tell the VMM where its
>>    framebuffer is located in physical memory [1]
>>  * the HW kernel of Genode receives an exception, pauses the Linux VM,
>>    and delivers a signal to the related VMM [2]
>>  * the VMM receives the signal that the VM got paused due to an SMC
>>    call [3]
>>  * the VMM informs the HW kernel that the VM should be executed again
>>    after handling the call [4]
>>  * next time the scheduler of the HW kernel chooses the VM, it issues a
>>    world-switch to it [5]
>>
> 
>>From tz_vmm's code I understand that both r0 and r1 registers can be used
> as arguments for the SMC, which solves the identifier problem I mentioned.
> This way I can change tz_vmm so that when the SMC triggered by the
> user-level app is caught I can print something to the serial console.

In general you can use all general-purpose registers, as long as you
preserve them, to communicate between both worlds. What kind of protocol
you use, and how the VMM reacts to SMC is up to you.

Regards
Stefan

> 
> 
>>
>> Regards
>> Stefan
>>
> 
> Thanks again!
> 
> Best Regards, Tiago
> 
> 
>>
>> [1]
>>
>> https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636/drivers/video/mxc/mxc_ipuv3_fb.c#L339
>> [2]
>>
>> https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec/arm_v7/trustzone/kernel/vm.cc#L52
>> [3]
>>
>> https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/spec/imx53/main.cc#L95
>> [4]
>>
>> https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/spec/imx53/main.cc#L119
>> [5]
>>
>> https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec/arm_v7/trustzone/kernel/vm.cc#L72
>>
>>>
>>> Can you give my some feedback on how to achieve these things on the
>> i.MX53
>>> QSB?
>>>
>>> Thanks in advance, Tiago
>>>
>>> [1] - https://sourceforge.net/p/genode/mailman/message/33244107/
>>> [2] - https://sourceforge.net/p/genode/mailman/message/34244066/
>>>
>>
> 
> 
> 
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are 
> consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity 
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> 
> 
> 
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ ยท http://genode.org/

More information about the users mailing list