reduce genode TCB

Stefan Kalkowski stefan.kalkowski at ...1...
Mon Aug 28 10:44:18 CEST 2017 

Hi,

On 08/04/2017 09:52 AM, rijurekha at ...71... wrote:
> Hi,
> We have built a trap and emulation secure world application based on the
> genode tz_vmm demo, to run on the IMX53 QSB and Sabre Tablet. This allows
> us to handle applications like reliably turning on/off some peripherals.
> E.g. for Bluetooth radio, we make GPIO 3/4 secure in CSU. When Android
> tries to turn on Bluetooth, we get an external data abort in secure world
> for which we do nothing and give back control. Android gives up after a
> few retries. For other peripherals that use GPIO 3/4 and therefore share
> the CSU setting, we also get the external abort, but we emulate the
> instruction in secure world before giving back control to linux.
> 
> The current secure world has 27539 LOC. The baseline can be
> https://athena.smu.edu.sg/mobisys/backend/mobisys/assets/paper_list/pdf_version/paper_31.pdf,
> which also turned on/off peripherals, rewriting normal world device
> drivers from secure world. It has only about 4K LoC in TCB (section 6 para
> 2 and 3).
> 
> Looking at the .d files in hw_imx53 with sloc, we get the following
> break-down. The bulk of the code is coming from genode OS framework. The
> question I have is:  does the tz_vmm demo minimally use genode components?
> If yes, then maybe this is the best TCB size we can expect? If not, then
> what are some parts that can be cut down?

I would say: yes our example "tz_vmm" uses a minimal set of the Genode
OS framework. When comparing a statical setup for a very-specific use
case (thereby probably linking everything together without anything in
between) with a component-based OS like Genode, running drivers in
separate components, with the ability of quite dynamic processing, then
surely the static setup will always win in terms of LOC count. But
adding 19K LOC for the possibility to easily extend your setup and to
separate components from each other does not seem to be much overhead in
my eyes.

Regards
Stefan

> 
> Thanks!
> Riju
> 
> Secure world user space component tz_vmm (~3.5K LoC)
> (1) loads and monitors the normal world linux in original genode demo,
> we added our instruction emulation code here - 1353 LoC
> (2) ARM instruction decoding library DARM - 2070 LoC
> 
> Hardware related files (~2.5K LoC)
> (1) for ARM, ARM_V7, ARM CORTEX_A8, IMX, IMX53, TRUSTZONE, CSU - 2316 LoC
> 
> Genode OS: (~19K LoC)
> http://genode.org/documentation/general-overview/index
> https://genode.org/documentation/api/base_index
> (1) C/C++ standard library functions, data structures, other programming
> utitlies - 2634 LoC
> (2) Memory allocation and management - 2710 LoC
> (3) Device access - 707 LoC
> (4) Thread and synchronization - 1768 LoC
> (5) CPU - 1286 LoC
> (6) Debugging - 1248 LoC
> (7) Inter-Process Communication - 2595 LoC
> (8) Client server framework - 406 LoC
> (9) Other stuff ....
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

https://github.com/skalk ยท http://genode.org/

More information about the users mailing list