reduce genode TCB

Stefan Kalkowski stefan.kalkowski at ...1...
Mon Aug 28 10:47:01 CEST 2017


sorry for the duplicate. My mail client sort the last mails strangely,
therefore I did not saw that Norman already answered to you in-depth.

On 08/28/2017 10:44 AM, Stefan Kalkowski wrote:
> Hi,
> 
> On 08/04/2017 09:52 AM, rijurekha at ...71... wrote:
>> Hi,
>> We have built a trap and emulation secure world application based on the
>> genode tz_vmm demo, to run on the IMX53 QSB and Sabre Tablet. This allows
>> us to handle applications like reliably turning on/off some peripherals.
>> E.g. for Bluetooth radio, we make GPIO 3/4 secure in CSU. When Android
>> tries to turn on Bluetooth, we get an external data abort in secure world
>> for which we do nothing and give back control. Android gives up after a
>> few retries. For other peripherals that use GPIO 3/4 and therefore share
>> the CSU setting, we also get the external abort, but we emulate the
>> instruction in secure world before giving back control to linux.
>>
>> The current secure world has 27539 LOC. The baseline can be
>> https://athena.smu.edu.sg/mobisys/backend/mobisys/assets/paper_list/pdf_version/paper_31.pdf,
>> which also turned on/off peripherals, rewriting normal world device
>> drivers from secure world. It has only about 4K LoC in TCB (section 6 para
>> 2 and 3).
>>
>> Looking at the .d files in hw_imx53 with sloc, we get the following
>> break-down. The bulk of the code is coming from genode OS framework. The
>> question I have is:  does the tz_vmm demo minimally use genode components?
>> If yes, then maybe this is the best TCB size we can expect? If not, then
>> what are some parts that can be cut down?
> 
> I would say: yes our example "tz_vmm" uses a minimal set of the Genode
> OS framework. When comparing a statical setup for a very-specific use
> case (thereby probably linking everything together without anything in
> between) with a component-based OS like Genode, running drivers in
> separate components, with the ability of quite dynamic processing, then
> surely the static setup will always win in terms of LOC count. But
> adding 19K LOC for the possibility to easily extend your setup and to
> separate components from each other does not seem to be much overhead in
> my eyes.
> 
> Regards
> Stefan
> 
>>
>> Thanks!
>> Riju
>>
>> Secure world user space component tz_vmm (~3.5K LoC)
>> (1) loads and monitors the normal world linux in original genode demo,
>> we added our instruction emulation code here - 1353 LoC
>> (2) ARM instruction decoding library DARM - 2070 LoC
>>
>> Hardware related files (~2.5K LoC)
>> (1) for ARM, ARM_V7, ARM CORTEX_A8, IMX, IMX53, TRUSTZONE, CSU - 2316 LoC
>>
>> Genode OS: (~19K LoC)
>> http://genode.org/documentation/general-overview/index
>> https://genode.org/documentation/api/base_index
>> (1) C/C++ standard library functions, data structures, other programming
>> utitlies - 2634 LoC
>> (2) Memory allocation and management - 2710 LoC
>> (3) Device access - 707 LoC
>> (4) Thread and synchronization - 1768 LoC
>> (5) CPU - 1286 LoC
>> (6) Debugging - 1248 LoC
>> (7) Inter-Process Communication - 2595 LoC
>> (8) Client server framework - 406 LoC
>> (9) Other stuff ....
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> genode-main mailing list
>> genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
> 

-- 
Stefan Kalkowski
Genode Labs

https://github.com/skalk ยท http://genode.org/




More information about the users mailing list