SMC Calls in Trustzone VMM Scenario

Mauricio Gutierrez maguti14 at ...527...
Thu Mar 29 04:48:43 CEST 2018 

Hello,

I have been doing some work with the Genode Trustzone VMM scenario on my
i.MX53 development board and I am having a bit of trouble understanding how
the SMC calls work between the normal and secure world. Online you talk
about how you implemented 6 calls in the modified normal world linux kernel
but in the main for the tz_vmm I only found 4 different cases in the
_handle_smc() function. In any case, I wanted to add my own call and was
able to add it and check that the required arguments are passed correctly
and everything so that part I think I understand.

However, I need to do some of the handling in Monitor Mode and my
understanding was that an SMC would throw your into monitor mode but it
seems the handler operates in user mode? Since it is not privileged then I
am not able to call a "cps #22" to switch to monitor mode.  In an earlier
thread I know you refer to the

section "World switch between non-secure world and secure
> world" in http://genode.org/documentation/articles/trustzone.

But I am still uncertain as to how I could get my case in _handle_smc() to
enter monitor mode so that I can play around with the NS bit without
leaving secure world.
I have been studying what happens when I call an smc, say "smc #4" from
normal world. But I have not been able to exactly pin point, where is the
entry point for such an exception in the Genode secure world call? What
exactly happens once I make that call to secure world and where I can I
find/follow the code? Is this covered somewhere in your book?

I know about the mode_transitions.s file as well as the exception_vector.s
and vm.cc files in repos/base-hw/src/core/spec/arm_v7/trustzone, it seems
this is the entry point? But where does it go after we call the
nonsecure_to_secure transition?

Most importantly, I need to understand where is the code operating in
monitor mode? Where does it end and where does it start? How can I tell? If
I needed to write at least some part of my smc handler in monitor mode
before it switches out, what is the best approach to doing that?

I apologize for all the questions and would appreciate any help and
guidance you can provide.

Thank you,

Mauricio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20180328/fc839429/attachment.html>

More information about the users mailing list