use sd_card driver in imx53_qsb_tz platform

Stefan Kalkowski stefan.kalkowski at genode-labs.com
Thu Nov 22 12:11:23 CET 2018 

Hi,

On Thu, Nov 22, 2018 at 05:27:49PM +0800, lzSun wrote:
> Hello ,Genode Community
> I have written an email before which  has a similar question to this email, but I haven't receive any response yet. Because solving this problem is  very important to my  work , so I  decide to put it out again and hope to receive some help.
> The thing is I want to use sd_card driver in i.mx53 quick start board with trustzone. I know Martin said " you should not run 'sd_card' with Genodes Trustzone feature-set (platform 'hw_imx53_qsb_tz'), because Genode will then declare the ESDHC-IRQ to be unsecure to enable Linux to drive SD cards."[1]. But unfortunately, my work is just needs to use sd_card driver with trustzone. So I wonder is this possible? I am now using the latest Genode version(18.08).
> Form my point of view,  if ESDHC-IRQ is still to be unsecure, this's two ways to solve this problem:
> 1. set ESDHC-IRQ to be secure. In this  way ,Genode OS  in secure world can directly drive the SD card. Also, the linux in the normal world must be modified to the stat that could not drive SD card. If this  is right, could you provide me some hint to this method?

Surely this is the right way to go. All ingredients are already in
place. Have a look at the usb_armory platform, which uses exactly the
same SoC i.MX53 with a trustzone Linux using the sd-card client-wise
from the Genode secure-world.

You need to change the sd-card device assignment in:

  `repos/base-hw/src/bootstrap/spec/imx53_qsb/platform_trustzone.cc`

The fourth parameter of the Csu object decides over the sd-card
assignment. And of course you need to change the Linux kernel to use
the paravirtualized block device of the trustzone VMM. Please use the
Linux kernel version + adaptations from here as inspiration:

  https://github.com/m-stein/linux/tree/genode_hw_usb_armory_tz_vmm

> 2. forward the sd card request to linux in the normal world.So all the  sd card operation will be performed by linux. However, I think this will introduce more world switch between two worlds and you should provide a linux driver to serve for Genode's file operation.
> I will be grateful if  you could give me some help, thanks a lot!
> 

I cannot see a reason for using a secure-world stack than anyway. If
make the secure side dependent of the potential insecure side is no
good idea for obvious reasons.

Best regards
Stefan

> 
> 
> 
> ------------------
> Best wishes

> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users


-- 
Stefan Kalkowski
Genode labs

https://github.com.skalk | https://genode.org

More information about the users mailing list