Trustzone with virt_qemu_arm_v8a
Stefan Kalkowski
stefan.kalkowski at genode-labs.com
Mon Feb 27 12:15:32 CET 2023
Hello Divya,
On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
> Dear Genodians,
>
> I hope this message finds you well. I am writing to follow up on our
> previous discussion regarding running kernels in secure mode using QEMU.
>
> As per your suggestion, we have investigated the use of QEMU for this
> purpose and found that it does support the required kernels. However, we
> require further guidance on setting up an exception vector for the EL3.
> Could you kindly provide us with the necessary steps to accomplish this
> task?
>
This goes _far_ beyond the scope of an easy to answer "How to..."
question.
My first counter question would be: what do you want to achieve?
What is your goal: do you want different fully functional OSes on both
sides: secure world and normal world, or "just" some library OS
functionality on the secure side for doing for instance some
cryptographic work? Is Genode running on both sides, or what is
running in the normal world?
If you only want to "play" with the current possibilities of the
Genode framework only, this goes far beyond this scope. You would need
to develop certain functionalities not yet implemented for ARMv8. In
that case, much more knowledge about your envisioned system is needed.
> Additionally, we are interested in running a simple program similar to the
> one demonstrated in the IMX demo. Could you please suggest any relevant
> documents or threads that could assist us in achieving this objective?
I don't know which "simple program" you mean actually? The only
visible TrustZone examples for i.MX53 I'm aware of are Linux or
Android running in the normal world, and Genode's base-hw kernel,
some drivers and a kind of TrustZone VMM running in the secure
world. This is actually no simple scenario at all.
If you want to re-produce this scenario, you have to:
* Analyze functionality and security-wise, which system registers have
to be saved / restored by the secure-monitor on ARMv8
* Implement (in assembler) a world-switch routine from the
normal-to-secure world (this is the exception vector), and
vice-versa
* Setup the secure-monitor mode, e.g. by setting the exception
vector's address in EL3 mode
* Re-write or extend the TrustZone VMM to handle ARMv8
Regards
Stefan
>
> Thank you for your time and assistance.
>
> Sincerely,
>
> Divya
>
> On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski <
> stefan.kalkowski at genode-labs.com> wrote:
>
> > Hello Devashish,
> >
> > in its currently used form on ARMv8: if Genode's own kernel variant
> > "base-hw" gets booted into TrustZone's secure mode at all, it leaves
> > it without doing any additional setup into the normal world resp.
> > directly into EL2 hypervisor mode to prepare that.
> >
> > With other words, without modifications you can't use the secure world
> > right now. On most platforms this is actually already in use by ARM's
> > Trusted Firmware (ATF), which implements things like multi-processor
> > wakeup, suspend etc., so we can't make use of it without replacing the
> > whole ATF.
> >
> > In general it is however possible to do so, but you'll need to do
> > several in-depth modifications to make that work. First you need to
> > find out whether on Qemu the kernel gets started in secure mode. If
> > yes you would need at least to setup an exception vector for the EL3
> > secure-monitor mode, so that you handle for instance SMC-calls.
> > Probably you'll need to setup the MMU for the EL3 mode.
> > To sum it up it is some serious work to do. If you are interested in
> > exploring that, please have a look into the current CPU and exception-level
> > (EL) setup in file:
> > repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc
> > That would be a good starting point to hook in.
> >
> > Regards
> > Stefan
> >
> > On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017
> > wrote:
> > > Dear Genodians,
> > > I am working with virt_qemu_arm_v8a, and I read the extensive
> > documentation
> > > on how Genode has experimented with the Trustzone of ARM. I want to
> > explore
> > > the Trustzone and run an application in the secure mode, but I wanted to
> > > know if it is possible to do with virt_qemu_arm.
> > >
> > > --
> > > Regards,
> > > Devashish Dewangan
> > > CS21M017
> >
> > > _______________________________________________
> > > Genode users mailing list
> > > users at lists.genode.org
> > > https://lists.genode.org/listinfo/users
> >
> >
> > --
> > Stefan Kalkowski
> > Genode labs
> >
> > https://github.com/skalk | https://genode.org
> >
> > _______________________________________________
> > Genode users mailing list
> > users at lists.genode.org
> > https://lists.genode.org/listinfo/users
> >
> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users
--
Stefan Kalkowski
Genode labs
https://github.com/skalk | https://genode.org
More information about the users
mailing list