Trustzone with virt_qemu_arm_v8a

Divya Sharma divyasharma26546 at gmail.com
Tue Feb 28 13:56:06 CET 2023 

To be more specific we want to create an app/program on Linux/Android and
for cryptographic work, we want to switch to a trusted os, Genode.
so we need to work on 2 things
1) switching between Normal os to secure os and vice versa
2) set up Linux/android on top of genode.

please suggest something for 2nd option.

Regards
Divya


On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski <
stefan.kalkowski at genode-labs.com> wrote:

> Hello Divya,
>
> On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote:
> > Dear Genodians,
> >
> > I hope this message finds you well. I am writing to follow up on our
> > previous discussion regarding running kernels in secure mode using QEMU.
> >
> > As per your suggestion, we have investigated the use of QEMU for this
> > purpose and found that it does support the required kernels. However, we
> > require further guidance on setting up an exception vector for the EL3.
> > Could you kindly provide us with the necessary steps to accomplish this
> > task?
> >
>
> This goes _far_ beyond the scope of an easy to answer "How to..."
> question.
>
> My first counter question would be: what do you want to achieve?
> What is your goal: do you want different fully functional OSes on both
> sides: secure world and normal world, or "just" some library OS
> functionality on the secure side for doing for instance some
> cryptographic work? Is Genode running on both sides, or what is
> running in the normal world?
>
> If you only want to "play" with the current possibilities of the
> Genode framework only, this goes far beyond this scope. You would need
> to develop certain functionalities not yet implemented for ARMv8. In
> that case, much more knowledge about your envisioned system is needed.
>
> > Additionally, we are interested in running a simple program similar to
> the
> > one demonstrated in the IMX demo. Could you please suggest any relevant
> > documents or threads that could assist us in achieving this objective?
>
> I don't know which "simple program" you mean actually? The only
> visible TrustZone examples for i.MX53 I'm aware of are Linux or
> Android running in the normal world, and Genode's base-hw kernel,
> some drivers and a kind of TrustZone VMM running in the secure
> world. This is actually no simple scenario at all.
>
> If you want to re-produce this scenario, you have to:
>
> * Analyze functionality and security-wise, which system registers have
>   to be saved / restored by the secure-monitor on ARMv8
> * Implement (in assembler) a world-switch routine from the
>   normal-to-secure world (this is the exception vector), and
>   vice-versa
> * Setup the secure-monitor mode, e.g. by setting the exception
>   vector's address in EL3 mode
> * Re-write or extend the TrustZone VMM to handle ARMv8
>
> Regards
> Stefan
>
> >
> > Thank you for your time and assistance.
> >
> > Sincerely,
> >
> > Divya
> >
> > On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski <
> > stefan.kalkowski at genode-labs.com> wrote:
> >
> > > Hello Devashish,
> > >
> > > in its currently used form on ARMv8: if Genode's own kernel variant
> > > "base-hw" gets booted into TrustZone's secure mode at all, it leaves
> > > it without doing any additional setup into the normal world resp.
> > > directly into EL2 hypervisor mode to prepare that.
> > >
> > > With other words, without modifications you can't use the secure world
> > > right now. On most platforms this is actually already in use by ARM's
> > > Trusted Firmware (ATF), which implements things like multi-processor
> > > wakeup, suspend etc., so we can't make use of it without replacing the
> > > whole ATF.
> > >
> > > In general it is however possible to do so, but you'll need to do
> > > several in-depth modifications to make that work. First you need to
> > > find out whether on Qemu the kernel gets started in secure mode. If
> > > yes you would need at least to setup an exception vector for the EL3
> > > secure-monitor mode, so that you handle for instance SMC-calls.
> > > Probably you'll need to setup the MMU for the EL3 mode.
> > > To sum it up it is some serious work to do. If you are interested in
> > > exploring that, please have a look into the current CPU and
> exception-level
> > > (EL) setup in file:
> > > repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc
> > > That would be a good starting point to hook in.
> > >
> > > Regards
> > > Stefan
> > >
> > > On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017
> > > wrote:
> > > > Dear Genodians,
> > > > I am working with virt_qemu_arm_v8a, and I read the extensive
> > > documentation
> > > > on how Genode has experimented with the Trustzone of ARM. I want to
> > > explore
> > > > the Trustzone and run an application in the secure mode, but I
> wanted to
> > > > know if it is possible to do with virt_qemu_arm.
> > > >
> > > > --
> > > > Regards,
> > > > Devashish Dewangan
> > > > CS21M017
> > >
> > > > _______________________________________________
> > > > Genode users mailing list
> > > > users at lists.genode.org
> > > > https://lists.genode.org/listinfo/users
> > >
> > >
> > > --
> > > Stefan Kalkowski
> > > Genode labs
> > >
> > > https://github.com/skalk | https://genode.org
> > >
> > > _______________________________________________
> > > Genode users mailing list
> > > users at lists.genode.org
> > > https://lists.genode.org/listinfo/users
> > >
>
> > _______________________________________________
> > Genode users mailing list
> > users at lists.genode.org
> > https://lists.genode.org/listinfo/users
>
>
> --
> Stefan Kalkowski
> Genode labs
>
> https://github.com/skalk | https://genode.org
>
> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20230228/68d21660/attachment.htm>

More information about the users mailing list