Trustzone with virt_qemu_arm_v8a
Michael Grunditz
michael.grunditz at gmail.com
Wed Mar 1 12:21:38 CET 2023
On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski
<stefan.kalkowski at genode-labs.com> wrote:
>
> Hello Divya,
>
> my colleague Norman raised the reasonable question, why don't you use
> virtualization for your use-case instead of TrustZone? It is much more
> appropriated, and already supported.
>
> Regards
> Stefan
>
This is the only sensible option. As Stefan explained; it is very
large amount of work to device
some kind of secure vmm from scratch. It is possible to overwrite ATF
and run "simple" functions
from the new exception table.
Another option is to use something I have tinkered with. I use a
dedicated CPU core and since
it is started without any EL switching it can run , in the background
behind Genode, and can be kept
secure. In order to communicate with it you probably need to do a
exception vector for the CPU
cores Genode runs on. When all is setup , you can message your crypto
routines running on
the dedicated CPU core by doing SVC calls and in the vector entries
use the soc's mailboxing.
But, *really*, "normal" virtualization is the best option. Every
other option requires a
lot of assembly and would step away from Genodes software design.
Regards,
MIchael
More information about the users
mailing list