Trustzone with virt_qemu_arm_v8a

Stefan Kalkowski stefan.kalkowski at genode-labs.com
Thu Mar 2 09:39:53 CET 2023 

Hello,

with normal virtualization, hardware-assisted virtualization for ARM
was meant.

You can achieve similar isolation like the TrustZone separation, not
in between "secure" and "normal" but in between host and guest OS. The
host OS Genode can provide special cryptographic means to the Android
guest via a special virtual device, or as backend of an already
existing device category, e.g. network.

Regards
Stefan

On Thu, Mar 02, 2023 at 01:33:00PM +0530, Divya Sharma wrote:
> Thanks, MIchael for suggesting the another approach.
> 
> With the normal virtualization, do you mean the arm virtualization which
> works at PL2? Do you mean we can achieve the same secured or normal
> isolation level with normal virtualization as we would have achieved with
> the Trustzone?As our main goal is to execute the normal application(
> cryptographic
> work) in the secure world compared to the normal world.
> If yes, how can we achieve a normal and secure world in virtualization? Can
> you provide any references or anything to achieve this from scratch if
> possible?
> 
> 
> 
> Best,
> Divya.
> 
> On Wed, Mar 1, 2023 at 4:52 PM Michael Grunditz <michael.grunditz at gmail.com>
> wrote:
> 
> > On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski
> > <stefan.kalkowski at genode-labs.com> wrote:
> > >
> > > Hello Divya,
> > >
> > > my colleague Norman raised the reasonable question, why don't you use
> > > virtualization for your use-case instead of TrustZone? It is much more
> > > appropriated, and already supported.
> > >
> > > Regards
> > > Stefan
> > >
> > This is the only sensible option. As Stefan explained; it is very
> > large amount of work to device
> > some kind of secure vmm from scratch. It is possible to overwrite ATF
> > and run "simple" functions
> > from the new exception table.
> >
> > Another option is to use something I have tinkered with. I use a
> > dedicated CPU core and since
> > it is started without any EL switching it can run , in the background
> > behind Genode, and can be kept
> > secure. In order to communicate with it you probably need to do a
> > exception vector for the CPU
> > cores Genode runs on. When all is setup , you can message your crypto
> > routines running on
> > the dedicated CPU core by doing SVC calls and in the vector entries
> > use the soc's mailboxing.
> >
> > But, *really*, "normal" virtualization is  the best option. Every
> > other option requires a
> > lot of assembly and would step away from Genodes software design.
> >
> > Regards,
> > MIchael
> >
> > _______________________________________________
> > Genode users mailing list
> > users at lists.genode.org
> > https://lists.genode.org/listinfo/users
> >

> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users


-- 
Stefan Kalkowski
Genode labs

https://github.com/skalk | https://genode.org

More information about the users mailing list