Hi Stefan, Thank you very much for your detailed explication. I am really lucky beacause it seems you are working right now on that matter (last genode/staging branch update was yesterday :)).
> well, this depends. There are trustzone.cc files for different > platforms/configurations. In general, that file only contains > additional > kernel initialization routines needed. For instance, configuring IRQs > to > be "secure", or "non-secure", or configure TrustZone specific devices > that can be configured in supervisor mode only. > For configurations where no TrustZone is supported, or used that file > contains an empty initialization indeed. I assume you've found that > file. Now I am able to see files on ./base-hw/src/core/imx53/trustzone. > To sum it up, the non-secure guest has to behave cooperatively, or it > will fail. Trap-and-emulate doesn't work in general. Therefore, some > lightweight form of para-virtualization of the guest OS is needed. So, I assume the linux image on http://genode.org/files/images/imx53_qsb/linux_trustzone.bin is not a normal linux image for imx53_loco but neither a L4Linux (since the example is running without Fiasco.OC). Is there any repository where we could take that linux code? About the example I only can say "Great work". I was able to run it on hardware. Some little details that could help people: > After that, do a 'make run/tz_vmm' in the build directory. The > resulting > image is located in 'var/run/tz_vmm/uImage' The resulting image is on elf, if you want to run it with uboot you should create a valid uImage using mkimage tool. Now, I go to play! Best regards Pablo Antón. El 27.11.2013 22:47, Stefan Kalkowski escribió: > Hi Pablo, > > On 11/26/2013 06:11 PM, panton wrote: >> Hello, >> >> I want to create a virtualized system with Genode in my imx53 board. >> At >> the moment, I am able to run Genode on the board with base-foc and >> also >> directly on hardware (base-hw). Thus, my plan was to run a linux >> kernel >> as a child node and hopefully run it into trustzone NS. Looking into >> Genode code I found base-hw/include/vm_session that seems to deal with >> virtualization. Furthermore there is a trustzone.cc into >> base-hw/src/core.., but without real useful code. > > well, this depends. There are trustzone.cc files for different > platforms/configurations. In general, that file only contains > additional > kernel initialization routines needed. For instance, configuring IRQs > to > be "secure", or "non-secure", or configure TrustZone specific devices > that can be configured in supervisor mode only. > For configurations where no TrustZone is supported, or used that file > contains an empty initialization indeed. I assume you've found that > file. > >> >> I was wondering if there are implemented virtualization capabilities >> using trustzone or even without trustzone? > > In fact, there is some kind of virtualization support using TrustZone. > Although, TrustZone isn't designed to be a virtualization solution. > Therefore, the "guest" needs to be aware what devices it is allowed to > use. In contrast to the CPU (including MMU, Caches, etc.), there is no > support to virtualize physical memory (including memory mapped I/O) for > the non-secure "guest". That means guest physical addresses are in fact > physical addresses. Dependent on the concrete platform, it might be > possible to deny non-secure access to certain physical memory regions, > like I/O memory of certain devices, and then use a trap-emulate > approach. But in general this approach isn't guaranteed to work. > Dependent on where the unit, which controls peripheral device memory > (if > existent at all), is located in the bus hierarchy of the SoC, it might > provoke asynchronous external data-aborts in the CPU core, instead of > synchronous ones. Thereby, it is impossible to recover the state, in > which the protection fault was raised. > To sum it up, the non-secure guest has to behave cooperatively, or it > will fail. Trap-and-emulate doesn't work in general. Therefore, some > lightweight form of para-virtualization of the guest OS is needed. > > On ARM platforms, apart from the TrustZone "virtualization", Genode > includes support of L4Linux, a para-virtualized Linux for the Fiasco.OC > kernel. ARM's virtualization extensions aren't supported yet, but we'll > investigate it certainly. > >> If so, it would be great to >> have an example of how to use it. > > A working basic example is available on Genode's current staging > branch, > and will be available in Genode's upcoming release 13.11, that will be > announced this week. > The example should work out of the box for ARM's Versatile Express > Coretile A9x4, and Freescale's i.MX53 Quickstart board. You'll have to > create a build directory for 'hw_imx53'. After creating the build > directory, you've to adapt the 'etc/specs.conf' file, and add the > following SPEC variable: > > SPECS += trustzone > > After that, do a 'make run/tz_vmm' in the build directory. The > resulting > image is located in 'var/run/tz_vmm/uImage'. The example scenario > starts > Genode's hw kernel, core, init, and the virtual machine monitor, which > will boot Linux with a small busybox initramfs on the non-secure side. > > A more sophisticated example, which runs on the i.MX53 SABRE tablet > only, can be found on this topic branch: > > https://github.com/skalk/genode/tree/i.MX53_tablet_demo > > That example include virtual touchscreen support for the non-secure > guest, so that you can interact with the secure Genode system, and the > non-secure Android guest side-by-side. > >> >> Thanks in advance for answers! > > You're welcome. > > Best Regards > Stefan > >> >> Best regards, >> Pablo Anton >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most >> IT >> organizations don't have a clear picture of how application >> performance >> affects their revenue. With AppDynamics, you get 100% visibility into >> your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >> AppDynamics Pro! >> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >> _______________________________________________ >> Genode-main mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/genode-main >> > > -- > Stefan Kalkowski > Genode Labs > > http://www.genode-labs.com/ · http://genode.org/ > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into > your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of > AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > Genode-main mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/genode-main ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
