Hi Pablo, On 11/28/2013 10:52 AM, panton wrote: > Hi Stefan, > > Thank you very much for your detailed explication. I am really lucky > beacause it seems you are working right now on that matter (last > genode/staging branch update was yesterday :)). > >> well, this depends. There are trustzone.cc files for different >> platforms/configurations. In general, that file only contains >> additional >> kernel initialization routines needed. For instance, configuring IRQs >> to >> be "secure", or "non-secure", or configure TrustZone specific devices >> that can be configured in supervisor mode only. >> For configurations where no TrustZone is supported, or used that file >> contains an empty initialization indeed. I assume you've found that >> file. > > Now I am able to see files on ./base-hw/src/core/imx53/trustzone. > >> To sum it up, the non-secure guest has to behave cooperatively, or it >> will fail. Trap-and-emulate doesn't work in general. Therefore, some >> lightweight form of para-virtualization of the guest OS is needed. > > So, I assume the linux image on > http://genode.org/files/images/imx53_qsb/linux_trustzone.bin is not a > normal linux image for imx53_loco but neither a L4Linux (since the > example is running without Fiasco.OC). Is there any repository where we > could take that linux code? >
Sure, branches including the changes for Versatile Express, and i.MX53 QSB/Tablet can be found on Github too: [email protected]:skalk/linux.git The branches are titled 'vexpress-tz', and 'imx53-tz' > > About the example I only can say "Great work". Thanks, that's music to my ears. > I was able to run it on > hardware. Some little details that could help people: > >> After that, do a 'make run/tz_vmm' in the build directory. The >> resulting >> image is located in 'var/run/tz_vmm/uImage' > > The resulting image is on elf, if you want to run it with uboot you > should create a valid uImage using mkimage tool. > If you add a '--target uboot' to the RUN_OPT environment variable, the uImage is built automatically. Just add the following to your 'etc/build.conf' (I've missed that in the previous mail): RUN_OPT = --target uboot > Now, I go to play! Good luck, and best regards Stefan > > Best regards > Pablo Antón. > > > El 27.11.2013 22:47, Stefan Kalkowski escribió: >> Hi Pablo, >> >> On 11/26/2013 06:11 PM, panton wrote: >>> Hello, >>> >>> I want to create a virtualized system with Genode in my imx53 board. >>> At >>> the moment, I am able to run Genode on the board with base-foc and >>> also >>> directly on hardware (base-hw). Thus, my plan was to run a linux >>> kernel >>> as a child node and hopefully run it into trustzone NS. Looking into >>> Genode code I found base-hw/include/vm_session that seems to deal with >>> virtualization. Furthermore there is a trustzone.cc into >>> base-hw/src/core.., but without real useful code. >> >> well, this depends. There are trustzone.cc files for different >> platforms/configurations. In general, that file only contains >> additional >> kernel initialization routines needed. For instance, configuring IRQs >> to >> be "secure", or "non-secure", or configure TrustZone specific devices >> that can be configured in supervisor mode only. >> For configurations where no TrustZone is supported, or used that file >> contains an empty initialization indeed. I assume you've found that >> file. >> >>> >>> I was wondering if there are implemented virtualization capabilities >>> using trustzone or even without trustzone? >> >> In fact, there is some kind of virtualization support using TrustZone. >> Although, TrustZone isn't designed to be a virtualization solution. >> Therefore, the "guest" needs to be aware what devices it is allowed to >> use. In contrast to the CPU (including MMU, Caches, etc.), there is no >> support to virtualize physical memory (including memory mapped I/O) for >> the non-secure "guest". That means guest physical addresses are in fact >> physical addresses. Dependent on the concrete platform, it might be >> possible to deny non-secure access to certain physical memory regions, >> like I/O memory of certain devices, and then use a trap-emulate >> approach. But in general this approach isn't guaranteed to work. >> Dependent on where the unit, which controls peripheral device memory >> (if >> existent at all), is located in the bus hierarchy of the SoC, it might >> provoke asynchronous external data-aborts in the CPU core, instead of >> synchronous ones. Thereby, it is impossible to recover the state, in >> which the protection fault was raised. >> To sum it up, the non-secure guest has to behave cooperatively, or it >> will fail. Trap-and-emulate doesn't work in general. Therefore, some >> lightweight form of para-virtualization of the guest OS is needed. >> >> On ARM platforms, apart from the TrustZone "virtualization", Genode >> includes support of L4Linux, a para-virtualized Linux for the Fiasco.OC >> kernel. ARM's virtualization extensions aren't supported yet, but we'll >> investigate it certainly. >> >>> If so, it would be great to >>> have an example of how to use it. >> >> A working basic example is available on Genode's current staging >> branch, >> and will be available in Genode's upcoming release 13.11, that will be >> announced this week. >> The example should work out of the box for ARM's Versatile Express >> Coretile A9x4, and Freescale's i.MX53 Quickstart board. You'll have to >> create a build directory for 'hw_imx53'. After creating the build >> directory, you've to adapt the 'etc/specs.conf' file, and add the >> following SPEC variable: >> >> SPECS += trustzone >> >> After that, do a 'make run/tz_vmm' in the build directory. The >> resulting >> image is located in 'var/run/tz_vmm/uImage'. The example scenario >> starts >> Genode's hw kernel, core, init, and the virtual machine monitor, which >> will boot Linux with a small busybox initramfs on the non-secure side. >> >> A more sophisticated example, which runs on the i.MX53 SABRE tablet >> only, can be found on this topic branch: >> >> https://github.com/skalk/genode/tree/i.MX53_tablet_demo >> >> That example include virtual touchscreen support for the non-secure >> guest, so that you can interact with the secure Genode system, and the >> non-secure Android guest side-by-side. >> >>> >>> Thanks in advance for answers! >> >> You're welcome. >> >> Best Regards >> Stefan >> >>> >>> Best regards, >>> Pablo Anton >>> >>> ------------------------------------------------------------------------------ >>> Rapidly troubleshoot problems before they affect your business. Most >>> IT >>> organizations don't have a clear picture of how application >>> performance >>> affects their revenue. With AppDynamics, you get 100% visibility into >>> your >>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>> AppDynamics Pro! >>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Genode-main mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/genode-main >>> >> >> -- >> Stefan Kalkowski >> Genode Labs >> >> http://www.genode-labs.com/ · http://genode.org/ >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most IT >> organizations don't have a clear picture of how application performance >> affects their revenue. With AppDynamics, you get 100% visibility into >> your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >> AppDynamics Pro! >> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >> _______________________________________________ >> Genode-main mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/genode-main > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > Genode-main mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/genode-main > -- Stefan Kalkowski Genode Labs http://www.genode-labs.com/ · http://genode.org/ ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
