Hi, I am a little confused about creating a share memory between a Non Secure and Secure worlds. As far as I understood, memory region should be placed in Non Secure Side (Linux in tz_vmm example), when a change of context is done you can send the addresses of that regions using cpu registers and looking into vm_state struct. Then, from Secure side must be a method to access to that region but I do not find the good way to configure Genode to perform that access. Is there any example of how that works?
Regards, Pablo Anton. El 02.12.2013 16:19, Stefan Kalkowski escribió: > Hi, > > On 12/02/2013 03:48 PM, panton wrote: >> Hi Stefan, >> >> I know this is not a question about genode but I am having troubles >> compiling linux image for tz-vmm. Did you use genode toolchain?? Could >> I >> ask you the config options file you used for compiling (I was not able >> to get it from linux image)?? > > I didn't used the Genode toolchain, but the Codesourcery ARM cross > compiler for Linux (Sourcery G++ Lite 2009q1-203). As the Genode > toolchain isn't used to compile a Linux system, it misses certain > defines you need when compiling the Linux kernel. > > The adapted kernel configuration file is part of the Linux fork I've > mentioned in my previous mail. Here is the concrete file: > > https://github.com/skalk/linux/blob/imx53-tz/arch/arm/configs/imx5_android_tz_defconfig > > Regards > Stefan > >> >> Thanks you in advance. >> >> Best regards. >> Pablo Anton. >> >> El 28.11.2013 11:07, Stefan Kalkowski escribió: >>> Hi Pablo, >>> >>> On 11/28/2013 10:52 AM, panton wrote: >>>> Hi Stefan, >>>> >>>> Thank you very much for your detailed explication. I am really lucky >>>> beacause it seems you are working right now on that matter (last >>>> genode/staging branch update was yesterday :)). >>>> >>>>> well, this depends. There are trustzone.cc files for different >>>>> platforms/configurations. In general, that file only contains >>>>> additional >>>>> kernel initialization routines needed. For instance, configuring >>>>> IRQs >>>>> to >>>>> be "secure", or "non-secure", or configure TrustZone specific >>>>> devices >>>>> that can be configured in supervisor mode only. >>>>> For configurations where no TrustZone is supported, or used that >>>>> file >>>>> contains an empty initialization indeed. I assume you've found that >>>>> file. >>>> >>>> Now I am able to see files on ./base-hw/src/core/imx53/trustzone. >>>> >>>>> To sum it up, the non-secure guest has to behave cooperatively, or >>>>> it >>>>> will fail. Trap-and-emulate doesn't work in general. Therefore, >>>>> some >>>>> lightweight form of para-virtualization of the guest OS is needed. >>>> >>>> So, I assume the linux image on >>>> http://genode.org/files/images/imx53_qsb/linux_trustzone.bin is not >>>> a >>>> normal linux image for imx53_loco but neither a L4Linux (since the >>>> example is running without Fiasco.OC). Is there any repository where >>>> we >>>> could take that linux code? >>>> >>> >>> Sure, branches including the changes for Versatile Express, and >>> i.MX53 >>> QSB/Tablet can be found on Github too: >>> >>> [email protected]:skalk/linux.git >>> >>> The branches are titled 'vexpress-tz', and 'imx53-tz' >>> >>>> >>>> About the example I only can say "Great work". >>> >>> Thanks, that's music to my ears. >>> >>>> I was able to run it on >>>> hardware. Some little details that could help people: >>>> >>>>> After that, do a 'make run/tz_vmm' in the build directory. The >>>>> resulting >>>>> image is located in 'var/run/tz_vmm/uImage' >>>> >>>> The resulting image is on elf, if you want to run it with uboot you >>>> should create a valid uImage using mkimage tool. >>>> >>> >>> If you add a '--target uboot' to the RUN_OPT environment variable, >>> the >>> uImage is built automatically. Just add the following to your >>> 'etc/build.conf' (I've missed that in the previous mail): >>> >>> RUN_OPT = --target uboot >>> >>>> Now, I go to play! >>> >>> Good luck, and >>> best regards >>> Stefan >>> >>>> >>>> Best regards >>>> Pablo Antón. >>>> >>>> >>>> El 27.11.2013 22:47, Stefan Kalkowski escribió: >>>>> Hi Pablo, >>>>> >>>>> On 11/26/2013 06:11 PM, panton wrote: >>>>>> Hello, >>>>>> >>>>>> I want to create a virtualized system with Genode in my imx53 >>>>>> board. >>>>>> At >>>>>> the moment, I am able to run Genode on the board with base-foc and >>>>>> also >>>>>> directly on hardware (base-hw). Thus, my plan was to run a linux >>>>>> kernel >>>>>> as a child node and hopefully run it into trustzone NS. Looking >>>>>> into >>>>>> Genode code I found base-hw/include/vm_session that seems to deal >>>>>> with >>>>>> virtualization. Furthermore there is a trustzone.cc into >>>>>> base-hw/src/core.., but without real useful code. >>>>> >>>>> well, this depends. There are trustzone.cc files for different >>>>> platforms/configurations. In general, that file only contains >>>>> additional >>>>> kernel initialization routines needed. For instance, configuring >>>>> IRQs >>>>> to >>>>> be "secure", or "non-secure", or configure TrustZone specific >>>>> devices >>>>> that can be configured in supervisor mode only. >>>>> For configurations where no TrustZone is supported, or used that >>>>> file >>>>> contains an empty initialization indeed. I assume you've found that >>>>> file. >>>>> >>>>>> >>>>>> I was wondering if there are implemented virtualization >>>>>> capabilities >>>>>> using trustzone or even without trustzone? >>>>> >>>>> In fact, there is some kind of virtualization support using >>>>> TrustZone. >>>>> Although, TrustZone isn't designed to be a virtualization solution. >>>>> Therefore, the "guest" needs to be aware what devices it is allowed >>>>> to >>>>> use. In contrast to the CPU (including MMU, Caches, etc.), there is >>>>> no >>>>> support to virtualize physical memory (including memory mapped I/O) >>>>> for >>>>> the non-secure "guest". That means guest physical addresses are in >>>>> fact >>>>> physical addresses. Dependent on the concrete platform, it might be >>>>> possible to deny non-secure access to certain physical memory >>>>> regions, >>>>> like I/O memory of certain devices, and then use a trap-emulate >>>>> approach. But in general this approach isn't guaranteed to work. >>>>> Dependent on where the unit, which controls peripheral device >>>>> memory >>>>> (if >>>>> existent at all), is located in the bus hierarchy of the SoC, it >>>>> might >>>>> provoke asynchronous external data-aborts in the CPU core, instead >>>>> of >>>>> synchronous ones. Thereby, it is impossible to recover the state, >>>>> in >>>>> which the protection fault was raised. >>>>> To sum it up, the non-secure guest has to behave cooperatively, or >>>>> it >>>>> will fail. Trap-and-emulate doesn't work in general. Therefore, >>>>> some >>>>> lightweight form of para-virtualization of the guest OS is needed. >>>>> >>>>> On ARM platforms, apart from the TrustZone "virtualization", Genode >>>>> includes support of L4Linux, a para-virtualized Linux for the >>>>> Fiasco.OC >>>>> kernel. ARM's virtualization extensions aren't supported yet, but >>>>> we'll >>>>> investigate it certainly. >>>>> >>>>>> If so, it would be great to >>>>>> have an example of how to use it. >>>>> >>>>> A working basic example is available on Genode's current staging >>>>> branch, >>>>> and will be available in Genode's upcoming release 13.11, that will >>>>> be >>>>> announced this week. >>>>> The example should work out of the box for ARM's Versatile Express >>>>> Coretile A9x4, and Freescale's i.MX53 Quickstart board. You'll have >>>>> to >>>>> create a build directory for 'hw_imx53'. After creating the build >>>>> directory, you've to adapt the 'etc/specs.conf' file, and add the >>>>> following SPEC variable: >>>>> >>>>> SPECS += trustzone >>>>> >>>>> After that, do a 'make run/tz_vmm' in the build directory. The >>>>> resulting >>>>> image is located in 'var/run/tz_vmm/uImage'. The example scenario >>>>> starts >>>>> Genode's hw kernel, core, init, and the virtual machine monitor, >>>>> which >>>>> will boot Linux with a small busybox initramfs on the non-secure >>>>> side. >>>>> >>>>> A more sophisticated example, which runs on the i.MX53 SABRE tablet >>>>> only, can be found on this topic branch: >>>>> >>>>> https://github.com/skalk/genode/tree/i.MX53_tablet_demo >>>>> >>>>> That example include virtual touchscreen support for the non-secure >>>>> guest, so that you can interact with the secure Genode system, and >>>>> the >>>>> non-secure Android guest side-by-side. >>>>> >>>>>> >>>>>> Thanks in advance for answers! >>>>> >>>>> You're welcome. >>>>> >>>>> Best Regards >>>>> Stefan >>>>> >>>>>> >>>>>> Best regards, >>>>>> Pablo Anton >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Rapidly troubleshoot problems before they affect your business. >>>>>> Most >>>>>> IT >>>>>> organizations don't have a clear picture of how application >>>>>> performance >>>>>> affects their revenue. With AppDynamics, you get 100% visibility >>>>>> into >>>>>> your >>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>>>>> AppDynamics Pro! >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>>>>> _______________________________________________ >>>>>> Genode-main mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/genode-main >>>>>> >>>>> >>>>> -- >>>>> Stefan Kalkowski >>>>> Genode Labs >>>>> >>>>> http://www.genode-labs.com/ · http://genode.org/ >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Rapidly troubleshoot problems before they affect your business. >>>>> Most >>>>> IT >>>>> organizations don't have a clear picture of how application >>>>> performance >>>>> affects their revenue. With AppDynamics, you get 100% visibility >>>>> into >>>>> your >>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>>>> AppDynamics Pro! >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>>>> _______________________________________________ >>>>> Genode-main mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/genode-main >>>> >>>> ------------------------------------------------------------------------------ >>>> Rapidly troubleshoot problems before they affect your business. Most >>>> IT >>>> organizations don't have a clear picture of how application >>>> performance >>>> affects their revenue. With AppDynamics, you get 100% visibility >>>> into >>>> your >>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>>> AppDynamics Pro! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> Genode-main mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/genode-main >>>> >>> >>> -- >>> Stefan Kalkowski >>> Genode Labs >>> >>> http://www.genode-labs.com/ · http://genode.org/ >>> >>> ------------------------------------------------------------------------------ >>> Rapidly troubleshoot problems before they affect your business. Most >>> IT >>> organizations don't have a clear picture of how application >>> performance >>> affects their revenue. With AppDynamics, you get 100% visibility into >>> your >>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>> AppDynamics Pro! >>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Genode-main mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/genode-main >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most >> IT >> organizations don't have a clear picture of how application >> performance >> affects their revenue. With AppDynamics, you get 100% visibility into >> your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >> AppDynamics Pro! >> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >> _______________________________________________ >> Genode-main mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/genode-main >> > > -- > Stefan Kalkowski > Genode Labs > > http://www.genode-labs.com/ · http://genode.org/ > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into > your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of > AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > Genode-main mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/genode-main ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ Genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
