Hi Yevgeny, In general, I can recommend you to have a look at the article [3]. It gives information regarding nearly all the topics that you address.
Am 16.05.2016 um 11:27 schrieb Yevgeny Lavrov: > So I was able to run Genode on USB Armory, and ssh into it, > and it appears to me that I’m interacting with Linux Virtual Machine. If > it is a Virtual Machine, No, it is the Normal World of ARM Trustzone. It might be misleading that we use the Genode VM-Session interface to control the Normal World but the underlying Trustzone technology is still no Virtualization but merely a hardware separation. > then are there any tools available within that > VM that I can use to talk to the outside of the Linux VM, or at least > somehow prove/demonstrate that the Linux VM I’m currently in is running > atop of Genode? Yes, there are. You can use the Secure Monitor Call or SMC instruction of ARM for that. Actually, it is already used by your Linux for the para-virtualized SD-card [1] and UART [2]. Using SMCs, you can also install shared buffers as done in [1]. > The other question is about the Kernel. It appears as ARM Linux Kernel > during boot. Is it a standard Linux Kernel or especially customized one > to support Genode? I just need to verify this. Just to be really clear, do you mean the initial Kernel that boots the Genode hypervisor or the Kernel that is started by Genode in the Normal World ([init -> tz_vmm] [vm] ...) ? Assuming you mean the one in the Normal World, it is a patched Linux 4.2.3. You can see my two Armory patches here [4]. > Can you provide any tips on how to bring up any other microkernels fully > supported by Genode that I can run on USB Armory? There are generally three main building sites when porting another kernel to the Normal World of tz_vmm. First, the monitor component [5] acts as bootloader for the Normal World OS. This bootloader behavior would have to be adapted to the new OS's expectations. Second, the Normal World OS currently has to cooperate in some ways with the Secure World. Mainly, it must not modify clock or power controls in a way that affects the Genode hypervisor because these controls are not protected yet. Third, you have to check whether your OS attempts to use devices that are protected. If they are mandatory, i.e. you can't skip them, you can para-virtualize them. As mentioned above, for SDHC and UART, Genode already provides a para-virtualized interface. > If there are no other > options available besides using the default Linux kernel that comes with > the tz_vmm, then is there any other board that you can recommend me to > use to run Genode with fully supported microkernels, as preparation for > seL4? Could you please explain this a bit further? I don't know what seL4 has to do with a Trustzone scenario. What is your final goal? Cheers, Martin [1] https://github.com/m-stein/linux/blob/genode_hw_usb_armory_tz_vmm/drivers/block/genode.c [2] https://github.com/m-stein/linux/blob/genode_hw_usb_armory_tz_vmm/drivers/tty/serial/genode.c https://github.com/m-stein/linux/blob/genode_hw_usb_armory_tz_vmm/arch/arm/include/debug/imx.S [3] https://genode.org/documentation/articles/usb_armory [4] https://github.com/m-stein/linux/commits/genode_hw_usb_armory_tz_vmm [5] https://github.com/genodelabs/genode/tree/master/repos/os/src/server/tz_vmm ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
