Hello Tiago, On 05/25/2016 04:56 PM, Tiago Brito wrote: > Hi, I have an i.MX53 QSB development board and I want to experiment with > ARM TrustZone. > > I'm a beginner with regards to genode and kernel development in general. > > I was able to run tz_vmm on the QSB and interact with the linux which runs > in normal world. What I want to do next is a fairly simple system where > inside linux I can call an SMC and switch to the secure world, then whilst > in secure world print something (like "Hello From Secure World" and also > print some argument from the normal world) and then go back to linux. > > I have read some of the messages in the mailing list and I noticed some of > you (other mailing list subscribers) already achieved similar communication > protocols but because I'm new to genode I don't know where to start.
Well, the very first pointer to gain more understanding of this concrete scenario ist to read the detailed documentation of it: http://genode.org/documentation/articles/trustzone Most of your questions, e.g., how to build the Linux kernel?, or is it a modified Linux kernel? are already answered there. > > I know I probably have to create a kernel module for the linux running in > normal world so I can call SMC from a userspace application, but I don't > know how to do that since I don't see where the linux is being compiled for > genode [1]. Do I have to compile another linux? How do I incorporate this > new linux version to work with genode? Actually the Linux kernel version you are using when executing the tz_vmm run-script already issues SMC calls that switch to the secure world, where the VMM handles those calls and afterwards returns to the normal world. > > Besides this I also don't know where to start modifying tz_vmm in order to > achieve my goals. I know where tz_vmm's code is but I don't know where to > start changing it. I have also seen some mailing list questions regarding > the world switch from secure world to normal world. It seems that from > normal to secure you should call an SMC, but from secure to normal the > monitor mode implementation cannot handle entries from the secure world and > thus no SMC can be called directly [2]. The typical activity flow is: * Linux kernel issues an SMC call, e.g., to tell the VMM where its framebuffer is located in physical memory [1] * the HW kernel of Genode receives an exception, pauses the Linux VM, and delivers a signal to the related VMM [2] * the VMM receives the signal that the VM got paused due to an SMC call [3] * the VMM informs the HW kernel that the VM should be executed again after handling the call [4] * next time the scheduler of the HW kernel chooses the VM, it issues a world-switch to it [5] Regards Stefan [1] https://github.com/skalk/linux/blob/bc1707a23a9770cf080a1b87b4f553a2a39ac636/drivers/video/mxc/mxc_ipuv3_fb.c#L339 [2] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec/arm_v7/trustzone/kernel/vm.cc#L52 [3] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/spec/imx53/main.cc#L95 [4] https://github.com/genodelabs/genode/blob/master/repos/os/src/server/tz_vmm/spec/imx53/main.cc#L119 [5] https://github.com/genodelabs/genode/blob/master/repos/base-hw/src/core/spec/arm_v7/trustzone/kernel/vm.cc#L72 > > Can you give my some feedback on how to achieve these things on the i.MX53 > QSB? > > Thanks in advance, Tiago > > [1] - https://sourceforge.net/p/genode/mailman/message/33244107/ > [2] - https://sourceforge.net/p/genode/mailman/message/34244066/ > > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > > > > _______________________________________________ > genode-main mailing list > genode-main@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/genode-main > -- Stefan Kalkowski Genode Labs http://www.genode-labs.com/ ยท http://genode.org/ ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
