[incubator-teaclave-trustzone-sdk] branch master updated: Add `Expanding TA Secure Memory on QEMUv8` documentation (#92)

Thu, 15 Sep 2022 19:47:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

yuanz pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git


The following commit(s) were added to refs/heads/master by this push:
     new 9b62e0f  Add `Expanding TA Secure Memory on QEMUv8` documentation (#92)
9b62e0f is described below

commit 9b62e0f95349aa2100626ed15bed30e5e02ec311
Author: Yuan Zhuang <[email protected]>
AuthorDate: Fri Sep 16 10:47:45 2022 +0800

    Add `Expanding TA Secure Memory on QEMUv8` documentation (#92)
---
 docs/README.md                               |  1 +
 docs/expanding-ta-secure-memory-on-qemuv8.md | 96 ++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)

diff --git a/docs/README.md b/docs/README.md
index a0455cf..9d3ee35 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -6,3 +6,4 @@ permalink: /trustzone-sdk-docs
 
 * [Overview of OP-TEE Rust Examples](overview-of-optee-rust-examples.md)
 * [Debugging OP-TEE TA](debugging-optee-ta.md)
+* [Expanding TA Secure Memory on 
QEMUv8](expanding-ta-secure-memory-on-qemuv8.md)
diff --git a/docs/expanding-ta-secure-memory-on-qemuv8.md 
b/docs/expanding-ta-secure-memory-on-qemuv8.md
new file mode 100644
index 0000000..2c46a41
--- /dev/null
+++ b/docs/expanding-ta-secure-memory-on-qemuv8.md
@@ -0,0 +1,96 @@
+---
+permalink: /trustzone-sdk-docs/expanding-ta-secure-memory-on-qemuv8.md
+---
+
+# Expanding TA Secure Memory on QEMUv8
+
+Since some Rust examples such as `tls_server-rs` and `tls_client-rs`  require
+larger TA memory (about 18M heap), we've expanded TA secure memory on OP-TEE
+QEMUv8 platform. On QEMUv8 platform it supports 7M TA memory originally, after
+expanding it supports 27M TA memory at most.
+
+We modified the firmware and configuration of QEMU, ATF and OPTEE. You can
+download the pre-built image from
+https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/ or patch the code
+and build the images by yourself.
+
+The modifications are:
+
+1. QEMU patch in `optee-repo/qemu`:
+
+```
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index d2e5ecd..e1070a0 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -157,7 +157,7 @@ static const MemMapEntry base_memmap[] = {
+     [VIRT_MMIO] =               { 0x0a000000, 0x00000200 },
+     /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
+     [VIRT_PLATFORM_BUS] =       { 0x0c000000, 0x02000000 },
+-    [VIRT_SECURE_MEM] =         { 0x0e000000, 0x01000000 },
++    [VIRT_SECURE_MEM] =         { 0x0e000000, 0x02000000 },
+     [VIRT_PCIE_MMIO] =          { 0x10000000, 0x2eff0000 },
+     [VIRT_PCIE_PIO] =           { 0x3eff0000, 0x00010000 },
+     [VIRT_PCIE_ECAM] =          { 0x3f000000, 0x01000000 },
+```
+
+2. ATF patch in `optee-repo/trusted-firmware-a`:
+
+```
+diff --git a/plat/qemu/qemu/include/platform_def.h 
b/plat/qemu/qemu/include/platform_def.h
+index c02eff9..ded0660 100644
+--- a/plat/qemu/qemu/include/platform_def.h
++++ b/plat/qemu/qemu/include/platform_def.h
+@@ -87,7 +87,7 @@
+ #define SEC_SRAM_SIZE                  0x00060000
+
+ #define SEC_DRAM_BASE                  0x0e100000
+-#define SEC_DRAM_SIZE                  0x00f00000
++#define SEC_DRAM_SIZE                  0x01f00000
+
+ #define SECURE_GPIO_BASE               0x090b0000
+ #define SECURE_GPIO_SIZE               0x00001000
+```
+
+3. Add configurations in `optee-repo/optee_os`:
+
+```
+diff --git a/mk/config.mk b/mk/config.mk
+index f2822df..8148cc5 100644
+--- a/mk/config.mk
++++ b/mk/config.mk
+@@ -904,3 +904,7 @@ CFG_DRIVERS_TPM2_MMIO ?= n
+ ifeq ($(CFG_CORE_TPM_EVENT_LOG),y)
+ CFG_CORE_TCG_PROVIDER ?= $(CFG_DRIVERS_TPM2)
+ endif
++
++# expand TA secure memory
++CFG_TZDRAM_START = 0x0e100000
++CFG_TZDRAM_SIZE = 0x01f00000
+```
+
+4. Patch for OP-TEE core pagetable:
+
+```
+diff --git a/core/include/mm/pgt_cache.h b/core/include/mm/pgt_cache.h
+index 0e72e17..28c58ad 100644
+--- a/core/include/mm/pgt_cache.h
++++ b/core/include/mm/pgt_cache.h
+@@ -45,9 +45,9 @@ struct pgt {
+ #if CFG_NUM_THREADS < 2
+ #define PGT_CACHE_SIZE 4
+ #elif (CFG_NUM_THREADS == 2 && !defined(CFG_WITH_LPAE))
+-#define PGT_CACHE_SIZE 8
++#define PGT_CACHE_SIZE 32
+ #else
+-#define PGT_CACHE_SIZE ROUNDUP(CFG_NUM_THREADS * 2, PGT_NUM_PGT_PER_PAGE)
++#define PGT_CACHE_SIZE 32
+ #endif
+```
+
+Finally, build images:
+
+```
+$ cd optee-repo/build
+$ make
+```


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to