Hi, On 05/28/2015 06:24 PM, ba_f wrote: > Am 2015-05-28 08:43, schrieb Matthias Lange: >> Hi, >> >> On 05/27/2015 10:35 PM, ba_f wrote: >>> Am 2015-05-27 00:11, schrieb Adam Lackorzynski: >>>> Hi ba_f, >>>> >>>> On Wed May 20, 2015 at 11:40:27 +0200, ba_f wrote: >>>>> i decided not to use libshmc and do it "manually" with Dataspace and >>>>> IRQ, >>>>> because i think this comes closest to the communication between >>>>> TrustZone >>>>> worlds. >>>>> It's the best starting point before pushing the project to TrustZone >>>>> (ie. >>>>> Normal world Client and Secure Server), isn't it? >>>> >>>> Indeed, that really comes closer to that. >>>> >>> >>> Anyway, i still have some question about that IRQ, and i would be >>> grateful if u could answer them, too. >>> >>> I found two examples with IRQ: 'l4/pkg/examples/sys/map_irq' and >>> 'l4/pkg/examples/libs/l4re/c++/shared_ds'. >>> I guess i could easily adapt them. >>> >>> What makes we wonder, is that both examples make use of >>> 'L4::Ipc::Iostream'. Actually, i dont see any difference between IRQ & >>> IPC, since both are registered servers using >>> L4.default_loader:new_channel(). >> >> I think here is a little bit of misconception. >> L4.default_loader:new_channel() creates a new IPC gate (from Lua) which >> can be used by threads to send IPC messages. (Virtual) IRQs are a >> different type of kernel object but the trigger() function eventually >> maps to IPC. You can read about the different kernel objects here [1]. >> You should also make yourself familiar with the Factory API which is >> used to create new kernel objects. >> >>> I guess, IPC is build upon IRQ? >>> >>> However, you said that IPC is not possible between TrustZone worlds, >>> because each world has a separate microkernel instance. I reason there >>> is no L4.default_loader:new_channel() possible between worlds? >>> Do u have an example design for TZ communication? >> >> Your observation is right. Essentially you have to use the 'smc' >> instruction (secure monitor call) to initiate a mode switch. The >> exception handler on the secure side then can evaluate the SMC value to >> determine the service requested. >> >> Matthias. >> >> [1] >> https://os.inf.tu-dresden.de/L4Re/doc/index.html#l4re_concepts_fiasco_kobjects >> > > > > Ok, > > i found the following thread, making things clearer. > http://os.inf.tu-dresden.de/pipermail/l4-hackers/2014/006521.html > > In the examples mentioned, IPC is used to transfer the IRQ and DS > capabilities from the client to the server, aye?
Correct. > As i want to go for TrustZone, i dont wanna use IPC. > Hence, i have to create a virtual IRQ in Ned's script, so that both > Tasks know the IRQ namespace? No, this is not possible. You run an independent kernel and user land on both the secure and non-secure side. The communication between both worlds is more like a system call interface where the non-secure side prepares a request and then issues the 'smc' instruction. This results in a context switch to the secure side where the kernel "sees" the smc instruction in form of an IRQ. Matthias. > If this is any correct, then i miss the right syntax. > I tried the following, but failed: > > > > local virtual_smc = L4.Env.Irq:create(); > > ld:start({ caps = { irq = virtual_smc:svr()},}, > "rom/server"); > > ld:start({ caps = { irq = virtual_smc },}, > "rom/client"); > > > > Thanks to all of u, > ba_f > > > > _______________________________________________ > l4-hackers mailing list > l4-hackers@os.inf.tu-dresden.de > http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers -- Matthias Lange, matthias.la...@kernkonzept.com, +49 - 351 - 41 88 86 14 Kernkonzept GmbH. Sitz: Dresden. Amtsgericht Dresden, HRB 31129. Geschäftsführer: Dr.-Ing. Michael Hohmuth _______________________________________________ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers