Hi,
On 05/28/2015 06:24 PM, ba_f wrote:
> Am 2015-05-28 08:43, schrieb Matthias Lange:
>> Hi,
>>
>> On 05/27/2015 10:35 PM, ba_f wrote:
>>> Am 2015-05-27 00:11, schrieb Adam Lackorzynski:
>>>> Hi ba_f,
>>>>
>>>> On Wed May 20, 2015 at 11:40:27 +0200, ba_f wrote:
>>>>> i decided not to use libshmc and do it "manually" with Dataspace and
>>>>> IRQ,
>>>>> because i think this comes closest to the communication between
>>>>> TrustZone
>>>>> worlds.
>>>>> It's the best starting point before pushing the project to TrustZone
>>>>> (ie.
>>>>> Normal world Client and Secure Server), isn't it?
>>>>
>>>> Indeed, that really comes closer to that.
>>>>
>>>
>>> Anyway, i still have some question about that IRQ, and i would be
>>> grateful if u could answer them, too.
>>>
>>> I found two examples with IRQ: 'l4/pkg/examples/sys/map_irq' and
>>> 'l4/pkg/examples/libs/l4re/c++/shared_ds'.
>>> I guess i could easily adapt them.
>>>
>>> What makes we wonder, is that both examples make use of
>>> 'L4::Ipc::Iostream'. Actually, i dont see any difference between IRQ &
>>> IPC, since both are registered servers using
>>> L4.default_loader:new_channel().
>>
>> I think here is a little bit of misconception.
>> L4.default_loader:new_channel() creates a new IPC gate (from Lua) which
>> can be used by threads to send IPC messages. (Virtual) IRQs are a
>> different type of kernel object but the trigger() function eventually
>> maps to IPC. You can read about the different kernel objects here [1].
>> You should also make yourself familiar with the Factory API which is
>> used to create new kernel objects.
>>
>>> I guess, IPC is build upon IRQ?
>>>
>>> However, you said that IPC is not possible between TrustZone worlds,
>>> because each world has a separate microkernel instance. I reason there
>>> is no L4.default_loader:new_channel() possible between worlds?
>>> Do u have an example design for TZ communication?
>>
>> Your observation is right. Essentially you have to use the 'smc'
>> instruction (secure monitor call) to initiate a mode switch. The
>> exception handler on the secure side then can evaluate the SMC value to
>> determine the service requested.
>>
>> Matthias.
>>
>> [1]
>> https://os.inf.tu-dresden.de/L4Re/doc/index.html#l4re_concepts_fiasco_kobjects
>>
>
>
>
> Ok,
>
> i found the following thread, making things clearer.
> http://os.inf.tu-dresden.de/pipermail/l4-hackers/2014/006521.html
>
> In the examples mentioned, IPC is used to transfer the IRQ and DS
> capabilities from the client to the server, aye?
Correct.
> As i want to go for TrustZone, i dont wanna use IPC.
> Hence, i have to create a virtual IRQ in Ned's script, so that both
> Tasks know the IRQ namespace?
No, this is not possible. You run an independent kernel and user land on
both the secure and non-secure side. The communication between both
worlds is more like a system call interface where the non-secure side
prepares a request and then issues the 'smc' instruction. This results
in a context switch to the secure side where the kernel "sees" the smc
instruction in form of an IRQ.
Matthias.
> If this is any correct, then i miss the right syntax.
> I tried the following, but failed:
>
>
>
> local virtual_smc = L4.Env.Irq:create();
>
> ld:start({ caps = { irq = virtual_smc:svr()},},
> "rom/server");
>
> ld:start({ caps = { irq = virtual_smc },},
> "rom/client");
>
>
>
> Thanks to all of u,
> ba_f
>
>
>
> _______________________________________________
> l4-hackers mailing list
> l4-hackers@os.inf.tu-dresden.de
> http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
--
Matthias Lange, matthias.la...@kernkonzept.com, +49 - 351 - 41 88 86 14
Kernkonzept GmbH. Sitz: Dresden. Amtsgericht Dresden, HRB 31129.
Geschäftsführer: Dr.-Ing. Michael Hohmuth
_______________________________________________
l4-hackers mailing list
l4-hackers@os.inf.tu-dresden.de
http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
