Hi Federico,

Am 03.03.2015 um 13:54 schrieb Federico Maggi:
> On Tue, Mar 3, 2015 at 12:02 PM, Paul Fertser <fercer...@gmail.com> wrote:
>> On Thu, Feb 26, 2015 at 11:27:11AM +0100, Federico Maggi wrote:
>>>> For the practical purposes if you need tracing right now, I suggest
>>>> not using OpenOCD at all and instead learn the ETM/ETB configuration
>>>> and dumping facilities already provided by Linux, the kernel.
>>>
>>> This is interesting, although it may lead to artifacts on the host. The
>>> assumption of Rodrigo's work (which I'm supervising) is that the traced 
>>> process
>>> may be effectively trying to fingerprint the environment for signs of being
>>> monitored. For instance, assuming that I'm working in kernel space, I'm
>>> wondering how the collected trace could be transferred outside the host for
>>> subsequent analysis, without leaving evidence. As I'm not a kernel hacker, 
>>> I see
>>> that we could write to a serial port or something else and then read from it
>>> from a separate machine.
>>
>> I think if the traced process is running in its own container (or even
>> a VM), it has absolutely no way to tell if it's being traced or
>> not. The trace data can be transferred by whatever means, that might
>> be an http daemon or netcat or usb mass storage or serial, anything
>> you want would work about the same afaict, a process inside a
>> container wouldn't be able to see it anyway.
> 
> we've been digging in the code, trying to compile a kernel image with
> ETM/ETB support. More specifically, we're working with
> https://git.linaro.org/kernel/coresight.git but it seems that the ETM
> driver is not configurable. So, we switched to
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> (found via https://patches.linaro.org/44314/)
> 
> Do you know of a working branch/tag to recommend?

v3.19.0 was the first release to include Coresight support. If that
doesn't work, try the latest master branch or linux-next.git (the usual
suspects).

>> Good luck with your research! Feel free to publish a link here once
>> you have a preprint ready :)
> 
> will do! :)

As alternative to OpenOCD and Linux kernel, you could try to run your
software under QEMU emulation. Software might discover that it's running
in the emulator, but it won't notice whether you're using its gdb stub
or log file tracing or not. Not sure if ETM is being emulated today or
whether that is even necessary then.

Cheers,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu,
Graham Norton; HRB 21284 (AG Nürnberg)

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
OpenOCD-devel mailing list
OpenOCD-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openocd-devel

Reply via email to