rump files missing fatal error on virt qemu riscv
Hi all, While building the sculpt for virt_qemu_riscv, I got the following fatal error. checking library dependencies... Library-description file rump.mk is missing Library ldso_so_support COMPILE so_support.o MERGEldso_so_support.lib.a Library ld CONVERT ld.symbols.s ASSEMBLE ld.symbols.o MERGEld.abi.so Library base MERGEbase.lib.a Library block_session MERGEblock_session.lib.a Library config MERGEconfig.lib.a Library file_system MERGEfile_system.lib.a Library file_system_session MERGEfile_system_session.lib.a Library os MERGEos.lib.a Library rump_tools MERGErump_tools.lib.a Library rump_fs COMPILE autoconf.o In file included from /genode/depot/genodelabs/src/rump/2022-11-28/src/lib/dde_rump/src/sys/rump/librump/rumpdev/autoconf.c:28: genode/depot/genodelabs/src/rump/2022-11-28/src/lib/dde_rump/src/sys/sys/cdefs.h:58:10: fatal error: machine/cdefs.h: No such file or directory 58 | #include | ^ compilation terminated. make[7]: *** [/genode/repos/base/mk/generic.mk:58: autoconf.o] Error 1 make[6]: *** [var/libdeps:187: rump_fs.lib] Error 2 make[5]: *** [Makefile:336: gen_deps_and_build_targets] Error 2 make[4]: *** [genode/tool/depot/mk/build_bin_archive:208: /genode/depot/genodelabs/bin/riscv/rump/2022-11-28.build/bin] Error 1 make[3]: *** [/genode/depot/var/build.mk:264: genodelabs/bin/riscv/rump/2022-11-28] Error 2 make[2]: *** [/genode/tool/depot/build:136: execute_generated_build_mk_file] Error 2 make[1]: *** [/genode/tool/depot/create:59: build] Error 2 make[1]: Leaving directory '/genode/build/riscv' It seems some ports are not prepared for riscv. Kindly suggest what files/directories are to be added and which files require changes. Thanks and regards, Pranab ___ Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Re: Sculpt 22.10 not working on Thinkpad X201
March 1, 2023 at 7:17 AM, "Alexander Boettcher" wrote: > Hi, > > On 28.02.23 14:46, dogma--- via users wrote: > > > > > I tried commenting out the graphics-related lines in the GRUB config files > > to see what it might display. But I just got "Booting 'Genode on NOVA'" and > > a blinking cursor. Perhaps it relies on GRUB setting up the graphics state > > anyway. > > > > no, the graphical boot mode is not strictly required for Intel based systems. > > Which CPU do you have in your X201, in mine is a Intel (R) Core(TM) i5 CPU M > 520 @ 2.4 GHz, 4GB RAM, 1280x800 resolution. Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz also 4GB and 1280x800. > - Can you try another USB stick, just in case ? Still fails. > - You may try to remove the 'iommu' line from the hypervisor module2 boot > entry in grub.cfg, which may make a difference. No change. > - In legacy BIOS boot mode (which seems apply to you), you may also try to > remove the 'novga' commandline from the hypervisor module2. In case something > goes wrong very early, the kernel message may give a hint. (but this will > give you no output from Genode system itself) No change. > - If nothings helps, we would need a log of your system to assist further. > -- You may try to setup the report_dump component [0], which would dump all > logs kept in memory to your USB stick, if the system comes up far enough. > However, this would require another machine, where Sculpt OS boots up fine > and you can configure it according to [0]. I was able to boot it on a Latitude E6440, and, improbably enough for an utter novice, actually got the report_dump working so that when I boot on the E6440 there are logs, but when I boot on the X201, no logs. I was so pleased with myself until there were no logs. > -- Or, enable some serial output device, either Intel AMT SOL [1] (if > supported for your X201) or plug in a PCMCIA serial card. You would need > (slightly) to re-configure Sculpt, see [2]. Add at the 7. step a 'LOG=core' > to the command, e.g. 'LOG=core make -C build/x86_64 run/sculpt KERNEL=nova > BOARD=pc'. The log output of Genode would now go over your serial device and > you may capture it. > > Hope it helps bit, > > Alex. > > [0] > https://genode.org/documentation/articles/sculpt-vc#Sculpt_as_a_hardware-probing_instrument > [1] https://genodians.org/chelmuth/2019-01-16-test-machine > [2] > https://genode.org/documentation/articles/sculpt-22-10#Building_the_boot_image > > > > > February 28, 2023 at 12:55 PM, "dogma--- via users" > > wrote: > > > > > > > > February 28, 2023 at 8:16 AM, "Alexander Boettcher" > > > wrote: > > > > > > > Hello, > > > > the X201 next to me on my desk is working fine with Sculpt 22.10. > > > > Several points which you can check: > > - Do you have an external monitor attached with a too high resolution > > (beyond 2K) ? > > - Do you using an docking station ? > > - Do you use coreboot instead of the default bios ? > > > > > > > > It’s good to know it should work. None of these apply to me. > > > > > > > Cheers, > > > > Alex. > > > > On 2/28/23 6:52 AM, dogma--- via users wrote: > > > > > > Image dd'ed to a flash drive, and I checked that vt-d, vt-x, and NX were > > as they should be. GRUB shows the splash image briefly, the screen goes > > blank black, something in the computer makes a moderately high-pitched > > sound for five seconds or so, and nothing more happens. > > ___ > > Genode users mailing list > > users@lists.genode.org > > https://lists.genode.org/listinfo/users > > > > > > -- Alexander Boettcher > > Genode Labs > > > > https://www.genodians.org/ - https://www.genode.org/ > > > > ___ > > Genode users mailing list > > users@lists.genode.org > > https://lists.genode.org/listinfo/users > > > > > > > > ___ > > > Genode users mailing list > > > users@lists.genode.org > > > https://lists.genode.org/listinfo/users > > > > > > > > > ___ > > Genode users mailing list > > users@lists.genode.org > > https://lists.genode.org/listinfo/users > > > > -- > Alexander Boettcher > Genode Labs > > https://www.genodians.org/ - https://www.genode.org/ > > ___ > Genode users mailing list > users@lists.genode.org > https://lists.genode.org/listinfo/users > ___ Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Re: Trustzone with virt_qemu_arm_v8a
On Wed, 1 Mar 2023 at 11:20, Stefan Kalkowski wrote: > > Hello Divya, > > my colleague Norman raised the reasonable question, why don't you use > virtualization for your use-case instead of TrustZone? It is much more > appropriated, and already supported. > > Regards > Stefan > This is the only sensible option. As Stefan explained; it is very large amount of work to device some kind of secure vmm from scratch. It is possible to overwrite ATF and run "simple" functions from the new exception table. Another option is to use something I have tinkered with. I use a dedicated CPU core and since it is started without any EL switching it can run , in the background behind Genode, and can be kept secure. In order to communicate with it you probably need to do a exception vector for the CPU cores Genode runs on. When all is setup , you can message your crypto routines running on the dedicated CPU core by doing SVC calls and in the vector entries use the soc's mailboxing. But, *really*, "normal" virtualization is the best option. Every other option requires a lot of assembly and would step away from Genodes software design. Regards, MIchael ___ Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users
Re: Trustzone with virt_qemu_arm_v8a
Hello Divya, my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported. Regards Stefan On Tue, Feb 28, 2023 at 02:28:14PM +0100, Stefan Kalkowski wrote: > Hello, > > On Tue, Feb 28, 2023 at 06:26:06PM +0530, Divya Sharma wrote: > > To be more specific we want to create an app/program on Linux/Android and > > for cryptographic work, we want to switch to a trusted os, Genode. > > so we need to work on 2 things > > 1) switching between Normal os to secure os and vice versa > > 2) set up Linux/android on top of genode. > > Okay. Please be aware, that you have to partition the devices to be > used by either side, only TrustZone-aware devices can get "shared" > resp. used by both sides, e.g., the CPU and interrup-controller. > > > > > please suggest something for 2nd option. > > The steps necessary for this use-case I've already sketched in my last > response. Please read that carefully. If you have more specific > implementation and design questions regarding our software stack, > please feel free to ask. > > Regards > Stefan > > > > > Regards > > Divya > > > > > > On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski < > > stefan.kalkow...@genode-labs.com> wrote: > > > > > Hello Divya, > > > > > > On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote: > > > > Dear Genodians, > > > > > > > > I hope this message finds you well. I am writing to follow up on our > > > > previous discussion regarding running kernels in secure mode using QEMU. > > > > > > > > As per your suggestion, we have investigated the use of QEMU for this > > > > purpose and found that it does support the required kernels. However, we > > > > require further guidance on setting up an exception vector for the EL3. > > > > Could you kindly provide us with the necessary steps to accomplish this > > > > task? > > > > > > > > > > This goes _far_ beyond the scope of an easy to answer "How to..." > > > question. > > > > > > My first counter question would be: what do you want to achieve? > > > What is your goal: do you want different fully functional OSes on both > > > sides: secure world and normal world, or "just" some library OS > > > functionality on the secure side for doing for instance some > > > cryptographic work? Is Genode running on both sides, or what is > > > running in the normal world? > > > > > > If you only want to "play" with the current possibilities of the > > > Genode framework only, this goes far beyond this scope. You would need > > > to develop certain functionalities not yet implemented for ARMv8. In > > > that case, much more knowledge about your envisioned system is needed. > > > > > > > Additionally, we are interested in running a simple program similar to > > > the > > > > one demonstrated in the IMX demo. Could you please suggest any relevant > > > > documents or threads that could assist us in achieving this objective? > > > > > > I don't know which "simple program" you mean actually? The only > > > visible TrustZone examples for i.MX53 I'm aware of are Linux or > > > Android running in the normal world, and Genode's base-hw kernel, > > > some drivers and a kind of TrustZone VMM running in the secure > > > world. This is actually no simple scenario at all. > > > > > > If you want to re-produce this scenario, you have to: > > > > > > * Analyze functionality and security-wise, which system registers have > > > to be saved / restored by the secure-monitor on ARMv8 > > > * Implement (in assembler) a world-switch routine from the > > > normal-to-secure world (this is the exception vector), and > > > vice-versa > > > * Setup the secure-monitor mode, e.g. by setting the exception > > > vector's address in EL3 mode > > > * Re-write or extend the TrustZone VMM to handle ARMv8 > > > > > > Regards > > > Stefan > > > > > > > > > > > Thank you for your time and assistance. > > > > > > > > Sincerely, > > > > > > > > Divya > > > > > > > > On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < > > > > stefan.kalkow...@genode-labs.com> wrote: > > > > > > > > > Hello Devashish, > > > > > > > > > > in its currently used form on ARMv8: if Genode's own kernel variant > > > > > "base-hw" gets booted into TrustZone's secure mode at all, it leaves > > > > > it without doing any additional setup into the normal world resp. > > > > > directly into EL2 hypervisor mode to prepare that. > > > > > > > > > > With other words, without modifications you can't use the secure world > > > > > right now. On most platforms this is actually already in use by ARM's > > > > > Trusted Firmware (ATF), which implements things like multi-processor > > > > > wakeup, suspend etc., so we can't make use of it without replacing the > > > > > whole ATF. > > > > > > > > > > In general it is however possible to do so, but you'll need to do > > > > > several in-depth modifications to make that work. First you need to > > > > > find out
