Hello Divya, my colleague Norman raised the reasonable question, why don't you use virtualization for your use-case instead of TrustZone? It is much more appropriated, and already supported.
Regards Stefan On Tue, Feb 28, 2023 at 02:28:14PM +0100, Stefan Kalkowski wrote: > Hello, > > On Tue, Feb 28, 2023 at 06:26:06PM +0530, Divya Sharma wrote: > > To be more specific we want to create an app/program on Linux/Android and > > for cryptographic work, we want to switch to a trusted os, Genode. > > so we need to work on 2 things > > 1) switching between Normal os to secure os and vice versa > > 2) set up Linux/android on top of genode. > > Okay. Please be aware, that you have to partition the devices to be > used by either side, only TrustZone-aware devices can get "shared" > resp. used by both sides, e.g., the CPU and interrup-controller. > > > > > please suggest something for 2nd option. > > The steps necessary for this use-case I've already sketched in my last > response. Please read that carefully. If you have more specific > implementation and design questions regarding our software stack, > please feel free to ask. > > Regards > Stefan > > > > > Regards > > Divya > > > > > > On Mon, Feb 27, 2023 at 4:45 PM Stefan Kalkowski < > > stefan.kalkow...@genode-labs.com> wrote: > > > > > Hello Divya, > > > > > > On Mon, Feb 27, 2023 at 02:53:43PM +0530, Divya Sharma wrote: > > > > Dear Genodians, > > > > > > > > I hope this message finds you well. I am writing to follow up on our > > > > previous discussion regarding running kernels in secure mode using QEMU. > > > > > > > > As per your suggestion, we have investigated the use of QEMU for this > > > > purpose and found that it does support the required kernels. However, we > > > > require further guidance on setting up an exception vector for the EL3. > > > > Could you kindly provide us with the necessary steps to accomplish this > > > > task? > > > > > > > > > > This goes _far_ beyond the scope of an easy to answer "How to..." > > > question. > > > > > > My first counter question would be: what do you want to achieve? > > > What is your goal: do you want different fully functional OSes on both > > > sides: secure world and normal world, or "just" some library OS > > > functionality on the secure side for doing for instance some > > > cryptographic work? Is Genode running on both sides, or what is > > > running in the normal world? > > > > > > If you only want to "play" with the current possibilities of the > > > Genode framework only, this goes far beyond this scope. You would need > > > to develop certain functionalities not yet implemented for ARMv8. In > > > that case, much more knowledge about your envisioned system is needed. > > > > > > > Additionally, we are interested in running a simple program similar to > > > the > > > > one demonstrated in the IMX demo. Could you please suggest any relevant > > > > documents or threads that could assist us in achieving this objective? > > > > > > I don't know which "simple program" you mean actually? The only > > > visible TrustZone examples for i.MX53 I'm aware of are Linux or > > > Android running in the normal world, and Genode's base-hw kernel, > > > some drivers and a kind of TrustZone VMM running in the secure > > > world. This is actually no simple scenario at all. > > > > > > If you want to re-produce this scenario, you have to: > > > > > > * Analyze functionality and security-wise, which system registers have > > > to be saved / restored by the secure-monitor on ARMv8 > > > * Implement (in assembler) a world-switch routine from the > > > normal-to-secure world (this is the exception vector), and > > > vice-versa > > > * Setup the secure-monitor mode, e.g. by setting the exception > > > vector's address in EL3 mode > > > * Re-write or extend the TrustZone VMM to handle ARMv8 > > > > > > Regards > > > Stefan > > > > > > > > > > > Thank you for your time and assistance. > > > > > > > > Sincerely, > > > > > > > > Divya > > > > > > > > On Wed, Feb 22, 2023 at 2:30 PM Stefan Kalkowski < > > > > stefan.kalkow...@genode-labs.com> wrote: > > > > > > > > > Hello Devashish, > > > > > > > > > > in its currently used form on ARMv8: if Genode's own kernel variant > > > > > "base-hw" gets booted into TrustZone's secure mode at all, it leaves > > > > > it without doing any additional setup into the normal world resp. > > > > > directly into EL2 hypervisor mode to prepare that. > > > > > > > > > > With other words, without modifications you can't use the secure world > > > > > right now. On most platforms this is actually already in use by ARM's > > > > > Trusted Firmware (ATF), which implements things like multi-processor > > > > > wakeup, suspend etc., so we can't make use of it without replacing the > > > > > whole ATF. > > > > > > > > > > In general it is however possible to do so, but you'll need to do > > > > > several in-depth modifications to make that work. First you need to > > > > > find out whether on Qemu the kernel gets started in secure mode. If > > > > > yes you would need at least to setup an exception vector for the EL3 > > > > > secure-monitor mode, so that you handle for instance SMC-calls. > > > > > Probably you'll need to setup the MMU for the EL3 mode. > > > > > To sum it up it is some serious work to do. If you are interested in > > > > > exploring that, please have a look into the current CPU and > > > exception-level > > > > > (EL) setup in file: > > > > > repos/base-hw/src/bootstrap/spec/arm_64/cortex_a53_mmu.cc > > > > > That would be a good starting point to hook in. > > > > > > > > > > Regards > > > > > Stefan > > > > > > > > > > On Wed, Feb 22, 2023 at 01:40:13PM +0530, Devashish Dewangan cs21m017 > > > > > wrote: > > > > > > Dear Genodians, > > > > > > I am working with virt_qemu_arm_v8a, and I read the extensive > > > > > documentation > > > > > > on how Genode has experimented with the Trustzone of ARM. I want to > > > > > explore > > > > > > the Trustzone and run an application in the secure mode, but I > > > wanted to > > > > > > know if it is possible to do with virt_qemu_arm. > > > > > > > > > > > > -- > > > > > > Regards, > > > > > > Devashish Dewangan > > > > > > CS21M017 > > > > > > > > > > > _______________________________________________ > > > > > > Genode users mailing list > > > > > > users@lists.genode.org > > > > > > https://lists.genode.org/listinfo/users > > > > > > > > > > > > > > > -- > > > > > Stefan Kalkowski > > > > > Genode labs > > > > > > > > > > https://github.com/skalk | https://genode.org > > > > > > > > > > _______________________________________________ > > > > > Genode users mailing list > > > > > users@lists.genode.org > > > > > https://lists.genode.org/listinfo/users > > > > > > > > > > > > _______________________________________________ > > > > Genode users mailing list > > > > users@lists.genode.org > > > > https://lists.genode.org/listinfo/users > > > > > > > > > -- > > > Stefan Kalkowski > > > Genode labs > > > > > > https://github.com/skalk | https://genode.org > > > > > > _______________________________________________ > > > Genode users mailing list > > > users@lists.genode.org > > > https://lists.genode.org/listinfo/users > > > > > > _______________________________________________ > > Genode users mailing list > > users@lists.genode.org > > https://lists.genode.org/listinfo/users > > > -- > Stefan Kalkowski > Genode labs > > https://github.com/skalk | https://genode.org > > _______________________________________________ > Genode users mailing list > users@lists.genode.org > https://lists.genode.org/listinfo/users -- Stefan Kalkowski Genode labs https://github.com/skalk | https://genode.org _______________________________________________ Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users