Discussion:
Timers
christian schulte
2017-04-02 23:24:55 UTC
Permalink
Hi

I am running Genode VMM demo on i.mx53 QSB. I wanted to configure the
secure world or tz_vmm to switch to the normal world periodically using
timer driver. It would be great if you could give me a hint how to do that.
I think the board supports three timers (EPIT, GPT and watchdog).

Which timer is accessed and used by the guest OS (Linux) and which one is
not. How to protect the Genode timer driver as the normal world or Linux
may interfere with it?

Thanks a lot!

Best regards,
Christian
Stefan Kalkowski
2017-04-04 09:19:30 UTC
Permalink
Hi Christian,
Post by christian schulte
Hi
I am running Genode VMM demo on i.mx53 QSB. I wanted to configure the
secure world or tz_vmm to switch to the normal world periodically using
timer driver. It would be great if you could give me a hint how to do that.
Actually, one of the EPIT timers is already used by our kernel for
scheduling. Thereby, you already enter the secure world regularily. If I
remember correctly the GPT timer is used by Linux for scheduling.

In general, you have to assign the corresponding timer device to be used
by the secure world only, using the Central Security Unit (CSU), e.g.
for GPT and EPIT 1 + 2 change this line:

repos/base-hw/src/core/include/spec/imx53/trustzone/csu.h:118

into:

write<Csl04::Slave_a>(Csl00::SECURE);

Unfortunately, all these timers EPIT 1 + 2 and GPT are assigned to the
same bank in the CSU, which guards memory-mapped I/O access to
peripherals. Therefore, you cannot differentiate in between those timers
with regard to TrustZone access.

In our in-depth TrustZone article[1] that also describes the i.MX53
demonstrator, we mentioned:

"For our prototype, we partitioned the platform where easily feasible
(e.g., for DDR memory, interrupts) but we did not attempt to implement
device emulators. In the case of the clock and power management module,
we decided to grant the normal world access to the devices, yet disabled
code paths in the Linux kernel that would interfere with the liveliness
of secure world. We feel that this approach is appropriate for a
demonstrator. For building a real product, the decision would come down
to an even-handed judgement."

A real solution implies that you have to change the Linux guest kernel
to not touch any of those timers, and deny access of the "normal" world.
Thereby, the VMM would receive a data-abort whenever Linux accesses one
of these timers.

If you just want to experiment around, you can leave the cooperative
usage of the timers in between both worlds as it is, but use the
watchdogs for your experiment. They are guarded by Csl03::Slave_a and
Csl03::Slave_b.

You can find all security related register settings, like the CSU
registers, in the "MCIMX53 Multimedia Applications Processor Security
Reference Manual", you have to follow the link in this forum[2].

Moreover, after extracting the timer access from the "normal" world, you
have to configure the corresponding interrupt number to be a secure
interrupt, otherwise it will still be delivered to Linux. Therefore, add
your timer/watchdog interrupt number here:

repos/base-hw/src/core/spec/imx53/trustzone/platform_support.cc:31

I hope this clarifies your questions.

Regards
Stefan

[1] https://genode.org/documentation/articles/trustzone
[2] https://community.nxp.com/thread/331611
Post by christian schulte
I think the board supports three timers (EPIT, GPT and watchdog).
Which timer is accessed and used by the guest OS (Linux) and which one
is not. How to protect the Genode timer driver as the normal world or
Linux may interfere with it?
Thanks a lot!
Best regards,
Christian
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
genode-main mailing list
https://lists.sourceforge.net/lists/listinfo/genode-main
--
Stefan Kalkowski
Genode Labs

https://github.com/skalk ยท http://genode.org/
Loading...