Am 2015-05-28 08:43, schrieb Matthias Lange:
Hi,
On 05/27/2015 10:35 PM, ba_f wrote:
Am 2015-05-27 00:11, schrieb Adam Lackorzynski:
Hi ba_f,
On Wed May 20, 2015 at 11:40:27 +0200, ba_f wrote:
i decided not to use libshmc and do it "manually" with Dataspace and IRQ, because i think this comes closest to the communication between TrustZone worlds. It's the best starting point before pushing the project to TrustZone (ie. Normal world Client and Secure Server), isn't it?
Indeed, that really comes closer to that.
Anyway, i still have some question about that IRQ, and i would be grateful if u could answer them, too.
I found two examples with IRQ: 'l4/pkg/examples/sys/map_irq' and 'l4/pkg/examples/libs/l4re/c++/shared_ds'. I guess i could easily adapt them.
What makes we wonder, is that both examples make use of 'L4::Ipc::Iostream'. Actually, i dont see any difference between IRQ & IPC, since both are registered servers using L4.default_loader:new_channel().
I think here is a little bit of misconception. L4.default_loader:new_channel() creates a new IPC gate (from Lua) which can be used by threads to send IPC messages. (Virtual) IRQs are a different type of kernel object but the trigger() function eventually maps to IPC. You can read about the different kernel objects here [1]. You should also make yourself familiar with the Factory API which is used to create new kernel objects.
I guess, IPC is build upon IRQ?
However, you said that IPC is not possible between TrustZone worlds, because each world has a separate microkernel instance. I reason there is no L4.default_loader:new_channel() possible between worlds? Do u have an example design for TZ communication?
Your observation is right. Essentially you have to use the 'smc' instruction (secure monitor call) to initiate a mode switch. The exception handler on the secure side then can evaluate the SMC value to determine the service requested.
Matthias.
[1] https://os.inf.tu-dresden.de/L4Re/doc/index.html#l4re_concepts_fiasco_kobjec...
Ok,
i found the following thread, making things clearer. http://os.inf.tu-dresden.de/pipermail/l4-hackers/2014/006521.html
In the examples mentioned, IPC is used to transfer the IRQ and DS capabilities from the client to the server, aye?
As i want to go for TrustZone, i dont wanna use IPC. Hence, i have to create a virtual IRQ in Ned's script, so that both Tasks know the IRQ namespace?
If this is any correct, then i miss the right syntax. I tried the following, but failed:
local virtual_smc = L4.Env.Irq:create();
ld:start({ caps = { irq = virtual_smc:svr()},}, "rom/server");
ld:start({ caps = { irq = virtual_smc },}, "rom/client");
Thanks to all of u, ba_f