Hi,
I was wondering if someone could point me at documentation, or describe in a reply, how L4 Fiasco + L4Re makes use of the ARM TrustZone hardware? I see that support for TrustZone is listed listed as one of the features of Fiasco, but haven't been able to figure out exactly what that means.
If built for an ARM chip with TrustZone support, does L4 automatically set up a TrustZone execution environment for each L4 server? Or do I need to tell it somewhere to put each server into its own environment? Are the hardware calls automatically made when switching between servers? How does use of TrustZone influence message passing between servers?
I'm afraid all I've found in the source appears to be some code in the hardware porting layer that is a relative mystery to me.
Thanks,
Hi Wesley,
I was wondering if someone could point me at documentation, or describe in a reply, how L4 Fiasco + L4Re makes use of the ARM TrustZone hardware? I see that support for TrustZone is listed listed as one of the features of Fiasco, but haven't been able to figure out exactly what that means.
We use TrustZone for virtualisation. We developed this within an EU project called TECOM. You can find an introduction on what we did here: http://www.tecom-project.eu/downloads/deliverables2009/TECOM-D02.6-First-ini...
Michael
Thanks, Michael and Torsten, for the links.
I think this clarifies for me how TrustZone is used. I was thinking the two L4 servers were the used, one in secure world and one in non-secure world. But looking at these papers and the vm-tz sample code referenced in the TUDOS paper my understanding now is that all the L4 servers run in secure world and the call to l4_vm_run launches Linux in the non-secure world from one of the L4 servers (the VMM in your paper, Torsten).
I was also thinking that L4Linux was run as the non-secure Linux via TrustZone but that was incorrect. L4Linux is for a paravirtualized security split while something like TZ-Linux is used for a full virtualized security split, with L4 as the "Hypervisor". Has TZ-Linux and its associated work been publicly released?
Thank you,
Wesley Miaw(wesley@wesman.net)@2011.01.12 17:22:52 -0800:
I was also thinking that L4Linux was run as the non-secure Linux via TrustZone but that was incorrect. L4Linux is for a paravirtualized security split while something like TZ-Linux is used for a full virtualized security split, with L4 as the "Hypervisor". Has TZ-Linux and its associated work been publicly released?
No. Its just a prove of concept. However there exists a snapshot that should build and run out of the box on a recent Realview/PBX board. With the upcoming virtualization extensions for ARM this approach is more or less obsolete.
Torsten
Wesley Miaw(wesley@wesman.net)@2011.01.11 15:17:06 -0800:
Hi,
I was wondering if someone could point me at documentation, or describe in a reply, how L4 Fiasco + L4Re makes use of the ARM TrustZone hardware? I see that support for TrustZone is listed listed as one of the features of Fiasco, but haven't been able to figure out exactly what that means.
A look at the following paper might help to get a better understanding what we are TrustZone using for:
http://os.inf.tu-dresden.de/papers_ps/rtlws2010_armtrustzone.pdf
Torsten
l4-hackers@os.inf.tu-dresden.de
-
Michael Roitzsch -
Torsten Frenzel -
Wesley Miaw