Running ARM TrustZone Secure/Normal world"example

2019-04-02 07:26发布

Does anyone know how to implement the example of TrustZone running "Secure world" and "Normal world" given on the ARM documentation website below on the ZedBoard? Any documentation on this subject (running TrustZone on the ZedBoard) would be also helpful.

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15417.html

The ZedBoard has a Xilinx : Zynq® -7000 All Programmable SoC Dual ARM® Cortex™-A9 MPCore™. More information on the ZedBoard can be found here:

http://www.zedboard.org/content/overview

1条回答
倾城 Initia
2楼-- · 2019-04-02 08:28

This is a broad topic. Hopefully some of the following information will help.

First off just to de-jargon a little, SOC == system-on-a-chip.

Digilent, the board's manufacturer, has some support files for your board if you have access to the Xilinx toolchain. So first, if you go to http://www.digilentinc.com/Products/Detail.cfm?NavPath=2,400,1028&Prod=ZEDBOARD , at the bottom, you will find two files named "Linux Hardware Design for ISE" <version number>.

Also assuming you are using the Xilinx development tools, if you browse to Xilinx/<Version Number>/ISE_DS/EDK/hw/XilinxProcessorIPLib/pcores/axi_interconnect_v1_06_a/doc/ds768_axi_interconnect.pdf , you will find information on the AXI interrupt controller your board uses. This includes the fact that it supports TrustZone and some information on actually using it.

Next, if you go to http://zedboard.org/content/creating-custom-peripheral, you will find some instructions on making a "peripheral" device. I put this in quotes because the device in fact exists completely within the programmable logic; it's not something you plug into the micro usb port or what you'd traditionally think of as a "peripheral".

At the end of the tutorial, there is also a link that will help you read data from your peripheral.

If you repeat all those steps with the system.xmp file included in the zip you initially downloaded, then you'll notice all the heavy lifting has been done for you. You have a plugged in and ready to go interrupt controller on the AXI bus already that works with TrustZone, just ready and waiting for you to hook a little hello world device to it.

But what are you going to do with that hello world device? If you look in the assembly for the tutorial you linked to, you'll see in the comments they talk a lot about something called the "Secure Configuration Register". If you look in your processor's documentation (in the resources section here, http://www.arm.com/products/processors/cortex-a/cortex-a9.php) and search for the term "TrustZone extensions" (currently page 34 although obviously that's subject to change), you'll find a link to another page detailing this register. This is the same register they use in the tutorial, so in theory, if you have a trusted execution environment set up, you can now make the hello world tutorial work (mostly; you're going to likely want to do what they do in assembly with either vhdl or verilog code and just expose the results somewhere easy to read in C).

Now everything I have just mentioned will merely get you access to the TrustZone data in the AXI bus. In order to do anything interesting with this, you are going to have to actually create a secure world and normal world to read from. Otherwise any demo you put together will merely print "Hello from Secure World" (or function incorrectly). So this is where unzipping that tutorial you linked to and really reading their source will pay dividends.

Although my answer up until now is also incomplete, as the Hello World tutorial you linked isn't designed to teach you how to create Normal World (and possibly Monitor World) to begin with. Which it says explicitly in the ReadMe.txt . So reading the source won't help you with that. For that, you're going to need the link http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html . There's a lot of info there but it's intended as a reference and the first two chapters, in my humble opinion, are just what I like to call "skipable flavor text". Although if you do have time to waste some of it is fascinating and informative as far as security theory in general. Chapter 3 will begin to teach you how to develop for TrustZone.

But hopefully the information I provided will turn this into less of a permissions problem for you and into more of an education problem. I'm still educating myself on this stuff.

查看更多
登录 后发表回答