This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can a Linux kernel run as a TrustZone secure OS?

I have a samsung exynos 4412(Cortex-A9) development board. There is a simple secure os that can run on it. The normal os is Android. Now I am trying to select linux as the secure os.  The linux kernel is from the Android OS for the development board. The kernel version is 3.0.15. It can run pretty well when it is in normal world. When I switch to the secure world(clear the NS bit), the kernel will stop at the calibrate_delay() function in init/main.c. That is to say, the kernel uncompressed code is executed correctly and the first C function of the kernel, start_kernel(), is also executed. Almost all the initialization functions run well except running to calibrate_delay(). This function will wait for the jiffies changed:

    /* wait for "start of" clock tick */

    ticks = jiffies;

    while (ticks == jiffies);

I guess the reason is no clock interrupt is raised(I print logs in clock interrupt callback functions, they are never gotten in). I have checked the CPSR state before and after the local_irq_enable() function. The IRQ and FIQ bit are set correctly. I also print some logs in the Linux kernel's IRQ handler defined in the interrupt vectors table. Nothing logged.

I am definitely a newbie in linux kernel and trustzone. Can anybody tell me what the problem is? Or more important thing is can a linux kernel run as the trustzone secure os?  Are there any reference manual to do this?  Thank you.

  • Hi,

    If I understand correctly you are trying to run Linux in secure mode.

    Firstly it's highly discouraged to do so. Secondly if you want to do that

    you need to make sure interrupts are configure properly. The interrupts

    are grouped( Group 0 interrupts are Secure interrupts, and Group 1

    interrupts are Non-secure interrupts). May be the interrupt is configured

    and getting raised in non-secure and now you are running Linux in secure.

    Regards,

    Sudeep

  • The short answer is yes (by default).  The long answer is no, if you're actually 'using' TrustZone.

    An ARM processor that supports TrustZone will by default run in the secure world for backwards compatibility.  That is, by running in the secure world the kernel has access to the entire memory space "as usual".  So vendors that maintain their own Linux branch for their own SoC with ARM TrustZone will run in the secure world because that's just the default.

    Now, if you're actually using TrustZone for its intended purpose, then selecting Linux as the secure OS (versus the normal OS) would sort of defeat the purpose of the TrustZone.  The TrustZone is intended to run a small and extremely controlled software stack (i.e. trusted execution environment or TEE).  You could probably find more on TEEs from vendors like Sierraware or associations like GlobalPlatform, which make and spec these environments.

  • I agree with bill101010.

    From the title I thought you wanted to use Linux as Secure OS, but from

    the description I assumed you just needed to run Linux in secure mode.

    You need to check GICD_IGROUPR if each interrupt is under as Group 0

    and configured as IRQ

  • Same question with the same answers.  Can a Linux kernel run as an ARM TrustZone secure OS? - Stack Overflow

    Note, there is a difference between the 'Secure world' and a 'Secure solution'.  There is a literal answer to your question and a non-literal answer.  I think 'Semp' tries to address this.

    The GIC should run just fine with IRQs and only the secure world.  You must set GICD_IGROUPR and GICC_CTLR to select either FIQ or IRQ.  The hang-up on calibrate_delay() is due to no interrupts for whatever reason.

  • Thanks for your helpful reply. I have read the GIC part of ARM architecture specification and Exynos4412 manual these days. I hope I can find out how to config GIC correctly to run linux in secure world.

    Another thing, I found that in some secure os implementations, they also configured TZASC(TrustZone Address Access Controller) and TZPC(TrustZone Protection Controller). Is it mandatory to do that for a secure os?

    Thank you.

  • Yes TZC provides you mechanism to control and clearly partition the access to various

    memory regions(not just DRAM, anything memory mapped including all IOs) between

    the secure and non-secure world.