We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
I have a samsung exynos 4412(Cortex-A9) development board. There is a simple secure os that can run on it. The normal os is Android. Now I am trying to select linux as the secure os. The linux kernel is from the Android OS for the development board. The kernel version is 3.0.15. It can run pretty well when it is in normal world. When I switch to the secure world(clear the NS bit), the kernel will stop at the calibrate_delay() function in init/main.c. That is to say, the kernel uncompressed code is executed correctly and the first C function of the kernel, start_kernel(), is also executed. Almost all the initialization functions run well except running to calibrate_delay(). This function will wait for the jiffies changed:
/* wait for "start of" clock tick */
ticks = jiffies;
while (ticks == jiffies);
I guess the reason is no clock interrupt is raised(I print logs in clock interrupt callback functions, they are never gotten in). I have checked the CPSR state before and after the local_irq_enable() function. The IRQ and FIQ bit are set correctly. I also print some logs in the Linux kernel's IRQ handler defined in the interrupt vectors table. Nothing logged.
I am definitely a newbie in linux kernel and trustzone. Can anybody tell me what the problem is? Or more important thing is can a linux kernel run as the trustzone secure os? Are there any reference manual to do this? Thank you.
The short answer is yes (by default). The long answer is no, if you're actually 'using' TrustZone.
An ARM processor that supports TrustZone will by default run in the secure world for backwards compatibility. That is, by running in the secure world the kernel has access to the entire memory space "as usual". So vendors that maintain their own Linux branch for their own SoC with ARM TrustZone will run in the secure world because that's just the default.
Now, if you're actually using TrustZone for its intended purpose, then selecting Linux as the secure OS (versus the normal OS) would sort of defeat the purpose of the TrustZone. The TrustZone is intended to run a small and extremely controlled software stack (i.e. trusted execution environment or TEE). You could probably find more on TEEs from vendors like Sierraware or associations like GlobalPlatform, which make and spec these environments.