We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
I have a samsung exynos 4412(Cortex-A9) development board. There is a simple secure os that can run on it. The normal os is Android. Now I am trying to select linux as the secure os. The linux kernel is from the Android OS for the development board. The kernel version is 3.0.15. It can run pretty well when it is in normal world. When I switch to the secure world(clear the NS bit), the kernel will stop at the calibrate_delay() function in init/main.c. That is to say, the kernel uncompressed code is executed correctly and the first C function of the kernel, start_kernel(), is also executed. Almost all the initialization functions run well except running to calibrate_delay(). This function will wait for the jiffies changed:
/* wait for "start of" clock tick */
ticks = jiffies;
while (ticks == jiffies);
I guess the reason is no clock interrupt is raised(I print logs in clock interrupt callback functions, they are never gotten in). I have checked the CPSR state before and after the local_irq_enable() function. The IRQ and FIQ bit are set correctly. I also print some logs in the Linux kernel's IRQ handler defined in the interrupt vectors table. Nothing logged.
I am definitely a newbie in linux kernel and trustzone. Can anybody tell me what the problem is? Or more important thing is can a linux kernel run as the trustzone secure os? Are there any reference manual to do this? Thank you.
Same question with the same answers. Can a Linux kernel run as an ARM TrustZone secure OS? - Stack Overflow
Note, there is a difference between the 'Secure world' and a 'Secure solution'. There is a literal answer to your question and a non-literal answer. I think 'Semp' tries to address this.
The GIC should run just fine with IRQs and only the secure world. You must set GICD_IGROUPR and GICC_CTLR to select either FIQ or IRQ. The hang-up on calibrate_delay() is due to no interrupts for whatever reason.
I agree with bill101010.
From the title I thought you wanted to use Linux as Secure OS, but from
the description I assumed you just needed to run Linux in secure mode.
You need to check GICD_IGROUPR if each interrupt is under as Group 0
and configured as IRQ
Thanks for your helpful reply. I have read the GIC part of ARM architecture specification and Exynos4412 manual these days. I hope I can find out how to config GIC correctly to run linux in secure world.
Another thing, I found that in some secure os implementations, they also configured TZASC(TrustZone Address Access Controller) and TZPC(TrustZone Protection Controller). Is it mandatory to do that for a secure os?
Thank you.
Yes TZC provides you mechanism to control and clearly partition the access to various
memory regions(not just DRAM, anything memory mapped including all IOs) between
the secure and non-secure world.