We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
I read TZ whitepaper. TZ's software architecture includes normal OS, secure OS, and a monitor that manages switching between two OS. The notion is clear. But how to implement them confuses me.
Running and managing two kernels on a SoC needs mechanism that scheduling two kernels. So we need a hypervisor to hold two kernels? Is it monitor's responsibility?
There are two parts to your question; scheduling the two environments and keeping them isolated from each other.
The Secure Monitor (running in EL3 on ARMv8-A, Monitor Mode in ARMv7-A) is responsible for the isolation. That is ensuring information doesn't "leak" between the two Security states.
There are several different ways you go about scheduling the two environments. It would depend on what you were using the Secure state for. Here are a couple of examples:
Thanks for your reply. In examples you provided, all of them seems to be processes of normal kernel rather than a independent kernel.