Is it possible to for a Virtual Machine to switch the processor to the secure state ?
I have a Linux virtual machine hosted by KVM hypervisor . I plan to run the WPA2 authentication and other crypto functions in the secure world. Is this possible in ARMv8A processor ? So the question boils down to can KVM virtualize the trustzone ?
Of course you can. Use SMC calling conventions. SMC interrupts the processor it invoked it and causes it to go Sync Type Exception. Unfortunately Hypervisor (EL2) doesn't run in a secure state so it cannot aceess secure world from itself. SMC is being handle in Secure Monitor ofArm Trusted Firmware. I don't belive your system doesn't have it though it is possible.
So a TZ driver in the VM can switch the processor state to secure state and a secure world app in the VM can execute in the Trust Zone ?
There are different exception Levels, El3 is a Secure Monitor, EL2 is the hypervisor el1 operating system and el0 normal user space.
A hyper visor runs in El2 and switches between the different os instances controlling the second stage mmu - similar to the os on the first stage mmu.
The secure monitor is a kind of hyper visor which switches between the secure and non secure world.
With instructions you can switch from one exception level to the next level - so secure mode can switch to non secure mode and the hyper visor can switch to the os and the os to the application. Each layer has a fine grain control what to execute next on each level.
The way back has to be very 'secure' so an application can't jump every where into the os but only through the exception handler.
Each layer has this exception handler which defines where to execute.
During boot the boot code would the CPU in El3 and then the code can but doesn't have to install a secure handler.
Then the code reutrns and leaves the CPU in exception level 2. Because Linux expects EL1 soon a switch would happen, but just before this switch the exception handler for El2 is installed by Linux early during boot to be able later to install the actual KVM (El2 hypervisor code).
Typically the secure code needs special review and should not get mixed with Linux. There is a reference implementation (arm-truste-firmware) which can be used to handle the needs of El3.
Then you can use a trusted os to install trusted applications which can then implement what ever you want.
Obviously Linux needs a driver to be able to talk to this. Op-tee and genetic tee may be guiding you to some examples.
Kind Regards
Thorsten
The SW running in the VM cannot get out unless the hypervisor provides the possibility (hypervisor call). You cannot have a TZ in a VM unless you emulate a CPU.
Edit: As I understand ArmV8.4 (*beurk* I prefer ARMv8.4) allows to have a secure VM. Then you only need a communication channel between the NS-VM and the S-VM. (Sounds mindboggling).