From: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
To: Hongfei Cheng <hongfei@mperpetuo.com>
Cc: Xenomai Mailing List <xenomai@xenomai.org>
Subject: Re: [Xenomai] I-pipe's determinism in handling hardware interrupts when GIC implements "Security Extensions"
Date: Thu, 13 Aug 2015 21:11:57 +0200 [thread overview]
Message-ID: <20150813191157.GG28709@hermes.click-hack.org> (raw)
In-Reply-To: <CAKC9m6f5Yc7MZHZQO2MRCf+y2nOM7P1psX4fLTeqgE4tsnv+RA@mail.gmail.com>
On Thu, Aug 13, 2015 at 11:51:59AM -0700, Hongfei Cheng wrote:
> Hi All,
>
> I am wondering (aloud) if anyone has experience running I-pipe on
> ARMv7 platform which supports ARM's Security Extensions (TrustZone).
I think we have that on some omap3/omap4 boards.
>
> I believe, starting in ARMv7-A/R architecture, ARM added the
> (optional) Security Extensions (TrustZone) to provide hardware
> security features. Some of the ARM SoCs on the supported list by
> Xenomai, such as Freescale QorIQ LS1 and Xilinx Zynq, appear to have
> implemented such extensions.
>
> On an ARM SoC platform implementing the Security Extensions -
> 1). How does the I-pipe/Adeos deal with both the interrupt sources in
> "Normal world" (non-secure interrupt) and "Secure world" (secure
> interrupt)?
Correct me if I am wrong, I do not know which is which, but I
believe the Linux code only lives in one of the two worlds. The
other world is the one of a monitor, or whatever you call it, and
inaccessible to Linux (that is the aim of "securing the processor").
So, by definition I-pipe being a modification of Linux and not of
the monitor can not access the privileged operations.
> 2). What would happen if a Xenomai real-time thread is taking on a
> non-secure interrupt while a secure interrupt with higher priviledge
> arrives which must be routed to a Linux thread?
> 3). Since a secure interrupt can take an unbounded amount of time to
> complete its task, such as downloading firmware, will it break
> I-pipe's determinism in serving non-secure interrupt on behalf of
> Xenomai real-time threads?
I am not sure this case can exist. Are not these privileged
interrupt only handled by the monitor? Anyway, if when this
interrupt is masked at the interrupt controller level, non
privileged interrupts can be handled, then there is no problem. If
such an interrupt has to be handled before any more interrupt can be
taken, even if masked, then you have a problem. If, like I believe,
such a "privileged interrupt" is handled by the monitor behind
Linux/I-pipe's back, then yes, it will break determinism.
--
Gilles.
https://click-hack.org
next prev parent reply other threads:[~2015-08-13 19:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-13 18:51 [Xenomai] I-pipe's determinism in handling hardware interrupts when GIC implements "Security Extensions" Hongfei Cheng
2015-08-13 19:11 ` Gilles Chanteperdrix [this message]
2015-08-14 20:38 ` Hongfei Cheng
2015-08-15 5:46 ` Jan Kiszka
2015-08-18 17:37 ` Hongfei Cheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150813191157.GG28709@hermes.click-hack.org \
--to=gilles.chanteperdrix@xenomai.org \
--cc=hongfei@mperpetuo.com \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.