From: Dave.Martin@arm.com (Dave Martin)
To: linux-arm-kernel@lists.infradead.org
Subject: [Ksummit-2013-discuss] [ARM ATTEND] Trustzone-based security solution for ARM Linux
Date: Thu, 15 Aug 2013 18:43:15 +0100 [thread overview]
Message-ID: <20130815174307.GA17245@localhost.localdomain> (raw)
In-Reply-To: <520CFBDE.4000408@wwwdotorg.org>
On Thu, Aug 15, 2013 at 10:03:42AM -0600, Stephen Warren wrote:
> On 08/15/2013 01:36 AM, Barry Song wrote:
> > 2013/8/15 Greg KH <greg@kroah.com>:
> >> On Thu, Aug 15, 2013 at 11:44:30AM +0800, Barry Song wrote:
> >>> For the moment, there is strong markting requirement from
> >>> IVI(In-Vehicle Infotainment) or mobile to use ARM Trustzone. We take
> >>> IVI as an example, Auto requires security enviorment to access CAN bus
> >>> and other car busses. Auto requires security enviorment to show
> >>> rearview/surround view from cameras and play alert audio. on the other
> >>> hand, IVI system is generically working as a video streaming sink and
> >>> HDMI sink instead of a source. To support HDCP and widevine, we need
> >>> to make sure private keys and video buffers are only visible to
> >>> security mode. With CAN stack, video playback backend and more tasks,
> >>> generically it requires a multi-task RTOS running in security mode
> >>> parallel with Linux in non-security mode.
> >>>
> >>> Linux is a generic purpose OS with UI and all kinds of software, but
> >>> we need to make sure even the Linux is ROOTed, RTOS in security mode
> >>> is still active. We are able to find some opensource projects like
> >>> SafeG[1], Multivisor[2], SierraVisor[3], but it turns out that ARM
> >>> Linux has no rich support for this kind of architecture:
> >>> 1. hypervisor running in monitor mode
> >>> 2. RTOS running in security mode
> >>> 3. Linux running in non-security mode
> >>
> >> "Linux" is just a kernel, not a whole operating system :)
> >
> > do agree. but i am not saying i want linux kernel to do all these
> > things. i just want kernel is able to integrate into the system.
> >
> >>
> >> Anyway, why can't Linux be the RTOS kernel as well? What are the
> >> requirements for that kernel that Linux does not currently meet?
> >>
> >>> So the point is that we need generic support for this, especially for
> >>> IVI and other markets which want Trustzone technology a lot and have
> >>> complex user scenarios.
> >>> 1. Dispatch FIQ to security, dispatch IRQ to Linux, for this case, FIQ
> >>> is not permitted to happen on Linux
> >>
> >> Isn't that up to the hardware? Nothing that Linux can do about that.
> >
> > right. but linux need to assign interrupts to right group in GIC
> > hardware. now it doesn't care.
>
> I strongly hope that whatever is the secure OS is setting up these
> routings, and the HW prevents the non-secure OS from modifying them and
> hence never attempts to. Otherwise, the non-secure OS is able to affect
> the functioning of the secure OS, which seems like a bad thing.
Typically, the master controls are hard-wired for Secure-only access in
hardware: so assigning GIC interrupts to groups is something the secure
OS/firmware has to take care of.
Of course, if Linux is acting as secure OS, it might have to understand
what controls exist and to do some of that configuration itself.
Cheers
---Dave
next prev parent reply other threads:[~2013-08-15 17:43 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-15 3:44 [ARM ATTEND] Trustzone-based security solution for ARM Linux Barry Song
2013-08-15 4:28 ` [Ksummit-2013-discuss] " Greg KH
2013-08-15 5:14 ` Jassi Brar
2013-08-15 7:45 ` Barry Song
2013-08-15 8:05 ` Greg KH
2013-08-15 8:22 ` Barry Song
2013-08-15 16:01 ` Greg KH
2013-08-16 2:08 ` Barry Song
2013-08-15 8:24 ` Ard Biesheuvel
2013-08-15 15:56 ` Greg KH
2013-08-15 17:41 ` Ard Biesheuvel
2013-08-15 18:26 ` Greg KH
2013-08-15 18:33 ` Russell King - ARM Linux
2013-08-15 18:44 ` Greg KH
2013-08-15 8:17 ` Jassi Brar
2013-08-15 8:36 ` Barry Song
2013-08-15 7:36 ` Barry Song
2013-08-15 16:03 ` Stephen Warren
2013-08-15 17:43 ` Dave Martin [this message]
2013-08-16 2:39 ` Barry Song
2013-08-16 11:14 ` Dave Martin
2013-08-16 11:17 ` Jassi Brar
2013-08-19 23:31 ` Barry Song
2013-08-15 9:05 ` Barry Song
2013-08-15 7:57 ` Ben Dooks
2013-08-15 8:06 ` Barry Song
2013-08-15 14:08 ` Dave Martin
2013-08-16 2:49 ` Barry Song
[not found] <20130816110446.GA2909@localhost.localdomain>
2013-08-19 23:13 ` [Ksummit-2013-discuss] " Barry Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130815174307.GA17245@localhost.localdomain \
--to=dave.martin@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).