Support fake-TrustZone mode in QEMU

Registered by Peter Maydell on 2012-06-20

QEMU doesn't currently support full TrustZone emulation, and it's not possible under KVM in any case. We have a plan for a "fake" TrustZone implementation which is sufficient for a custom boot ROM implementation to provide the support for a stock guest kernel which expects to run in the NonSecure world. (See http://lists.gnu.org/archive/html/qemu-devel/2012-05/msg03012.html for more detail). This blueprint is for the work needed to implement that.

Blueprint information

Status:
Not started
Approver:
Michael Hope
Priority:
Medium
Drafter:
Peter Maydell
Direction:
Needs approval
Assignee:
Peter Maydell
Definition:
Drafting
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

This used to be a dependency of kvm-development, but in fact it's not really KVM specific and at the moment it looks like we can happily get away without it (there doesn't seem to be anything on A15 that would require a Linux kernel in non-secure mode to make SMCs, so we don't need a fake-monitor-mode).

The work is still worth doing as part of getting omap3 stuff out of the qemu-linaro patchstack.

(?)

Work Items

Work items:
Document the general principles somewhere: TODO
Make sure we have implementations of all the TZ registers: TODO
Implement SMC and fake-monitor mode: TODO
Test that this all works OK for omap3: TODO
Get patches upstream: TODO

This blueprint contains Public information 
Everyone can see this information.