Support for ARM TrustZone in QEMU

Registered by Dr. David Alan Gilbert on 2011-04-27

TrustZone provides a separation mechanism used for firmware, security and virtualisation layers. Only a very basic shim is currently supported in Linaro QEMU (and non upstream). Support is likely to become more important on platforms that provide complex TrustZone interfaces, and with virtualisation.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Not
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
Accepted for trunk
Implementation:
Unknown
Milestone target:
milestone icon backlog

Related branches

Sprints

Whiteboard

NB: somebody else appears to have been working in this area:
https://github.com/jowinter/qemu-trustzone
Haven't looked much at the code but judging from the commit log it is reasonably complete featurewise.

(?)

Work Items

Work items:
Pull appropriate bits of monitor mode and SMC implementation from meego patches: TODO
Bank all the required CP15 registers for secure/nonsecure mode: TODO
Modify interrupt entry to select appropriate mode for entry based on security configuration: TODO
Modify GIC to restrict modification of secure interrupts to be done from secure mode: TODO
Modify MMU/TLB walk code to examine NS bits and use correct (banked, etc) cp15 regs: TODO
Add new QEMU "MMU modes" for "secure user" and "secure priv" so they get different QEMU TLBs to nonsecure: TODO
Make CPU start properly in secure mode: TODO
Make relevant CPUs have trustzone feature bit, confirm this doesn't break existing images: TODO
Test that omap3_boot's use of trustzone works OK: TODO
Implement at least some of the A9 Versatile Express trustzone hardware: TODO
Provide a simple piece of monitor mode setup/test code: TODO
Test with more complicated trustzone images if available: TODO
Clean up patchset and submit upstream: TODO
Handle issues raised in code review: TODO

This blueprint contains Public information 
Everyone can see this information.