Hi all,
I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd
make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip
I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process.
ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0
Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA.
However, I don't know how to do it. Can you provide some useful examples?
Sincerely, Wang Chenxu
Hi,
Few background questions to understand the request better: -Is the intent to enable the SEL2 arch extension, or use the legacy model without secure virtualization? -Do you intend to use Cactus as an initial test environment with a final goal is to replace it by a real TOS? -If the ask is about how to write a TA, did you consider existing solutions like OP-TEE and relevant documentation?
In general TA refers to a SW component running at SEL0 on top of a TOS at SEL1. What you call "Cactus OS" is really just a sample test payload running at SEL1. It's not a TOS in terms of loading Trusted Applications, providing services (system calls), managing memory and IPC.
The starting point should be the FF-A specification (https://developer.arm.com/documentation/den0077/latest/). You can repurpose Cactus to host a service at SEL1, which can be called by the NWd (TFTF test framework). There is normally no need to modify EL3.
The below sample illustrate the message passing between TFTF at NS EL2, and Cactus at SEL1: TFTF: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime_... cactus: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_t...
Please also have a look at the component documentation: https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partiti...
Depending on what you want to achieve, there are also solutions around SEL0 partitions (not involving a TOS), or the Trusted Services project.
Regards, Olivier.
________________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Chenxu Wang via TF-A tf-a@lists.trustedfirmware.org Sent: 27 September 2021 05:44 To: tf-a@lists.trustedfirmware.org Subject: [TF-A] How to write a Trsuted Application?
Hi all,
I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd
make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip
I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process.
ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0
Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA.
However, I don't know how to do it. Can you provide some useful examples?
Sincerely, Wang Chenxu
Thanks Oliver,
Actually, I want to simply use the Cactus OS as the initial test environment, and finally replace it. Because Cactus is easier to understand (but OP-TEE is more complex). Also, I want to use the Hafnium (with SEL2 extension) to manage the multiple Cactus OSes, and route the "SMC" calls to the corresponding OS.
According to your words, I think I should (1) Create a service to receive SMC calls from Normal World OS, which includes specific smc_fid, like this.
DECLARE_RT_SVC( helloworld, OEN_TAP_START, OEN_TAP_END, SMC_TYPE_FAST, arm_arch_helloworld_init, arm_arch_helloworld_smc_handler );
(2) In the handler, "ERET" it to Hafnium, and then "ERET" to specific Cactus OSes according to the smc_fid (3) Modify the Cactus OS to handle it.
Is it right? If NOT, I may consider to use OP-TEE.
Sincerely, Wang Chenxu
Olivier Deprez Olivier.Deprez@arm.com 于2021年9月27日周一 下午3:37写道:
Hi,
Few background questions to understand the request better: -Is the intent to enable the SEL2 arch extension, or use the legacy model without secure virtualization? -Do you intend to use Cactus as an initial test environment with a final goal is to replace it by a real TOS? -If the ask is about how to write a TA, did you consider existing solutions like OP-TEE and relevant documentation?
In general TA refers to a SW component running at SEL0 on top of a TOS at SEL1. What you call "Cactus OS" is really just a sample test payload running at SEL1. It's not a TOS in terms of loading Trusted Applications, providing services (system calls), managing memory and IPC.
The starting point should be the FF-A specification ( https://developer.arm.com/documentation/den0077/latest/). You can repurpose Cactus to host a service at SEL1, which can be called by the NWd (TFTF test framework). There is normally no need to modify EL3.
The below sample illustrate the message passing between TFTF at NS EL2, and Cactus at SEL1: TFTF: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime_... cactus: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_t...
Please also have a look at the component documentation:
https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partiti...
Depending on what you want to achieve, there are also solutions around SEL0 partitions (not involving a TOS), or the Trusted Services project.
Regards, Olivier.
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Chenxu Wang via TF-A tf-a@lists.trustedfirmware.org Sent: 27 September 2021 05:44 To: tf-a@lists.trustedfirmware.org Subject: [TF-A] How to write a Trsuted Application?
Hi all,
I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd
make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip
I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process.
ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0
Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA.
However, I don't know how to do it. Can you provide some useful examples?
Sincerely, Wang Chenxu
Hi Wang Chenxu,
See comments inline [OD]
Regards, Olivier.
________________________________________ From: Chenxu Wang irakatz51@gmail.com Sent: 27 September 2021 10:55 To: Olivier Deprez Cc: tf-a@lists.trustedfirmware.org; tf-a-tests@lists.trustedfirmware.org Subject: Re: [TF-A] How to write a Trsuted Application?
Thanks Oliver,
Actually, I want to simply use the Cactus OS as the initial test environment, and finally replace it. Because Cactus is easier to understand (but OP-TEE is more complex). Also, I want to use the Hafnium (with SEL2 extension) to manage the multiple Cactus OSes, and route the "SMC" calls to the corresponding OS.
[OD] Thanks for the clarifications. Based on this, I don't think you have much to do more than what's available upstream. The scenario you describe already exists (direct requests/response between TFTF and Cactus through EL3(SPMD)+SEL2(Hafnium)). The TFTF test in question is test_ffa_direct_messaging. See the links provided earlier for the code sample. You can use the build commands from: https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partiti...
According to your words, I think I should (1) Create a service to receive SMC calls from Normal World OS, which includes specific smc_fid, like this.
DECLARE_RT_SVC( helloworld, OEN_TAP_START, OEN_TAP_END, SMC_TYPE_FAST, arm_arch_helloworld_init, arm_arch_helloworld_smc_handler );
[OD] This is not necessary. The EL3 component is generic (so called SPMD) and doesn't require modifications.
(2) In the handler, "ERET" it to Hafnium, and then "ERET" to specific Cactus OSes according to the smc_fid
[OD] Same, no change needed. The SPMD relays a direct request from NWd to Hafnium (EL3 ERET to SEL2), then Hafnium relays it to the SEL1 "Cactus" partition (SEL2 ERET to SEL1).
(3) Modify the Cactus OS to handle it.
Is it right? If NOT, I may consider to use OP-TEE.
[OD] You can indeed extend cactus with your own "command IDs" if you want to implement a specific service for test purposes.
Sincerely, Wang Chenxu
Olivier Deprez <Olivier.Deprez@arm.commailto:Olivier.Deprez@arm.com> 于2021年9月27日周一 下午3:37写道: Hi,
Few background questions to understand the request better: -Is the intent to enable the SEL2 arch extension, or use the legacy model without secure virtualization? -Do you intend to use Cactus as an initial test environment with a final goal is to replace it by a real TOS? -If the ask is about how to write a TA, did you consider existing solutions like OP-TEE and relevant documentation?
In general TA refers to a SW component running at SEL0 on top of a TOS at SEL1. What you call "Cactus OS" is really just a sample test payload running at SEL1. It's not a TOS in terms of loading Trusted Applications, providing services (system calls), managing memory and IPC.
The starting point should be the FF-A specification (https://developer.arm.com/documentation/den0077/latest/). You can repurpose Cactus to host a service at SEL1, which can be called by the NWd (TFTF test framework). There is normally no need to modify EL3.
The below sample illustrate the message passing between TFTF at NS EL2, and Cactus at SEL1: TFTF: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime_... cactus: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_t...
Please also have a look at the component documentation: https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partiti...
Depending on what you want to achieve, there are also solutions around SEL0 partitions (not involving a TOS), or the Trusted Services project.
Regards, Olivier.
________________________________________ From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> on behalf of Chenxu Wang via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Sent: 27 September 2021 05:44 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org Subject: [TF-A] How to write a Trsuted Application?
Hi all,
I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd
make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip
I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process.
ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0
Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA.
However, I don't know how to do it. Can you provide some useful examples?
Sincerely, Wang Chenxu
Hi,
Depending on what problem you are trying to solve, the Trusted Services project might be worth to consider. From the project page: The Trusted Services project provides a framework for developing and deploying device root-of-trust services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
For more information, please see https://www.trustedfirmware.org/projects/trusted-services/ You can find some presentation in the project wiki: https://developer.trustedfirmware.org/w/trusted-services/
Part of Total Compute TS was enabled under hafnium. A component called "S-EL1 shim" was developed, and it allows running S-EL0 secure partitions under Hafnium. What you plan to do with Cactus sound similar. If interest, please see the TC documentation here: https://arm-reference-solutions-docs.readthedocs.io/en/latest/docs/totalcomp...
/George
-----Original Message----- From: TF-A-Tests tf-a-tests-bounces@lists.trustedfirmware.org On Behalf Of Chenxu Wang via TF-A-Tests Sent: September 27, 2021 10:55 To: Olivier Deprez Olivier.Deprez@arm.com Cc: tf-a@lists.trustedfirmware.org; tf-a-tests@lists.trustedfirmware.org Subject: Re: [Tf-a-tests] [TF-A] How to write a Trsuted Application?
Thanks Oliver,
Actually, I want to simply use the Cactus OS as the initial test environment, and finally replace it. Because Cactus is easier to understand (but OP-TEE is more complex). Also, I want to use the Hafnium (with SEL2 extension) to manage the multiple Cactus OSes, and route the "SMC" calls to the corresponding OS.
According to your words, I think I should (1) Create a service to receive SMC calls from Normal World OS, which includes specific smc_fid, like this.
DECLARE_RT_SVC( helloworld, OEN_TAP_START, OEN_TAP_END, SMC_TYPE_FAST, arm_arch_helloworld_init, arm_arch_helloworld_smc_handler );
(2) In the handler, "ERET" it to Hafnium, and then "ERET" to specific Cactus OSes according to the smc_fid (3) Modify the Cactus OS to handle it.
Is it right? If NOT, I may consider to use OP-TEE.
Sincerely, Wang Chenxu
Olivier Deprez Olivier.Deprez@arm.com 于2021年9月27日周一 下午3:37写道:
Hi,
Few background questions to understand the request better: -Is the intent to enable the SEL2 arch extension, or use the legacy model without secure virtualization? -Do you intend to use Cactus as an initial test environment with a final goal is to replace it by a real TOS? -If the ask is about how to write a TA, did you consider existing solutions like OP-TEE and relevant documentation?
In general TA refers to a SW component running at SEL0 on top of a TOS at SEL1. What you call "Cactus OS" is really just a sample test payload running at SEL1. It's not a TOS in terms of loading Trusted Applications, providing services (system calls), managing memory and IPC.
The starting point should be the FF-A specification ( https://developer.arm.com/documentation/den0077/latest/). You can repurpose Cactus to host a service at SEL1, which can be called by the NWd (TFTF test framework). There is normally no need to modify EL3.
The below sample illustrate the message passing between TFTF at NS EL2, and Cactus at SEL1: TFTF: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/ru ntime_services/secure_service/test_ffa_direct_messaging.c#n66 cactus: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/ca ctus_tests/cactus_test_direct_messaging.c#n12
Please also have a look at the component documentation:
https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-p artition-manager.html
Depending on what you want to achieve, there are also solutions around SEL0 partitions (not involving a TOS), or the Trusted Services project.
Regards, Olivier.
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Chenxu Wang via TF-A tf-a@lists.trustedfirmware.org Sent: 27 September 2021 05:44 To: tf-a@lists.trustedfirmware.org Subject: [TF-A] How to write a Trsuted Application?
Hi all,
I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd
make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip
I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process.
ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0
Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA.
However, I don't know how to do it. Can you provide some useful examples?
Sincerely, Wang Chenxu
-- TF-A-Tests mailing list TF-A-Tests@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a-tests
tf-a@lists.trustedfirmware.org