ARM TrustZone - 安全和非安全操作系统中调度程序的行为 [英] ARM TrustZone - Behaviour of the scheduler in Secure and Non-Secure OS

问题描述

有人可以向我解释一下，在 CPU 进入安全模式后，(监控程序设置 NS = 0)，安全操作系统如何调度?是不是现在 CPU 处于安全模式，定时器滴答中断将由安全操作系统而不是非安全世界处理?

Can some one please explain to me that after the CPU is taken to secured mode, (Monitor program sets the NS = 0), how does the secure OS gets scheduled? Is it that now that the CPU is in secured mode, the timer tick interrupt would be handled by the Secured OS and not the Non-Secured world?

推荐答案

监控模式设置 NS=0 将设置 CP15 寄存器在监控模式下可见.请参阅:监控模式 IFAR/IFSR....当监控模式切换到另一种模式和NS=0时，则该模式为安全世界版本；这意味着存储的 CP15 寄存器是 secure 版本.此外，NS 位在 总线周期 上被清除.

The monitor mode setting NS=0 will set CP15 registers visible from monitor mode. See: monitor mode IFAR/IFSR.... When the monitor mode switches to another mode and NS=0, then the mode is the secure world version; meaning the banked CP15 registers are the secure version. Also the NS bit is clear on bus cycles.

如果设置了NS=1，那么当监控模式切换时，banked的CP15寄存器为普通版本；主要是普通世界 MMU 将处于活动状态.此外，NS 位在总线周期上设置.^{TZ 与虚拟机管理程序}

If NS=1 is set, then when monitor mode switches, the banked CP15 registers are the normal version; mainly the normal world MMU will be active. Also, the NS bit is set on bus cycles. ^{TZ vs hypervisor}

如何安排安全操作系统?

How does the secure OS gets scheduled?

监控模式可以做到这一点.SCR (cp15 c1, c1, 0) 的位决定了 monitor 向量表是用于还是当前的 CPU 世界(安全或正常).如果您在一个普通世界中，并且您希望一个计时器来中断那个世界，那么您需要监控模式来处理它.

Monitor mode does this. The SCR (cp15 c1, c1, 0) has bits which determine whether the monitor vector table is used or the current CPU world (secure or normal). If you are in a normal world and you wish for a timer to interrupt that world, you need monitor mode to handle it.

您可以通过两种方式设置监控模式，

You can setup the monitor mode in two possible ways,

1. 将所有安全中断设为 FIQ.
2. 捕获所有中断以进行监控.

推荐第一选择.在这种模式下，monitor 代码必须确保 SCR#FIQ(位 2)在 normal 世界中设置，但在 安全世界.SCR#IRQ(位 1)将在运行安全操作系统时设置(如果您希望正常中断来中断安全操作系统)并在正常情况下清除 世界.

The first choice is recommended. In this mode, the monitor code must ensure that SCR#FIQ (bit 2) is set in the normal world, but clear in the secure world. The SCR#IRQ (bit 1) will be set when running the secure OS (if you want normal interrupts to interrupt the secure OS) and clear in the normal world.

因此，当 secure 计时器有 FIQ 中断时，它会陷入监控模式，执行世界切换^ref1 并运行 secure OS 计时器代码.这个安全计时器可能会导致安全世界重新安排时间.普通和安全世界调度器的交互方式取决于软件.即，没有通用的答案.这取决于，

So when the secure timer has a FIQ interrupt, it traps to monitor mode which does a world switch^ref1 and runs the secure OS timer code. This secure timer may cause the secure world to reschedule. The way the normal and secure world schedulers interact is up to software. Ie, there is no generic answer. It depends on,

1. 监控模式
2. 安全操作系统.
3. 普通世界操作系统.

1. Monitor mode
2. The secure OS.
3. The normal world OS.

主要是 ARM TrustZone 不自行处理 安全操作系统 调度.您需要编写使用提供的原语来实现这一点的软件.ARM TrustZone 只是促进了不同的实现方式.^{TrustZone白皮书}

Mainly the ARM TrustZone does not handle the secure OS scheduling by itself. You need to write software that uses the primitives provided to implement this. ARM TrustZone only facilitates different ways of implementing it. ^{TrustZone Whitepaper}

参见:如何为 TrustZone 开发程序一些替代设置.
Ref1:世界开关保存/恢复所有使用模式的所有通用CPU寄存器.即，在普通到安全世界切换时，R0-R15(和所有银行副本)加上可能的 NEON/VFP 必须保存到普通世界 商店.同样，必须为安全世界重新加载寄存器.监控模式sp 为访问这些世界上下文提供了一个很好的锚点.监视模式 sp 应该在安全启动期间设置，在 normal 世界初始化之前.这很像传统的操作系统上下文切换.SCR#NS(位 0)被适当设置；您可以在寄存器切换之前或之后执行此操作，具体取决于您保存寄存器的方式(即，通过模式切换或通过 srs).

See: How to develop programs for TrustZone for some alternative setups.
Ref1: A world switch saves/restores all general purpose CPU registers for all used modes. Ie, on a normal to secure world switch, the R0-R15 (and all banked copies) plus possibly NEON/VFP must be saved to a normal world store. Similarly, the registers must be reloaded for the secure world. Monitor mode sp provides a good anchor for accessing these world contexts. Monitor mode sp should be setup during secure boot, before the normal world initializes. This is much like a traditional OS context switch. The SCR#NS (bit 0) is set appropriately; you may do this before or after the register switching, depending on how you save the registers (Ie, by mode switch or by srs).

这篇关于ARM TrustZone - 安全和非安全操作系统中调度程序的行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！