上下文切换到安全模式(arm信任区)的成本是多少 [英] What is cost of context switching to secure mode (arm trustzone)

问题描述

我试图了解在arm的可信(安全)模式和非安全模式之间来回切换的成本.

I am trying to understand the cost of switching back and forth between trusted (secure) and non-secure modes in arm.

从不安全的世界过渡到安全的世界究竟需要发生什么?我知道需要设置ns位(基于某些特殊指令?)，页表需要刷新和更新(?)，处理器缓存要刷新和更新.还有什么需要发生的吗?

What exactly needs to happen when moving from non-secure to secure world? I know the ns bit needs to be set (based on some special instruction?), the page tables need to be flushed and updated (?), the processor caches flushed and updated. Anything else that needs to happen?

处理器缓存:它们是分段且共享的缓存，还是每种模式都使用了整个缓存?这决定了转换的成本.

Processor caches: Are they caches segmented and shared or is the whole cache used for each mode? That determines the cost of the switch.

RAM:必须对它进行分区"，并且两种模式都必须使用.因此，寻址只是分区"的偏移量.是这样吗?

RAM: This must be 'partitioned' and used by both modes. So addressing is just an offset into the 'partition'. Is this right?

从用户空间到内核模式切换或用户空间中的进程切换过程有什么不同?

What is different about this from a user space to kernel mode switch or a process to process switch in user space?

从非安全模式转换到安全模式是否会比常规过程上下文切换更昂贵?

Is there anything in moving from non-secure to secure modes that would make it more expensive than the regular process context switch?

是否有任何文章解释确切发生了什么?

Are there any articles that explain what exactly happens?

基于下面的答复，我希望了解当流程在ARM处理器上从非安全模式切换到安全模式(信任区域)时，究竟发生了什么.

Based on a reply below, I am looking to understand what exactly happens when a process switches from non-secure mode to a secure mode (trust zone) on an arm processor.

推荐答案

从不安全的世界过渡到安全的世界究竟需要发生什么?

What exactly needs to happen when moving from non-secure to secure world?

TL-DR；最低要求是保存/还原安全世界所需的所有CPU寄存器并更改NS位.通常，R0-R14以及当前模式以及存储区LR和SP(中断，中断等)都在该寄存器组中.其他所有内容都取决于您的安全模型.

TL-DR; the minimum is to save/restore all CPU registers that are needed by the secure world and change the NS bits. Normally, R0-R14 as well as current mode, and banked LR and SP (aborts, interrupts, etc) are in this register group. Everything else depends on your security model.

首先，TrustZone中可以使用许多不同的模型. TrustZone是一种工具，而不是解决方案.最基本的模型是带有API的库，其中存储了一些安全数据(即解密密钥)，以由外部源进行处理(某些DRM从正常世界"空间下载).我想你不是这个意思.

First off, there are many different models that can be used in TrustZone; TrustZone is a tool not a solution. The most basic model is a library with API where some secure data is stored (ie decryption keys) to process by an external source (some DRM download from the 'normal world' space). I assume you don't mean this.

一个操作系统可以是可抢占的和不可抢占的.如果您在两个世界上都有两个操作系统，那么如何放弃控制，共享资源和保护安全资产都将在世界切换中发挥作用.

An OS can be pre-emptible and non-premptible. If you have two OSes in both worlds, then how control is relinquished, resources shared and security assets protected will all come into play on a world switch.

在许多情况下，缓存和TLB都是世界公认的.设备也可能是世界性的，并旨在将上下文内置到设备中.这并不是说某些系统可能以某种方式泄漏了信息.

In many cases, the caches and TLB are world aware. Devices may also be world aware and designed with the intent that context is built into the device. This is not to say that some system might have information leaked in some way.

• 融化(2017)
• 幽灵(2017)
• 超线程利用(2004)

• Meltdown (2017)
• Specter (2017)
• Hyperthreading exploit (2004)

如果您真的担心这种类型的攻击，将安全的世界内存标记为需要保护的非缓存可能是适当的.在许多ARM系统中，L1/L2和TLB缓存在世界之间是统一的，并且可以提供边信道攻击.

If you are really concerned about this type of attack, it may be appropriate to mark the secure world memory as non-cached that needs to be protected. In many ARM systems, the L1/L2 and TLB cache are unified between worlds and can provide a side channel attack.

许多ARM设备上内置的TrustZone带有一个GIC，该GIC可以在安全的环境中运行FIQ，而在正常的环境中可以防止对FIQ的屏蔽.世界上有许多GIC功能，使两个OS都可以使用它而无需上下文切换"信息.即，NS位将根据NS位的状态自动更改访问的GIC功能(因此它将上下文存储在设备中).设计了许多其他特定于供应商的设备以这种方式运行.

TrustZone as implmented on many ARM devices comes with a GIC which can run FIQ in the secure world and masking of FIQ can be prevented in the normal world. Many GIC features are banked between worlds allowing both OSes to use it without 'context switch' information. Ie, the NS bit will automatically change the accessed GIC features based on the state of the NS bit (so it has the context stored in the device). Many other vendor specific devices are designed to behave this way.

如果两个世界都使用NEON/VFP，那么您还需要在世界交换机上保存/恢复这些寄存器.对于抢占，您可能需要挂接到OS安全调度程序以允许和正常世界中断来抢占安全世界主线(显然，这取决于您要保护的资产；如果允许，则安全主线具有一个DOS向量).

If both worlds use NEON/VFP, then you need to save/restore these registers on a world switch as well. For pre-emption you may need to hook into the OS secure scheduler to allow and normal world interrupt to pre-empt the secure world main line (obviously this depends on assets you are trying to protect; if you allow this the secure mainline has a DOS vector).

如果设备中出现故障，则可能需要保存/恢复设备状态.如果限制了正常世界使用FIQ模式，则仍需要至少在进入正常世界时清除SP_fiq和LR_fiq(并以其他方式恢复安全值).这些寄存器中的某些很难保存/恢复，因为您必须切换模式，如果不小心，这本身可能会带来安全隐患.

If there are glitches in devices, then you may need to save/restore device state. If the normal world is restricted from using FIQ mode, it is still needed to at least clear the SP_fiq and LR_fiq when going to the normal world (and restore the secure value the other way). Some of these registers are difficult to save/restore as you must switch modes which can itself be a security risk if care is not taken.

RAM:必须对它进行分区"，并且两种模式都必须使用.因此，寻址只是分区"的偏移量.是这样吗?

RAM: This must be 'partitioned' and used by both modes. So addressing is just an offset into the 'partition'. Is this right?

安全启动将基于"NS位"对内存进行分区.基于分区管理器设备逻辑的物理内存是否可见，该逻辑通常可以在启动时锁定.即，如果不可见，则是总线错误，就像任何不存在的内存一样. NS位旁边没有开关".

Secure boot will partition memory based on the 'NS bit'. The physical memory will be visible or not based on the partition manager device logic which can often be locked at boot. Ie, if non-visible it is a bus error like any non-existent memory. There is no 'switch' beside the NS bit.

从非安全模式到安全模式的转变是否比常规过程上下文切换要昂贵得多?

Is there anything in moving from non-secure to secure modes that would make it more expensive than the regular process context switch?

是的，普通开关仅适用于模式".世界适用于所有ARM模式，因此必须切换所有存储区寄存器.根据系统的不同，通常不需要切换TLB和缓存.

Yes a normal switch is only for a 'mode'. A world is for all ARM modes and so all banked registers must be switched. Depending on the system the TLB and cache would not normally need to be switched.

相关:

• 如何重新审视正常世界
• TrustZone监视器模式开关设计
• 防止内存访问来自正常世界
• TrustZone操作系统如何安全?
• TrustZone调度程序在安全/非安全操作系统
• IMX53和TrustZone
• 在github上的 ARM可信固件
• TrustZone白皮书

• How to introspect normal world
• TrustZone monitor mode switch design
• Preventing memory access from the normal world
• How is a TrustZone OS secure?
• TrustZone scheduler in secure/non-secure OS
• IMX53 and TrustZone
• ARM Trusted firmware on github
• TrustZone Whitepaper

这篇关于上下文切换到安全模式(arm信任区)的成本是多少的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！