在 ZedBoard 上运行 ARM TrustZone Secure/Normal world"示例 [英] Running ARM TrustZone Secure/Normal world"example on the ZedBoard
问题描述
有谁知道如何在ZedBoard下面的ARM文档网站上实现运行安全世界"和正常世界"的TrustZone示例?任何有关此主题的文档(在 ZedBoard 上运行 TrustZone)也会有所帮助.
Does anyone know how to implement the example of TrustZone running "Secure world" and "Normal world" given on the ARM documentation website below on the ZedBoard? Any documentation on this subject (running TrustZone on the ZedBoard) would be also helpful.
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15417.html
ZedBoard 有一个 Xilinx:Zynq® -7000 All Programmable SoC Dual ARM® Cortex™-A9 MPCore™.可以在此处找到有关 ZedBoard 的更多信息:
The ZedBoard has a Xilinx : Zynq® -7000 All Programmable SoC Dual ARM® Cortex™-A9 MPCore™. More information on the ZedBoard can be found here:
http://www.zedboard.org/content/overview
推荐答案
这是一个广泛的话题.希望以下一些信息会有所帮助.
This is a broad topic. Hopefully some of the following information will help.
首先只是稍微解释一下,SOC == 片上系统.
First off just to de-jargon a little, SOC == system-on-a-chip.
如果您可以访问 Xilinx 工具链,那么开发板的制造商 Digilent 会为您的开发板提供一些支持文件.首先,如果您访问 http://www.digilentinc.com/Products/Detail.cfm?NavPath=2,400,1028&Prod=ZEDBOARD ,在底部,您会找到两个名为Linux Hardware Design for ISE"<版本号>的文件.
Digilent, the board's manufacturer, has some support files for your board if you have access to the Xilinx toolchain. So first, if you go to http://www.digilentinc.com/Products/Detail.cfm?NavPath=2,400,1028&Prod=ZEDBOARD , at the bottom, you will find two files named "Linux Hardware Design for ISE" <version number>.
另外假设您使用的是 Xilinx 开发工具,如果您浏览到 Xilinx/
Also assuming you are using the Xilinx development tools, if you browse to Xilinx/<Version Number>/ISE_DS/EDK/hw/XilinxProcessorIPLib/pcores/axi_interconnect_v1_06_a/doc/ds768_axi_interconnect.pdf , you will find information on the AXI interrupt controller your board uses. This includes the fact that it supports TrustZone and some information on actually using it.
接下来,如果你去http://zedboard.org/content/creating-custom-外围,你会找到一些关于制作外围"设备的说明.我把它放在引号中是因为该设备实际上完全存在于可编程逻辑中;它不是您插入微型 USB 端口的东西,也不是您传统上认为的外围设备".
Next, if you go to http://zedboard.org/content/creating-custom-peripheral, you will find some instructions on making a "peripheral" device. I put this in quotes because the device in fact exists completely within the programmable logic; it's not something you plug into the micro usb port or what you'd traditionally think of as a "peripheral".
在教程的最后,还有一个链接可以帮助您从外设读取数据.
At the end of the tutorial, there is also a link that will help you read data from your peripheral.
如果您使用最初下载的 zip 中包含的 system.xmp 文件重复所有这些步骤,那么您会注意到所有繁重的工作都已为您完成.您已经插入并准备好在 AXI 总线上运行中断控制器,该控制器已经与 TrustZone 配合使用,刚刚准备就绪,等待您将一个小型 hello world 设备连接到它.
If you repeat all those steps with the system.xmp file included in the zip you initially downloaded, then you'll notice all the heavy lifting has been done for you. You have a plugged in and ready to go interrupt controller on the AXI bus already that works with TrustZone, just ready and waiting for you to hook a little hello world device to it.
但是你打算用那个 hello world 设备做什么?如果您查看链接到的教程的程序集,您会在评论中看到他们谈论了很多关于安全配置寄存器"的内容.如果您查看处理器的文档(在此处的资源部分,http://www.arm.com/products/processors/cortex-a/cortex-a9.php) 并搜索术语TrustZone 扩展"(当前为第 34 页,但显然这可能会发生变化),您会找到一个链接到另一个详细介绍这个寄存器的页面.这与他们在教程中使用的寄存器相同,因此理论上,如果您设置了可信执行环境,您现在可以使 hello world 教程工作(大多数情况下;您可能想要做他们在使用 vhdl 或 verilog 代码进行汇编,然后将结果暴露在易于用 C 语言阅读的地方).
But what are you going to do with that hello world device? If you look in the assembly for the tutorial you linked to, you'll see in the comments they talk a lot about something called the "Secure Configuration Register". If you look in your processor's documentation (in the resources section here, http://www.arm.com/products/processors/cortex-a/cortex-a9.php) and search for the term "TrustZone extensions" (currently page 34 although obviously that's subject to change), you'll find a link to another page detailing this register. This is the same register they use in the tutorial, so in theory, if you have a trusted execution environment set up, you can now make the hello world tutorial work (mostly; you're going to likely want to do what they do in assembly with either vhdl or verilog code and just expose the results somewhere easy to read in C).
现在我刚才提到的一切只会让您访问 AXI 总线中的 TrustZone 数据.为了用它做任何有趣的事情,你将不得不真正创建一个安全的世界和正常的世界来阅读.否则,您放在一起的任何演示都只会打印Hello from Secure World"(或功能不正确).所以这是解压缩您链接到的教程并真正阅读其来源将获得回报的地方.
Now everything I have just mentioned will merely get you access to the TrustZone data in the AXI bus. In order to do anything interesting with this, you are going to have to actually create a secure world and normal world to read from. Otherwise any demo you put together will merely print "Hello from Secure World" (or function incorrectly). So this is where unzipping that tutorial you linked to and really reading their source will pay dividends.
尽管到目前为止我的回答也不完整,因为您链接的 Hello World 教程并非旨在教您如何开始创建普通世界(可能还有监视器世界).它在 ReadMe.txt 中明确说明.所以阅读源代码不会帮助你解决这个问题.为此,您将需要链接 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html.那里有很多信息,但它旨在作为参考,前两章,在我看来,正是我喜欢称之为可跳过的风味文本"的内容.尽管如果您确实有时间浪费一些时间,那么就一般安全理论而言,其中的一些内容非常有趣且内容丰富.第 3 章将开始教你如何为 TrustZone 开发.
Although my answer up until now is also incomplete, as the Hello World tutorial you linked isn't designed to teach you how to create Normal World (and possibly Monitor World) to begin with. Which it says explicitly in the ReadMe.txt . So reading the source won't help you with that. For that, you're going to need the link http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html . There's a lot of info there but it's intended as a reference and the first two chapters, in my humble opinion, are just what I like to call "skipable flavor text". Although if you do have time to waste some of it is fascinating and informative as far as security theory in general. Chapter 3 will begin to teach you how to develop for TrustZone.
但希望我提供的信息可以将其变成对您来说较少的权限问题,而更多地是教育问题.我仍在自学这些东西.
But hopefully the information I provided will turn this into less of a permissions problem for you and into more of an education problem. I'm still educating myself on this stuff.
这篇关于在 ZedBoard 上运行 ARM TrustZone Secure/Normal world"示例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
