Rudi Dienstbeck June 07, ARM TrustZone and Hypervisor Debugging

Similar documents
ARM Architecture (1A) Young Won Lim 3/20/18

Agenda. ARM Core Data Flow Model Registers Program Status Register Pipeline Exceptions Core Extensions ARM Architecture Revision

Cortex-A15 MPCore Software Development

RA3 - Cortex-A15 implementation

ARMv8: The Next Generation. Minlin Fan & Zenon Xiu December 8, 2015

Tracking the Virtual World

RTOS Debugger for QNX - Run Mode

ARM Processors for Embedded Applications

Hypervisor Awareness for Wind River Hypervisor

RTOS Debugger for FreeRTOS

Fundamentals of ARMv8-A

CISC RISC. Compiler. Compiler. Processor. Processor

Cortex-A9 MPCore Software Development

OS Awareness Manual OSE Delta

NEWS 2017 CONTENTS HYPERVISOR. Seamless debugging through all software layers. English Edition

ARM Processor Fundamentals

OS Awareness Manual Sciopta

Contents of this presentation: Some words about the ARM company

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

RTOS Debugger for ChibiOS/RT

TRACE32 Glossary Terms, Abbreviations, and Definitions... 2

Cortex-A15 MPCore Software Development

Checking out" the hypervisor

RTOS Debugger for RTX-ARM

Run Mode Debugging Manual Symbian

EC H2020 dredbox: Seminar School at INSA Rennes

ARM CORTEX-R52. Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture.

TRACE32 Documents... ICD In-Circuit Debugger... Processor Architecture Manuals... ARM/CORTEX/XSCALE... ARM Debugger Warning...

Systems Architecture The ARM Processor

TRACE32 Documents... ICD In-Circuit Debugger... Processor Architecture Manuals... ARM/CORTEX/XSCALE... ARMv8-A/-R Debugger History...

KVM/ARM. Marc Zyngier LPC 12

TRACE32 Documents... ICD In-Circuit Debugger... Processor Architecture Manuals... ARM/CORTEX/XSCALE... ARM Debugger History Warning...

Cortex-R5 Software Development

ARM System Design. Aim: to introduce. ARM-based embedded system design the ARM and Thumb instruction sets. the ARM software development toolkit

Software Quality is Directly Proportional to Simulation Speed

ARMv8-A Software Development

OS Awareness Manual OSEK/ORTI

RTOS Debugger for Linux - Run Mode

ARM Processor. Dr. P. T. Karule. Professor. Department of Electronics Engineering, Yeshwantrao Chavan College of Engineering, Nagpur

RTOS Debugger for CMX

RTOS Debugger for MicroC/OS-III

10 Steps to Virtualization

RTOS Debugger for OS-9

OP-TEE Using TrustZone to Protect Our Own Secrets

Cortex-A5 MPCore Software Development

Lecture 5. KVM for ARM. Christoffer Dall and Jason Nieh. 5 November, Operating Systems Practical. OSP Lecture 5, KVM for ARM 1/42

TRACE32 Documents... ICD In-Circuit Debugger... Processor Architecture Manuals... TriCore... TriCore Monitor... 1

Interrupt/Timer/DMA 1

RTOS Debugger for MicroC/OS-II

Microkernels and Portability. What is Portability wrt Operating Systems? Reuse of code for different platforms and processor architectures.

RTOS Debugger for Windows Standard

Chapter 4. Enhancing ARM7 architecture by embedding RTOS

Application Note for the SNOOPer Trace

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

Camellia Getting Started with ARM922T

RTOS Debugger for MQX

Overview of Development Tools for the ARM Cortex -A8 Processor George Milne March 2006

Building High Performance, Power Efficient Cortex and Mali systems with ARM CoreLink. Robert Kaye

Multi-core microcontroller design with Cortex-M processors and CoreSight SoC

AArch64 Virtualization

Extending Fixed Subsystems at the TLM Level: Experiences from the FPGA World

Designing Security & Trust into Connected Devices

ARM Cortex-A9 ARM v7-a. A programmer s perspective Part1

TRACE32 Documents... ICD In-Circuit Debugger... Processor Architecture Manuals... ARM/CORTEX/XSCALE... ARM Debugger... 1

Hercules ARM Cortex -R4 System Architecture. Processor Overview

Chapter 5 B. Large and Fast: Exploiting Memory Hierarchy

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

ARM Debug and Trace. Configuration and Usage Models. Document number: ARM DEN 0034A Copyright ARM Limited

RTOS Debugger for ThreadX

5. ARM 기반모니터프로그램사용. Embedded Processors. DE1-SoC 보드 (IntelFPGA) Application Processors. Development of the ARM Architecture.

Modular ARM System Design

BUD17-301: KVM/ARM Nested Virtualization. Christoffer Dall

Release Notes for FRTOS

ARM TrustZone for ARMv8-M for software engineers

Each Milliwatt Matters

18-349: Embedded Real-Time Systems Lecture 2: ARM Architecture

Overview. This Lecture. Interrupts and exceptions Source: ULK ch 4, ELDD ch1, ch2 & ch4. COSC440 Lecture 3: Interrupts 1

FA3 - i.mx51 Implementation + LTIB

Designing Security & Trust into Connected Devices

Chapter 5. Introduction ARM Cortex series

An unrivalled feature-set and unprecedented integration

Cortex-M3/M4 Software Development

RTOS Debugger for RTX51 tiny

Deflating the hype: Embedded Virtualization in 3 steps

TRACE32. Product Overview

Xen on ARM ARMv7 with virtualization extensions

Native Process Debugger

Simulation Based Analysis and Debug of Heterogeneous Platforms

Profiling and Debugging OpenCL Applications with ARM Development Tools. October 2014

TRACE32 Documents... TRACE32 Instruction Set Simulators... Simulator for MIPS TRACE32 Simulator License Quick Start of the Simulator...

TRACE32 Documents... TRACE32 Instruction Set Simulators... Simulator for ARC... 1

Speeding AM335x Programmable Realtime Unit (PRU) Application Development Through Improved Debug Tools

William Stallings Computer Organization and Architecture 8 th Edition. Chapter 12 Processor Structure and Function

Computer System Overview OPERATING SYSTEM TOP-LEVEL COMPONENTS. Simplified view: Operating Systems. Slide 1. Slide /S2. Slide 2.

Virtualization. Virtualization

CS 310 Embedded Computer Systems CPUS. Seungryoul Maeng

Nested Virtualization on ARM

ARM Cortex-M and RTOSs Are Meant for Each Other

Chapter 15 ARM Architecture, Programming and Development Tools

Assembling and Debugging VPs of Complex Cycle Accurate Multicore Systems. July 2009

Transcription:

ARM TrustZone and Hypervisor Debugging

Agenda 2 / 46 TrustZone And CPU Modes In TRACE32 Default Behavior Of The Debugger Special TrustZone Support Outlook To Multiple Guests

Agenda TrustZone And CPU Modes In TRACE32 3 / 46 Default Behavior Of The Debugger Special TrustZone Support Outlook To Multiple Guests

TrustZone And CPU Modes In TRACE32 4 / 46

TrustZone And CPU Modes In TRACE32 CPU modes in Register window 5 / 46 Register modes in CPSR bits 0..4 user mode : usr kernel modes : fiq, irq, svc, abt, und, sys hypervisor mode : hyp (only non-secure) monitor mode : mon (only secure)

TrustZone And CPU Modes In TRACE32 CPU modes in Register window 6 / 46 TrustZone in SCR bit 0 non-secure nsec: Modes: usr, fiq, irq, svc, abt, und, sys, hyp secure sec: Modes: usr, fiq, irq, svc, abt, und, sys, mon

TrustZone And CPU Modes In TRACE32 7 / 46

TrustZone And CPU Modes In TRACE32 Memory addresses with access class 8 / 46 Access class relates to memory access depending on CPU mode and zone PC shown with current access class in List.auto and status line

TrustZone And CPU Modes In TRACE32 Memory addresses with access class 9 / 46 If not explicitly specified, windows follow current CPU mode Overriding is possible: see examples below

TrustZone And CPU Modes In TRACE32 Mapping of access classes for memory accesses 10 / 46 D: Data, P: Program, R: arm code, T: Thumb code S: kernel modes ( Supervisor ), U: User mode N: Non-secure, Z: secure+monitor ( Zone ), H: Hypervisor These access classes map MMU tables (see next slides) A: physical ( Absolute ) access (see next slides) E: run-time access ( Emulation, aka dual-port, see next slides)

TrustZone And CPU Modes In TRACE32 Mapping of access classes for memory accesses 11 / 46 Combinations: e.g. ZUT: Secure zone, user mode, thumb code ANSD: Non-secure zone, supervisor mode, data, physical address EAHR: Dual-port access to physical hypervisor arm code BUT: Note: H not visible at bus with E, Note: MMU/caching issues with E C: CPU access = current CPU mode access Several others, not mentioned here (e.g. coprocessor access) See debugger_arm.pdf, chapter Access Classes

TrustZone And CPU Modes In TRACE32 MMU mapping of zones and access classes Non-secure zone (N:) MMU.List NonSecPageTable MMU.List IntermedPageTable Hypervisor (H:) Secure zone (Z:) 12 / 46 MMU.List SecPageTable Current CPU mode MMU.List HypPageTable MMU.List PageTable Note: MMU.List without parameters shows fixed, manual entries!

TrustZone And CPU Modes In TRACE32 Physical addresses / access class A: 13 / 46 Physical is unambiguous? No it isn't! AZSD: is different from ANUP! S/U state visible on AMBA bus distinction possible! Zone also distinguishable on physical bus: AN: might not see physical secure memory AZ: might see different memory/peripheral than AN: While in non-secure mode, override with AZ: If CPU lets us do it (secure debug enabled)

TrustZone And CPU Modes In TRACE32 Run-Time access class E: E.g. SYStem.MemAccess DAP DAP-Access to ARM internal bus (APB/AHB/AXI) Caution: Cache invisible! With write-back cache, you'll see old/invalid data! MMU Translation with debugger may not be possible! E.g. SYStem.CpuAccess Enable 14 / 46 Debugger stops CPU shortly to read data Caution: heavy run-time impact!

TrustZone And CPU Modes In TRACE32 Memory visibility with zones 15 / 46 Depending on CPU hardware implementation, secure zone may be inaccessible! (Secure debug disabled) Depending on CPU mode, some memory may be invisible in non-secure zone! See slide about physical access (AN:/AZ: difference)

Agenda TrustZone And CPU Modes In TRACE32 Default Behavior Of The Debugger 16 / 46 Special TrustZone Support Outlook To Multiple Guests

Default Behavior Of The Debugger Symbols are independent of the CPU mode and TrustZone 17 / 46 List window always shows code matching to symbol address, regardless of zone / access class Debugger accesses variables with the current CPU mode Symbols are only divided in P: and D: (see symbol.list) Access class override is possible!

Default Behavior Of The Debugger Breakpoints are independent of the CPU mode and TrustZone CAUTION: 18 / 46 Software breakpoints are written to the code with current CPU mode Onchip breakpoints react regardless of current CPU mode Each zone (non-secure, secure, hypervisor) has an own MMU translation! If the translation is different for each zone, symbols may not match! Software breakpoints may be set into wrong code! Onchip breakpoints may halt where not desired

Agenda TrustZone And CPU Modes In TRACE32 Default Behavior Of The Debugger Special TrustZone Support 19 / 46 Outlook To Multiple Guests

Special TrustZone Support Support of TrustZones with so called Zone Spaces Symbols are mapped to a specific zone (N: / H: / Z:) 20 / 46 SYStem.Option ZoneSpaces ON E.g.: Data.LOAD.Elf symbols.elf H:0 symbol.name shows symbols mapped to zones List window matches only source code loaded to appropriate zone Accessing symbols/variables automatically uses appropriate zone Accessing symbols or addresses uses appropriate MMU decoding

Special TrustZone Support Breakpoints are zone aware 21 / 46 Software breakpoints set on symbols are automatically set in correct code Software breakpoints on addresses follow the access class Onchip breakpoints react in specified zone/access class only

Agenda TrustZone And CPU Modes In TRACE32 Default Behavior Of The Debugger Special TrustZone Support 22 / 46 Outlook To Multiple Guests

Demo hardware 23 / 46 TRACE32 PowerDebug PRO + PowerTrace PX + Debug Cable Cortex-A/R + ETM Preprocessor Renesas Lager Board CPU: R-CarH2 (Quad Cortex-A15, Quad Cortex-A7)

Demo application running on Cortex-A7 small hand-written monitor for switching secure/non-secure MMU mapping: Z:0x40001200--0x400012ff AZ:0x84001200 small hand-written hypervisor MMU mapping: H:0x40001100--0x40001fff AH:0x83081000 Decryption (AES) demo in secure mode MMU mapping: Z:0x40001300--0x40002fff AZ:0x84001300 FreeRTOS running in non-secure mode MMU mapping: N:0x40001000--0x40006fff I:0x20001000 AN:0x81001000 24 / 46 FreeRTOS Awareness set to work on non-secure mode only TASK.ACCESS N:

Demo application running on Cortex-A7 25 / 46 Overlapping virtual addresses in all three zones! MMU tables are set up to map each zone to a different physical address

Accessing symbols 26 / 46 Different set of symbols for each zone E.g.: each zone has its own main

Accessing symbols 27 / 46 Variables automatically point to the correct zone Different code and different source for each zone

Breakpoints can be set in any zone List.auto and Register windows follow current zone 28 / 46

29 / 46 Stepping through the mode changes We start in non-secure zone Non-secure executes smc #0

30 / 46 Stepping through the mode changes Single step into hypervisor (set TrOnchip.HENTRY ON) Debug hypervisor until switch to monitor

31 / 46 Stepping through the mode changes Hypervisor executes smc #0 Step into monitor mode (note: nsec not valid due to monitor mode)

32 / 46 Stepping through the mode changes Monitor sets up secure mode and executes rfe Step into secure zone

33 / 46 Stepping through the mode changes Debug secure zone until switch to monitor Secure executes smc #0

34 / 46 Stepping through the mode changes Step into monitor mode Monitor sets up non-secure mode and executes rfe

35 / 46 Stepping through the mode changes Monitor mode returns to hypervisor Hypervisor executes eret

36 / 46 Stepping through the mode changes Step into non-secure mode Return from subroutine, and we're back where we started!

Tracing the zones 37 / 46 The ETM stream contains information about which zone is active TRACE32 detects the zone switches and adjusts the access classes to the addresses in the trace.

Tracing the zones 38 / 46 Symbol time chart over zone switches

Tracing the zones 39 / 46 Statistics of recorded functions of all zones (interrupt) = hypervisor; (unknown) = secure zone (unknown to RTOS)

Tracing the zones 40 / 46 Task runtime measurements, if one zone contains an RTOS Here: FreeRTOS running in non-secure (unknown) = secure zone, not known to FreeRTOS

Agenda TrustZone And CPU Modes In TRACE32 Default Behavior Of The Debugger Special TrustZone Support Outlook To Multiple Guests 41 / 46

Outlook To Multiple Guests 42 / 46

Outlook To Multiple Guests Ongoing efforts to support multiple guests Introduction of a machine id Just like the zones, but extended to several guests OS Awareness for each machine 43 / 46 Each guest gets its own machine id Will be an addition to the virtual address Symbol handling separate for each machine Work in progress Multiple guests in access class N: (non-secure zone) Loading several OS awareness at the same time

Outlook To Multiple Guests Two-stage MMU support 44 / 46 Debugger does its own MMU translation and table walk Access to hypervisor and guest simultaneously Access to every guest simultaneously Access to every process within every guest simultaneously Prerequisite: Hypervisor Awareness plus RTOS Awareness HV Awareness provides VTTB of guests RTOS awareness provides TTB of processes

Summary TRACE32 separates the zones for you Debugging simultaneously in each zone, even with overlapping MMU Debugging the zone switches Tracing decodes the zones accordingly TRACE32 ready for ARM TrustZone! 45 / 46

Thank You! Rudi Dienstbeck rudolf.dienstbeck@lauterbach.com Phone: +49 8102 9876 175 Questions? 46 / 46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback