qemu -M raspi[23] timer

This forums is for OS project announcements including project openings, new releases, update notices, test requests, and job openings (both paying and volunteer).
pharos
Posts: 11
Joined: Sat Jul 21, 2018 3:08 am
Libera.chat IRC: pharos

Re: qemu -M raspi[23] timer

Post by pharos »

zaval wrote: I think, that Secure World devised by ARM is way more interesting, not to mention - useful, than HV. I am very eager to try it on my own, unfortunately, am not ready yet. :mrgreen: For an osdev, this feature opens a lot of challenges and fun. Unfortunately, not every vendor is ready to give it to you. I guess, Monitor Mode/EL3 availability on some platforms yet is a temporary goody, thanks to overlooking this by clumsy a little vendors like Allwinner, Rockchip etc. Eventually they will "grow up", get toothier and lock that down, not doing anything useful there by themselves and not letting anybody else. Just like TI does.
Hi zaval,

May I ask you, what do you think is so good about Secure World? I though about it a couple of times but did not find an interesting application yet... I must have been searching in the wrong place.

Thanks
User avatar
zaval
Member
Member
Posts: 656
Joined: Fri Feb 17, 2017 4:01 pm
Location: Ukraine, Bachmut
Contact:

Re: qemu -M raspi[23] timer

Post by zaval »

Anything would be better, than HV. :mrgreen: Well, about searching in a right place, try ARM site, they have a paper on TrustZone, it gives you insights on what it could be used for and its capabilities. TrustZone, PSCI, ATF are keywords.
What's interesting in the Secure World? It's up to your OS design, of course, how extensively you are going to use Secure Extension (SE), if anyhow, but generally speaking, every OS has some kind of Security Subsystem. It provides many security related functions - from access control and secure account management to cryptographical APIs. So, this SE strengthens your Security Subsystem, because it gives you a hardware for it, it's much harder to "crack" it. You can put there something as simple as gateway system services (calls)-like set, that other components may invoke or as complex as running there entire different (Secure) OS, if needed. I didn't get to it yet, honestly, so I can't say what I would want to do with it, I am still Insecure for now. :lol: But looking over its features, it's rather obvious, that it's something really valuable, that definetely can find its way for providing people valuable features, usability. The fact it's now laying dormant with linux, shouldn't be considered as a proof of its unusefulness, linux never was famous for being innovative. Oh, look, I am again talking about how I dislike linux, instead of advertising SE. :D
Just a primitive example - Secure World has its own secure memory, totally inaccessible even from kernel (its insecure parts). So, your security subsystem may put there over-sensitive data and given, that access to them is possible only through the very strict gateway mechanism, the attack surface gets minimized and even intrusion into the kernel wouldn't be able to let a maluser get those data. Or vulnerabilities like Spectre, Meltdown, they won't help to guess those data either. Now elaborate on this, depending on what your system is (going to be), these capabilities definitely could be very useful. Couldn't they? There might be secure peripherals as well, - yet one field for desing considerations. Finally, Secure World handles Reset/Shutdown, idle, secondary CPUs bring up, big.LITTLE migration.
ANT - NT-like OS for x64 and arm64.
efify - UEFI for a couple of boards (mips and arm). suspended due to lost of all the target park boards (russians destroyed our town).
User avatar
eekee
Member
Member
Posts: 872
Joined: Mon May 22, 2017 5:56 am
Location: Kerbin
Discord: eekee
Contact:

Re: qemu -M raspi[23] timer

Post by eekee »

On tone: I've found out the hard way it's not a good idea to express anger against presumed bad moves of an organization. There's pretty-much always an acceptable (or at least understandable) reason. This has not yet stopped me expressing such anger. I have so much practice at it, it's like it's got its own inertia!
Kaph — a modular OS intended to be easy and fun to administer and code for.
"May wisdom, fun, and the greater good shine forth in all your work." — Leo Brodie
Post Reply