On Tue, Oct 24, 2017 at 3:41 PM, Christoffer Dall <cdall@xxxxxxxxxx> wrote:
Hi,Well, I wrote a thin hypervisor. The hypervisor is used to execute protected code in a trusted environment , in this case EL2 is the trusted environment.
On Mon, Oct 23, 2017 at 09:33:28PM +0000, Raz wrote:
> 1. According the documentation of MAIR_EL2 there are 8 attributes but
> in the code you present only 6. Why ?
I just don't think we need those other defines.
> 2. Why there are names to the attributes ? Does it make a difference if I
> assign
> an attribute index 2 or attribute index 0 in the page while the two attr
>
I'm not entirely sure what you're asking here.
Can you try to explain what the background of your question is?
The flow is as follows: Consider a function foo() :
..
int foo() {
return 19;
}
..
..
int foo() {
return 19;
}
..
After g++ compilation:
_Z3foov():
mov w0, #0x13
ret
_Z3foov():
mov w0, #0x13
ret
Now let say you want to run foo() in a trusted environment. To do that we encrypt foo() and add its encrypted form as a new section to the program's ELF. The old foo() is replaced
by opcodes that generates a trap.I chose brk:
_Z3foo():
brk
brk
Now, Whenever an encrypted program is executed , the moment it execute the brk command, it traps into the hypervisor. The hypervisor decrypts foo and executes it in EL2.
That's about it.
The essence of this idea is that I never let foo() code be visible to the operating system.
My main obstacle now is performance ( I am 20 times slower) as at the moment I have to flush the cache. I need to implement a cache write back and this is done by manipulating mair_el2 and
the page descriptor.
Kind regards
Raz
I think these defines are just the way Linux configures the page tables.
-Christoffer
> /*
> * Memory types available.
> */
> #define MT_DEVICE_nGnRnE 0
> #define MT_DEVICE_nGnRE 1
> #define MT_DEVICE_GRE 2
> #define MT_NORMAL_NC 3
> #define MT_NORMAL 4
> #define MT_NORMAL_WT 5
--
Attachment:
TEEinARM.pdf
Description: Adobe PDF document
_______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
