QEMU ARM TrustZone

History

Johannes Winter 9/2011 patches:

  • Added new arm-trustzone-softmmu target along with conditional preprocessor macro for enabling the TZ functionality.
  • Initial arm_is_secure function
  • Added I/O memory access callback functions
  • Added “-unhosted-smc” command line option to allow smc handling while semihosting is enabled
  • Extended the -cpu command line option to take additional options such as “trustzone”
  • Added 2 additional MMU modes
  • Added cp15 register banking and access macros: arm_cp15_banked/_active_bank/_secure/_nonsecure
  • Added banked_uint32_t type containing secure and nonsecure fields
  • Added is_secure flag to phys_addr lookup function
  • Added other_world check for distinguishing permitted operations
  • Added load/save of secure and nonsecure registers
  • Added vbar support and IRQ/FIQ routing
  • Added proto framework for configuring TZ memory protection. The framework included a hierachy of VA space control busses connecting the virtual partition devices on top of the qdev device model. Also includes BP147 TZ protection controller model and skeleton impl. of the TZC380 TZ address space controller. Both were added to vexpress model

    See https://github.com/jowinter/qemu-trustzone/commit/3d1c3b2b8fd4890a4a32633bad4eda4a292a8d17

  • Added SCU access control stubs to the A9 MPCore block
  • Added NSACR access control
  • Added stub for A9 virtualization control register to allow certain kernels to boot
  • Added basic interrupt virtualization and status registers
  • Added support for virtual aborts
  • Added A9 virtualization control register along with virtual interrupt support

Current status

Building TrustZone enabled QEMU

Running TrustZone enabled QEMU

LEG/Engineering/Virtualization/QEMU_TZ (last modified 2014-08-27 17:03:20)