1.0 MMU关联常用简称
ref1: 【转】深入理解 TLB 原理
ref2: [mmu/cache]-ARM MMU的学习笔记-一篇就够了【转】
MMU: Memory Management Unit
TLB: Translation lookaside buffer
PGD: Page Global Dir
PUD: Page Upper Dir
PMD: Page Middle Dir
PTE: Page Table
VA: virtual address
PA: physical address1.1 MMU概念介绍
MMU分为两个部分: TLB maintenance 和 address translation MMU的作用,主要是完成地址的翻译, 无论是main-memory地址(DDR地址), 还是IO地址(设备device地址), 在开启了MMU的系统中,CPU发起的指令读取、数据读写都是虚拟地址, 在ARM Core内部,会先经过MMU将该虚拟地址自动转换成物理地址, 然后在将物理地址发送到AXI总线上,完成真正的物理内存、物理设备的读写访问
1.2 四级页表查找过程
需要四次内存访问。页表查找过程的示例如下图所示
1.3 TLB的特殊
虚拟地址映射物理地址的最小单位是4KB。
dec: 4096
bin: 1000000000000所以TLB其实不需要存储虚拟地址和物理地址的低12位(因为低12位是一样的,根本没必要存储)。
另外,我们如果命中cache,肯定是一次性从cache中拿出整个数据。所以虚拟地址不需要offset域。
index域是否需要呢?这取决于cache的组织形式。
1.4 多进程需要多个TLB
例如,两个user进程进行切换时,
TTBR0_EL1是要从一个user的页表地址,切换到另外一个user的页表地址。
2.1 secure boot
ref: https://logmi.jp/tech/articles/324297
2.2 OP-TEEとTEEの標準化API
2.3 如果启用了hypervisor
(Two Stage Translations)
VA—>PA变成了VA—>IPA—>PA
IPA : intermediate physical address
3.1 TEE parts and working sequence
ref: https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html
*TOS: Trusted Operating System
Two major TEE implementations exist:
- Qualcomm’s “QSEE”
- Trustonic’s “Kinibi”.
In order for the “Normal World” to be able to interact with the TEE and the applications within it, the authors of the TEE must also provide:
- user-libraries
- daemons
- kernel drivers
3.2 request load TA with TA UUID
- User-mode process wishes to load a trusted application(TA).
- Sending a request to a special daemon “mcDriverDaemon”, with UUID.
- The daemon may load trustlets from one of two paths with the UUID.
- The daemon simply contacts Trustonic’s driver and issues a set of ioctls to pass request to the TEE
3.3 cause some security problem
ref: https://bugs.chromium.org/p/project-zero/issues/detail?id=1239
While the load request itself specifies the UUID of the trustlet to be loaded,
the daemon only uses the UUID to locate the binary,
and doesn’t ensure that it matches the UUID encoded in the trustlet’s header.
Therefore, it is possible to load any trustlet (regardless of UUID) by placing a binary with an arbitrary UUID (e.g., 07050501000000000000000000000020.tlbin) in the data partition’s registry directory,
and subsequently sending a load request with the same UUID to mcDriverDaemon.
4.1 confirm TEE standard API in trustonic SDK
TEE_Client_API_Specification-V1.0.pdf
TEE Client API
t-base-dev-kit/t-sdk/TlcSdk/Public/GP/tee_client_api.h
TEEC_EXPORT TEEC_Result TEEC_InitializeContext(
const char *name,
TEEC_Context *context);
TEEC_EXPORT TEEC_Result TEEC_OpenSession (
TEEC_Context *context,
TEEC_Session *session,
const TEEC_UUID *destination,
uint32_t connectionMethod,
const void *connectionData,
TEEC_Operation *operation,
uint32_t *returnOrigin);
TEEC_EXPORT TEEC_Result TEEC_InvokeCommand(
TEEC_Session *session,
uint32_t commandID,
TEEC_Operation *operation,
uint32_t *returnOrigin);
TEEC_EXPORT void TEEC_CloseSession (
TEEC_Session *session);
TEEC_EXPORT void TEEC_FinalizeContext(
TEEC_Context *context);TEE Internal core API
t-base-dev-kit/t-sdk/TlSdk/Public/GPD_TEE_Internal_API/tee_internal_api.h
EXTERN_C TEE_Result TA_EXPORT TA_CreateEntryPoint(void);
EXTERN_C TEE_Result TA_EXPORT TA_OpenSessionEntryPoint(
uint32_t nParamTypes,
TEE_Param pParams[4],
void** ppSessionContext);
EXTERN_C TEE_Result TA_EXPORT TA_InvokeCommandEntryPoint(
void* pSessionContext,
uint32_t nCommandID,
uint32_t nParamTypes,
TEE_Param pParams[4]);
EXTERN_C void TA_EXPORT TA_CloseSessionEntryPoint(
void* pSessionContext);
EXTERN_C void TA_EXPORT TA_DestroyEntryPoint(void);4.2 The TEE Client API Architecture
A Shared Memory block is a region of memory allocated in the context of the Client Application memory
space that can be used to transfer data between that Client Application and a Trusted Application.
4.2.2 Share memory API
TEEC_EXPORT TEEC_Result TEEC_RegisterSharedMemory(
TEEC_Context *context,
TEEC_SharedMemory *sharedMem);
TEEC_EXPORT TEEC_Result TEEC_AllocateSharedMemory(
TEEC_Context *context,
TEEC_SharedMemory *sharedMem);
TEEC_EXPORT void TEEC_ReleaseSharedMemory (
TEEC_SharedMemory *sharedMem);4.2.3 Share memory Synchronization
- three temporal states for the Client application (A, B, D)
- one temporal states for the Trusted application (C)
- two synchronization operations (1, 2)
Sync operation 1: from state A => states B and C (parallel in the two env).
- ensure input buffers are synchronized from the TEEC‟s view of memory to the TA‟s view of it.
Sync operation 2: from states B and C (parallel in the two env) => state D.
- ensure output buffers are synchronized from the TA‟s view of memory to the TEEC‟s view of memory.
4.2.4 live memory, synchronization rules
- Marked as input only: in states “B and C”, TEEC can only read, TA can only read.
- Marked as input and output: in states “B and C”, TEEC neither read nor write, TA may read and write.
4.3 Fundamental Concepts
TEE Contexts : an abstraction of the logical connection which exists between TEEC and TA
Sessions : an abstraction of the logical connection which exists between TEEC and TA, A Session is opened by TEEC within the scope of a particular TEE Context. When creating a new Session, TEEC must identify the UUID of connecting TA.
Commands : the unit of communication between a Client Application and a Trusted Application within a
Session.
Operation Payload : a set of Operation Parameters, up to 4 Parameters. for An operation to open a Session or to invoke a generic Command.
/* Type definitions */
typedef struct TEEC_Context {
TEEC_Context_IMP imp;
} TEEC_Context;
typedef struct TEEC_Session {
TEEC_Session_IMP imp;
} TEEC_Session;
typedef struct TEEC_SharedMemory {
union {
void *buffer;
int fd;
};
size_t size;
uint32_t flags;
TEEC_SharedMemory_IMP imp;
} TEEC_SharedMemory;
typedef struct TEEC_Operation {
uint32_t started;
uint32_t paramTypes;
TEEC_Parameter params[4];
TEEC_Operation_IMP imp;
} TEEC_Operation;typedef struct {
uint32_t open_mode;
} TEEC_Context_IMP;
typedef struct {
uint32_t sessionId;
TEEC_Context_IMP reserved1;
void *reserved2_tci; // TCI used in tests for old versions
bool reserved3;
pthread_mutex_t reserved4;
} TEEC_Session_IMP;
typedef struct {
bool reserved;
} TEEC_SharedMemory_IMP;
typedef struct {
void *reserved;
} TEEC_Operation_IMP;
typedef union {
TEEC_TempMemoryReference tmpref;
TEEC_RegisteredMemoryReference memref;
TEEC_Value value;
} TEEC_Parameter;
typedef struct {
void *buffer;
size_t size;
} TEEC_TempMemoryReference;
typedef struct {
TEEC_SharedMemory *parent;
size_t size;
size_t offset;
} TEEC_RegisteredMemoryReference;5.1 TRUSTONIC’S KINIBI TEE IMPLEMENTATION
ref: https://azeria-labs.com/trustonics-kinibi-tee-implementation/
5.2 TRUSTED APPLICATIONS AND TRUSTED DRIVERS
5.3 tlbin MCLF files.
MCLF Mobicore Loadable FormatThe MCLF files for TAs are typically stored in the folders:
- /system/vendor/app/McRegistry
- /system/app/mcRegistry
- /data/app/mcRegistry
5.3.2 mcOpenTrustlet
TCI Trustlet Connector Interface, CA communicates with TA via TCI
MCI MobiCore Control Interface,
This driver communicates with the TEE RTM via MCI
- CA attempts to establish a session to a TA using mcOpenTrustlet.
- trustedapp: memory buffer containing the Trusted Application binary.
- tLen: length of the memory buffer containing the Trusted Application
- tci: TCI buffer for communicating with the Trusted Application.
- tciLen: Length of the TCI buffer.
- mcOpenTrustlet request is relayed to the MobiCore Driver in the NWd
- MobiCore Driver issues a request to MobiCore in the SWd.
- brokers the creation of a new session via MCI.
- returns the corresponding session ID.
/** Open a new session to a Trusted Application(Trustlet). The Trusted Application will be loaded from the memory buffer.
*
* Write MCP open message to buffer and notify Kinibi about the availability of a new command.
* Waits till Kinibi responds with the new session ID (stored in the MCP buffer).
*
* @param [in,out] session On success, the session data will be returned.
* @param [in] spid Service Provider ID(for Service provider trustlets otherwise ignored)
* @param [in] trustedapp memory buffer containing the Trusted Application binary
* @param [in] tLen length of the memory buffer containing the Trusted Application
* @param [in] tci TCI buffer for communicating with the Trusted Application.
* @param [in] tciLen Length of the TCI buffer. Maximum allowed value is MC_MAX_TCI_LEN.
*
* @return MC_DRV_OK if operation has been successfully completed.
* @return MC_DRV_INVALID_PARAMETER if session parameter is invalid.
* @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid.
* @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon socket occur.
* @return MC_DRV_ERR_UNKNOWN_DEVICE when daemon returns an error.
* @return MC_DRV_ERR_TRUSTED_APPLICATION_NOT_FOUND when Trusted Application cannot be loaded.
*/
__MC_CLIENT_LIB_API mcResult_t mcOpenTrustlet(
mcSessionHandle_t *session,
mcSpid_t spid,
uint8_t *trustedapp,
uint32_t tLen,
uint8_t *tci,
uint32_t tciLen
);5.4 TlApi: Trustlet Api
Trustlet A trusted process or application in certain types of secure system.5.4.1 CA notifies TA
- Session has been established.
- The TA is loaded in the TEE.
- TCI buffer was mapped into both address spaces(CA and TA).
- CA write command to the TCI buffer
- CA notify the TA that the command is ready to be processed using the mcNotify
- CA waits for the TA to respond by calling the mcWaitNotification
MobiCore Driver Api
/** Wait for a notification issued by Kinibi for a specific session.
*
* @param [in] session The session the notification should correspond to.
* @param [in] timeout Time in milliseconds to wait.
*
* @return MC_DRV_OK if notification is available.
* @return MC_DRV_ERR_TIMEOUT if no notification arrived in time.
* @return MC_DRV_INFO_NOTIFICATION if a problem with the session was encountered.
* @return MC_DRV_ERR_NOTIFICATION if a problem with the socket occurred.
* @return MC_DRV_INVALID_PARAMETER if a parameter is invalid.
* @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid.
* @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid.
*/
__MC_CLIENT_LIB_API mcResult_t mcWaitNotification(
mcSessionHandle_t *session,
int32_t timeout
);
/** Notify a session.
* Corresponding errors can only be received by mcWaitNotification().
*
* @param session The session to be notified.
*
* @return MC_DRV_OK if operation has been successfully completed.
* @return MC_DRV_INVALID_PARAMETER if session parameter is invalid.
* @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid.
* @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid.
*/
__MC_CLIENT_LIB_API mcResult_t mcNotify(
mcSessionHandle_t *session
);5.4.2 TA notifies CA
- The TA reads the TCI buffer to see which command ID
- Processes the corresponding command with the parameters from TCI buffer
- Having completed the request, the TA writes output back to the TCI buffer
- Calls tlApiNotify, back to the NWd causing the mcWaitNotification call to complete.
/** Wait for a notification of the NWd.
* the platform E_TLAPI_INVALID_TIMEOUT is returned.
*
* @param timeout milliseconds to wait
* TLAPI_NO_TIMEOUT => direct return
* TLAPI_INFINITE_TIMEOUT => wait infinitely
* @return TLAPI_OK if notification has been received.
*/
_TLAPI_EXTERN_C tlApiResult_t tlApiWaitNotification(uint32_t timeout);
/** Notify the TrustletConnector about changes in the TCI message buffer.
* tlApiNotify() returns when the notification is processed and the Trustlet can continue.
*
* @return TLAPI_OK if notification has been issued successfully.
*/
_TLAPI_EXTERN_C tlApiResult_t tlApiNotify(void);