ARM_optee_kinibi基礎_

0 Comments

1.0 MMU关联常用简称

ref1: 【转】深入理解 TLB 原理

ref2: [mmu/cache]-ARM MMU的学习笔记-一篇就够了【转】

MMU: Memory Management Unit

TLB: Translation lookaside buffer

        PGD:  Page Global Dir
        PUD:  Page Upper Dir
        PMD:  Page Middle Dir
        PTE:  Page Table
    VA: virtual address
    PA: physical address

1.1 MMU概念介绍

MMU分为两个部分: TLB maintenance 和 address translation MMU的作用,主要是完成地址的翻译, 无论是main-memory地址(DDR地址), 还是IO地址(设备device地址), 在开启了MMU的系统中,CPU发起的指令读取、数据读写都是虚拟地址, 在ARM Core内部,会先经过MMU将该虚拟地址自动转换成物理地址, 然后在将物理地址发送到AXI总线上,完成真正的物理内存、物理设备的读写访问

1.2 四级页表查找过程

需要四次内存访问。页表查找过程的示例如下图所示

1.3 TLB的特殊

虚拟地址映射物理地址的最小单位是4KB。

    dec: 4096

    bin: 1000000000000

所以TLB其实不需要存储虚拟地址和物理地址的低12位(因为低12位是一样的,根本没必要存储)。

另外,我们如果命中cache,肯定是一次性从cache中拿出整个数据。所以虚拟地址不需要offset域。

index域是否需要呢?这取决于cache的组织形式。

1.4 多进程需要多个TLB

例如,两个user进程进行切换时,

TTBR0_EL1是要从一个user的页表地址,切换到另外一个user的页表地址。

2.1 secure boot

ref: https://logmi.jp/tech/articles/324297

2.2 OP-TEEとTEEの標準化API

2.3 如果启用了hypervisor

(Two Stage Translations)

VA—>PA变成了VA—>IPA—>PA

IPA : intermediate physical address

3.1 TEE parts and working sequence

ref: https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html

*TOS: Trusted Operating System

Two major TEE implementations exist:

  • Qualcomm’s “QSEE”
  • Trustonic’s “Kinibi”.

In order for the “Normal World” to be able to interact with the TEE and the applications within it, the authors of the TEE must also provide:

  • user-libraries
  • daemons
  • kernel drivers

3.2 request load TA with TA UUID

  1. User-mode process wishes to load a trusted application(TA).
  2. Sending a request to a special daemon “mcDriverDaemon”, with UUID.
  3. The daemon may load trustlets from one of two paths with the UUID.
  4. The daemon simply contacts Trustonic’s driver and issues a set of ioctls to pass request to the TEE

3.3 cause some security problem

ref: https://bugs.chromium.org/p/project-zero/issues/detail?id=1239

While the load request itself specifies the UUID of the trustlet to be loaded,

the daemon only uses the UUID to locate the binary,

and doesn’t ensure that it matches the UUID encoded in the trustlet’s header.

Therefore, it is possible to load any trustlet (regardless of UUID) by placing a binary with an arbitrary UUID (e.g., 07050501000000000000000000000020.tlbin) in the data partition’s registry directory,

and subsequently sending a load request with the same UUID to mcDriverDaemon.

4.1 confirm TEE standard API in trustonic SDK

TEE_Client_API_Specification-V1.0.pdf

TEE Client API

t-base-dev-kit/t-sdk/TlcSdk/Public/GP/tee_client_api.h

TEEC_EXPORT TEEC_Result TEEC_InitializeContext(
    const char   *name,
    TEEC_Context *context);

TEEC_EXPORT TEEC_Result  TEEC_OpenSession (
    TEEC_Context    *context,
    TEEC_Session    *session,
    const TEEC_UUID *destination,
    uint32_t        connectionMethod,
    const void      *connectionData,
    TEEC_Operation  *operation,
    uint32_t        *returnOrigin);

TEEC_EXPORT TEEC_Result TEEC_InvokeCommand(
    TEEC_Session     *session,
    uint32_t         commandID,
    TEEC_Operation   *operation,
    uint32_t         *returnOrigin);

TEEC_EXPORT void  TEEC_CloseSession (
    TEEC_Session *session);

TEEC_EXPORT void  TEEC_FinalizeContext(
    TEEC_Context *context);

TEE Internal core API

t-base-dev-kit/t-sdk/TlSdk/Public/GPD_TEE_Internal_API/tee_internal_api.h

EXTERN_C TEE_Result TA_EXPORT TA_CreateEntryPoint(void);

EXTERN_C TEE_Result TA_EXPORT TA_OpenSessionEntryPoint(
        uint32_t    nParamTypes,
        TEE_Param   pParams[4],
        void**      ppSessionContext);

EXTERN_C TEE_Result TA_EXPORT TA_InvokeCommandEntryPoint(
        void*       pSessionContext,
        uint32_t    nCommandID,
        uint32_t    nParamTypes,
        TEE_Param   pParams[4]);

EXTERN_C void TA_EXPORT TA_CloseSessionEntryPoint(
        void*       pSessionContext);

EXTERN_C void TA_EXPORT TA_DestroyEntryPoint(void);

4.2 The TEE Client API Architecture

A Shared Memory block is a region of memory allocated in the context of the Client Application memory
space that can be used to transfer data between that Client Application and a Trusted Application.

4.2.2 Share memory API

TEEC_EXPORT TEEC_Result  TEEC_RegisterSharedMemory(
    TEEC_Context      *context,
    TEEC_SharedMemory *sharedMem);

TEEC_EXPORT TEEC_Result  TEEC_AllocateSharedMemory(
    TEEC_Context      *context,
    TEEC_SharedMemory *sharedMem);

TEEC_EXPORT void  TEEC_ReleaseSharedMemory (
    TEEC_SharedMemory *sharedMem);

4.2.3 Share memory Synchronization

  • three temporal states for the Client application (A, B, D)
  • one temporal states for the Trusted application (C)
  • two synchronization operations (1, 2)

Sync operation 1: from state A => states B and C (parallel in the two env).

  • ensure input buffers are synchronized from the TEEC‟s view of memory to the TA‟s view of it.

Sync operation 2: from states B and C (parallel in the two env) => state D.

  • ensure output buffers are synchronized from the TA‟s view of memory to the TEEC‟s view of memory.

4.2.4 live memory, synchronization rules

  1. Marked as input only: in states “B and C”, TEEC can only read, TA can only read.
  2. Marked as input and output: in states “B and C”, TEEC neither read nor write, TA may read and write.

4.3 Fundamental Concepts

TEE Contexts : an abstraction of the logical connection which exists between TEEC and TA

Sessions : an abstraction of the logical connection which exists between TEEC and TA, A Session is opened by TEEC within the scope of a particular TEE Context. When creating a new Session, TEEC must identify the UUID of connecting TA.

Commands : the unit of communication between a Client Application and a Trusted Application within a
Session.

Operation Payload : a set of Operation Parameters, up to 4 Parameters. for An operation to open a Session or to invoke a generic Command.

/* Type definitions */
typedef struct TEEC_Context {
    TEEC_Context_IMP imp;
} TEEC_Context;

typedef struct TEEC_Session {
    TEEC_Session_IMP imp;
} TEEC_Session;

typedef struct TEEC_SharedMemory {
    union {
        void                *buffer;
        int                 fd;
    };
    size_t                  size;
    uint32_t                flags;
    TEEC_SharedMemory_IMP   imp;
} TEEC_SharedMemory;

typedef struct TEEC_Operation {
    uint32_t            started;
    uint32_t            paramTypes;
    TEEC_Parameter      params[4];
    TEEC_Operation_IMP  imp;
} TEEC_Operation;
typedef struct {
    uint32_t                    open_mode;
} TEEC_Context_IMP;

typedef struct {
    uint32_t                    sessionId;
    TEEC_Context_IMP            reserved1;
    void                        *reserved2_tci; // TCI used in tests for old versions
    bool                        reserved3;
    pthread_mutex_t             reserved4;
} TEEC_Session_IMP;

typedef struct {
    bool                        reserved;
} TEEC_SharedMemory_IMP;

typedef struct {
    void                        *reserved;
} TEEC_Operation_IMP;

typedef union {
    TEEC_TempMemoryReference        tmpref;
    TEEC_RegisteredMemoryReference  memref;
    TEEC_Value                      value;
} TEEC_Parameter;

typedef struct {
    void    *buffer;
    size_t  size;
} TEEC_TempMemoryReference;

typedef struct {
    TEEC_SharedMemory *parent;
    size_t  size;
    size_t  offset;
} TEEC_RegisteredMemoryReference;

5.1 TRUSTONIC’S KINIBI TEE IMPLEMENTATION

ref: https://azeria-labs.com/trustonics-kinibi-tee-implementation/

5.2 TRUSTED APPLICATIONS AND TRUSTED DRIVERS

5.3 tlbin MCLF files.

MCLF       Mobicore Loadable Format

The MCLF files for TAs are typically stored in the folders:

  • /system/vendor/app/McRegistry
  • /system/app/mcRegistry
  • /data/app/mcRegistry

5.3.2 mcOpenTrustlet

TCI   Trustlet Connector Interface, CA communicates with TA via TCI
MCI   MobiCore Control Interface,
      This driver communicates with the TEE RTM via MCI
  1. CA attempts to establish a session to a TA using mcOpenTrustlet.
  • trustedapp: memory buffer containing the Trusted Application binary.
  • tLen: length of the memory buffer containing the Trusted Application
  • tci: TCI buffer for communicating with the Trusted Application.
  • tciLen: Length of the TCI buffer.
  1. mcOpenTrustlet request is relayed to the MobiCore Driver in the NWd
  2. MobiCore Driver issues a request to MobiCore in the SWd.
  3. brokers the creation of a new session via MCI.
  4. returns the corresponding session ID.
/** Open a new session to a Trusted Application(Trustlet). The Trusted Application will be loaded from the memory buffer.
 *
 * Write MCP open message to buffer and notify Kinibi about the availability of a new command.
 * Waits till Kinibi responds with the new session ID (stored in the MCP buffer).
 *
 * @param [in,out] session On success, the session data will be returned.
 * @param [in] spid Service Provider ID(for Service provider trustlets otherwise ignored)
 * @param [in] trustedapp memory buffer containing the Trusted Application binary
 * @param [in] tLen length of the memory buffer containing the Trusted Application
 * @param [in] tci TCI buffer for communicating with the Trusted Application.
 * @param [in] tciLen Length of the TCI buffer. Maximum allowed value is MC_MAX_TCI_LEN.
 *
 * @return MC_DRV_OK if operation has been successfully completed.
 * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid.
 * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid.
 * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon socket occur.
 * @return MC_DRV_ERR_UNKNOWN_DEVICE when daemon returns an error.
 * @return MC_DRV_ERR_TRUSTED_APPLICATION_NOT_FOUND when Trusted Application cannot be loaded.
 */
__MC_CLIENT_LIB_API mcResult_t mcOpenTrustlet(
    mcSessionHandle_t   *session,
    mcSpid_t            spid,
    uint8_t             *trustedapp,
    uint32_t            tLen,
    uint8_t             *tci,
    uint32_t            tciLen
);

5.4 TlApi: Trustlet Api

Trustlet   A trusted process or application in certain types of secure system.

5.4.1 CA notifies TA

  1. Session has been established.
  2. The TA is loaded in the TEE.
  3. TCI buffer was mapped into both address spaces(CA and TA).
  4. CA write command to the TCI buffer
  5. CA notify the TA that the command is ready to be processed using the mcNotify
  6. CA waits for the TA to respond by calling the mcWaitNotification

MobiCore Driver Api

/** Wait for a notification issued by Kinibi for a specific session.
 *
 * @param [in] session The session the notification should correspond to.
 * @param [in] timeout Time in milliseconds to wait.
 *
 * @return MC_DRV_OK if notification is available.
 * @return MC_DRV_ERR_TIMEOUT if no notification arrived in time.
 * @return MC_DRV_INFO_NOTIFICATION if a problem with the session was encountered.
 * @return MC_DRV_ERR_NOTIFICATION if a problem with the socket occurred.
 * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid.
 * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid.
 * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid.
 */
__MC_CLIENT_LIB_API mcResult_t mcWaitNotification(
    mcSessionHandle_t   *session,
    int32_t             timeout
);

/** Notify a session.
 * Corresponding errors can only be received by mcWaitNotification().
 *
 * @param session The session to be notified.
 *
 * @return MC_DRV_OK if operation has been successfully completed.
 * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid.
 * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid.
 * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid.
 */
__MC_CLIENT_LIB_API mcResult_t mcNotify(
    mcSessionHandle_t   *session
);

5.4.2 TA notifies CA

  1. The TA reads the TCI buffer to see which command ID
  2. Processes the corresponding command with the parameters from TCI buffer
  3. Having completed the request, the TA writes output back to the TCI buffer
  4. Calls tlApiNotify, back to the NWd causing the mcWaitNotification call to complete.
/** Wait for a notification of the NWd.
 * the platform E_TLAPI_INVALID_TIMEOUT is returned.
 *
 * @param timeout milliseconds to wait
 *       TLAPI_NO_TIMEOUT => direct return
 *       TLAPI_INFINITE_TIMEOUT => wait infinitely
 * @return TLAPI_OK if notification has been received.
 */
_TLAPI_EXTERN_C tlApiResult_t tlApiWaitNotification(uint32_t timeout);

/** Notify the TrustletConnector about changes in the TCI message buffer.
 * tlApiNotify() returns when the notification is processed and the Trustlet can continue.
 *
 * @return TLAPI_OK if notification has been issued successfully.
 */
_TLAPI_EXTERN_C tlApiResult_t tlApiNotify(void);

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

QR code with image

PythonのQRコード画像生成ライブラリ「qrcode」 pip install qrcode QRコードの中に画像を埋め込む download lena.png create QR code with string: "I am Lena" add mini image overlay of…

GPTとは

OpenAI GPTとは2018年に下記論文で提案された自然言語処理モデルです。 基本的にはTransformerと呼ばれる自然言語処理の仕組みをベースにし、事前学習やファインチューニングをすることで非常に高い精度で文章を生成してくれます。現時点ではすでにOpenAI GPT-3が発表されていますが、GPT-2でも高い精度がありフェイクニュースの生成など悪用の危険性が極めて高く、当初はリリースされないという話になるぐらいだったそうです。