doc: terminology cleanup in trusty doc
- Replace SOS or Service OS with Service VM - Replace UOS or User OS with User VM - Clean up some of the grammar Signed-off-by: Amy Reyes <amy.reyes@intel.com>
This commit is contained in:
parent
e66d65152c
commit
33a205c913
Binary file not shown.
Before Width: | Height: | Size: 18 KiB After Width: | Height: | Size: 16 KiB |
|
@ -2,9 +2,10 @@ digraph G {
|
||||||
rankdir=LR;
|
rankdir=LR;
|
||||||
rank=same;
|
rank=same;
|
||||||
bgcolor="transparent";
|
bgcolor="transparent";
|
||||||
uosl1 [label="UOS_Loader"]
|
uservml1 [label="User VM OS\nBootloader"]
|
||||||
acrn_init [shape=box style="rounded,filled" label="ACRN"]
|
acrn_init [shape=box style="rounded,filled" label="ACRN"]
|
||||||
acrn_switch [shape=box style="rounded,filled" label="ACRN"]
|
acrn_switch [shape=box style="rounded,filled" label="ACRN"]
|
||||||
uosl2 [label="UOS_Loader"]
|
uservml2 [label="User VM OS\nBootloader"]
|
||||||
uosl1 -> acrn_init -> "Trusty" -> acrn_switch -> uosl2;
|
uservml1 -> acrn_init -> "Trusty" -> acrn_switch -> uservml2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,10 +32,13 @@ Trusty Architecture
|
||||||
.. figure:: images/trusty-arch.png
|
.. figure:: images/trusty-arch.png
|
||||||
:align: center
|
:align: center
|
||||||
:width: 800px
|
:width: 800px
|
||||||
:name: Trusty Architectural diagram
|
:name: trusty-architectural-diagram
|
||||||
|
|
||||||
|
Trusty Architectural Diagram
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
Trusty OS is running in Secure World in the architecture drawing above.
|
The Trusty OS is running in the Secure World in the architecture drawing
|
||||||
|
above.
|
||||||
|
|
||||||
.. _trusty-hypercalls:
|
.. _trusty-hypercalls:
|
||||||
|
|
||||||
|
@ -51,7 +54,7 @@ There are a few :ref:`hypercall_apis` that are related to Trusty.
|
||||||
Trusty Boot Flow
|
Trusty Boot Flow
|
||||||
****************
|
****************
|
||||||
|
|
||||||
By design, the User OS bootloader (``UOS_Loader``) will trigger the Trusty
|
By design, the User VM OS bootloader will trigger the Trusty
|
||||||
boot process. The complete boot flow is illustrated below.
|
boot process. The complete boot flow is illustrated below.
|
||||||
|
|
||||||
.. graphviz:: images/trusty-boot-flow.dot
|
.. graphviz:: images/trusty-boot-flow.dot
|
||||||
|
@ -62,12 +65,12 @@ boot process. The complete boot flow is illustrated below.
|
||||||
As shown in the above figure, here are some details about the Trusty
|
As shown in the above figure, here are some details about the Trusty
|
||||||
boot flow processing:
|
boot flow processing:
|
||||||
|
|
||||||
1. UOS_Loader
|
1. User VM OS bootloader
|
||||||
|
|
||||||
a. Load and verify Trusty image from virtual disk
|
a. Load and verify Trusty image from virtual disk
|
||||||
#. Allocate runtime memory for trusty
|
#. Allocate runtime memory for Trusty
|
||||||
#. Do ELF relocation of trusty image and get entry address
|
#. Do ELF relocation of Trusty image and get entry address
|
||||||
#. Call ``hcall_initialize_trusty`` with trusty memory base and
|
#. Call ``hcall_initialize_trusty`` with Trusty memory base and
|
||||||
entry address
|
entry address
|
||||||
#. ACRN (``hcall_initialize_trusty``)
|
#. ACRN (``hcall_initialize_trusty``)
|
||||||
|
|
||||||
|
@ -83,41 +86,44 @@ boot flow processing:
|
||||||
|
|
||||||
a. Save World context for the World that caused this ``vmexit``
|
a. Save World context for the World that caused this ``vmexit``
|
||||||
(Secure World)
|
(Secure World)
|
||||||
#. Restore World context for next World (Normal World (UOS_Loader))
|
#. Restore World context for next World (Normal World: User VM OS bootloader)
|
||||||
#. Resume to next World (UOS_Loader)
|
#. Resume to next World (User VM OS bootloader)
|
||||||
#. UOS_Loader
|
#. User VM OS bootloader
|
||||||
|
|
||||||
a. Continue to boot
|
a. Continue to boot
|
||||||
|
|
||||||
EPT Hierarchy
|
EPT Hierarchy
|
||||||
*************
|
*************
|
||||||
|
|
||||||
As per the Trusty design, Trusty can access Normal World's memory, but Normal
|
As per the Trusty design, Trusty can access the Normal World's memory, but the
|
||||||
World cannot access Secure World's memory. Hence it means Secure World EPTP
|
Normal World cannot access the Secure World's memory. Hence it means the Secure
|
||||||
page table hierarchy must contain normal world GPA address space, while Trusty
|
World EPTP page table hierarchy must contain the Normal World GPA address space,
|
||||||
world's GPA address space must be removed from the Normal world EPTP page
|
while the Trusty world's GPA address space must be removed from the Normal World
|
||||||
table hierarchy.
|
EPTP page table hierarchy.
|
||||||
|
|
||||||
Design
|
Design
|
||||||
======
|
======
|
||||||
|
|
||||||
Put Secure World's GPA to very high position: 511 GB - 512 GB. The PML4/PDPT
|
Put the Secure World's GPA to a very high position: 511 GB - 512 GB. The
|
||||||
for Trusty World are separated from Normal World. PD/PT for low memory
|
PML4/PDPT for the Trusty World are separated from the Normal World. PD and PT
|
||||||
(< 511 GB) are shared in both Trusty World's EPT and Normal World's EPT.
|
for low memory
|
||||||
PD/PT for high memory (>= 511 GB) are valid for Trusty World's EPT only.
|
(< 511 GB) are shared in both the Trusty World's EPT and the Normal World's EPT.
|
||||||
|
PD and PT for high memory (>= 511 GB) are valid for the Trusty World's EPT only.
|
||||||
|
|
||||||
Benefit
|
Benefit
|
||||||
=======
|
=======
|
||||||
|
|
||||||
This design will benefit the EPT changes of Normal World. There are
|
This design will benefit the EPT changes of the Normal World. There are
|
||||||
requirements to modify Normal World's EPT during runtime such as increasing
|
requirements to modify the Normal World's EPT during runtime such as increasing
|
||||||
memory, changing attributes, etc. If such behavior happened, only PD and PT
|
memory and changing attributes. If such behavior happens, only PD and PT
|
||||||
for Normal World need to be updated.
|
for the Normal World need to be updated.
|
||||||
|
|
||||||
.. figure:: images/ept-hierarchy.png
|
.. figure:: images/ept-hierarchy.png
|
||||||
:align: center
|
:align: center
|
||||||
:width: 800px
|
:width: 800px
|
||||||
:name: EPT hierarchy pic
|
:name: ept-hierarchy
|
||||||
|
|
||||||
|
EPT Hierarchy
|
||||||
|
|
||||||
API
|
API
|
||||||
===
|
===
|
||||||
|
|
Loading…
Reference in New Issue