OrgACRN
/
projectacrn.github.io
mirror of https://github.com/projectacrn/projectacrn.github.io.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
projectacrn.github.io/0.7/tutorials/trustyACRN.html

1184 lines
84 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Trusty and Security Services in ACRN &mdash; Project ACRN™ v 0.7 documentation</title>
<link rel="shortcut icon" href="../_static/ACRN-favicon-32x32.png"/>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/acrn-custom.css" type="text/css" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Using AGL as the User OS" href="using_agl_as_uos.html" />
<link rel="prev" title="Using a static IP address" href="static-ip.html" />
<script src="../_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="../index.html" class="icon icon-home"> Project ACRN™
<img src="../_static/ACRN_Logo_200w.png" class="logo" alt="Logo"/>
</a>
<div class="version">
0.7
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../introduction/index.html">Introduction to Project ACRN</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#automotive-use-case-example">Automotive Use Case Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#licensing">Licensing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#acrn-device-model-service-os-and-user-os">ACRN Device Model, Service OS, and User OS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#boot-sequence">Boot Sequence</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#acrn-hypervisor-architecture">ACRN Hypervisor Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#acrn-device-model-architecture">ACRN Device Model Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#device-pass-through">Device pass through</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../introduction/index.html#hardware-support-for-device-passthrough">Hardware support for device passthrough</a></li>
<li class="toctree-l3"><a class="reference internal" href="../introduction/index.html#hypervisor-support-for-device-passthrough">Hypervisor support for device passthrough</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#acrn-i-o-mediator">ACRN I/O mediator</a></li>
<li class="toctree-l2"><a class="reference internal" href="../introduction/index.html#virtio-framework-architecture">Virtio framework architecture</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../getting-started/index.html">Getting Started Guides</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../getting-started/apl-nuc.html">Getting started guide for Intel NUC</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/apl-nuc.html#hardware-setup">Hardware setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/apl-nuc.html#firmware-update-on-the-nuc">Firmware update on the NUC</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/apl-nuc.html#software-setup">Software setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/apl-nuc.html#set-up-a-clear-linux-operating-system">Set up a Clear Linux Operating System</a></li>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/apl-nuc.html#add-the-acrn-hypervisor-to-the-efi-partition">Add the ACRN hypervisor to the EFI Partition</a></li>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/apl-nuc.html#acrn-network-bridge">ACRN Network Bridge</a></li>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/apl-nuc.html#set-up-reference-uos">Set up Reference UOS</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../getting-started/up2.html">Getting started guide for UP2 board</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/up2.html#hardware-setup">Hardware setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/up2.html#connecting-to-the-serial-port">Connecting to the serial port</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/up2.html#software-setup">Software setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/up2.html#up2-serial-port-setting">UP2 serial port setting</a></li>
<li class="toctree-l4"><a class="reference internal" href="../getting-started/up2.html#up2-block-device">UP2 block device</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/up2.html#running-the-hypervisor">Running the hypervisor</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../getting-started/building-from-source.html">Build ACRN from Source</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/building-from-source.html#install-build-tools-and-dependencies">Install build tools and dependencies</a></li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/building-from-source.html#build-the-hypervisor-device-model-and-tools">Build the hypervisor, device model and tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/building-from-source.html#configuring-the-hypervisor">Configuring the hypervisor</a></li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/building-from-source.html#modify-the-hypervisor-configurations">Modify the hypervisor configurations</a></li>
<li class="toctree-l3"><a class="reference internal" href="../getting-started/building-from-source.html#create-a-new-default-configuration">Create a new default configuration</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../hardware.html">Supported Hardware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../hardware.html#intel-apollo-lake-nuc">Intel Apollo Lake NUC</a></li>
<li class="toctree-l2"><a class="reference internal" href="../hardware.html#intel-kaby-lake-nuc">Intel Kaby Lake NUC</a></li>
<li class="toctree-l2"><a class="reference internal" href="../hardware.html#up-squared-board">UP Squared board</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../user-guides/index.html">User Guides</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../user-guides/acrn-dm-parameters.html">Device Model Parameters</a></li>
<li class="toctree-l2"><a class="reference internal" href="../user-guides/acrn-shell.html">ACRN Shell Commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../user-guides/tools.html">Tools</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../tools/README.html">ACRN tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrn-crashlog/README.html">ACRN-Crashlog</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#introduction">Introduction</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#building">Building</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#installing">Installing</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#enabling-disabling">Enabling/Disabling</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/README.html#source-code">Source Code</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html">acrnprobe</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html#architecture">Architecture</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html#source-files">Source files</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/README.html#configuration-files">Configuration files</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html">acrnprobe Configuration</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html#layout">Layout</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html#properties-of-group-members">Properties of group members</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html#crash-tree-in-acrnprobe">Crash tree in acrnprobe</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/acrnprobe/conf.html#sections">Sections</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrn-crashlog/usercrash/README.html">usercrash</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/usercrash/README.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/usercrash/README.html#design">Design</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/usercrash/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-crashlog/usercrash/README.html#souce-code">Souce Code</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrn-manager/README.html">acrnctl and acrnd</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-manager/README.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-manager/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-manager/README.html#acrnd">acrnd</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrn-manager/README.html#build-and-install">Build and Install</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrnlog/README.html">acrnlog</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrnlog/README.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrnlog/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrnlog/README.html#build-and-install">Build and Install</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../tools/acrntrace/README.html">acrntrace</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrntrace/README.html#description">Description</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrntrace/README.html#usage">Usage</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tools/acrntrace/README.html#build-and-install">Build and Install</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../developer-guides/index.html">Developer Guides</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/hld/index.html">High-Level Design Guides</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-overview.html">Overview</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#acrn-supported-use-cases">ACRN Supported Use Cases</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#hardware-requirements">Hardware Requirements</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#acrn-architecture">ACRN Architecture</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#hypervisor">Hypervisor</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#sos">SOS</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#uos">UOS</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#freedom-from-interference">Freedom From Interference</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#boot-flow">Boot Flow</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-overview.html#power-management">Power Management</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-hypervisor.html">Hypervisor</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-startup.html">Hypervisor Startup</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-cpu-virt.html">CPU Virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-memmgt.html">Memory management</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-io-emulation.html">I/O Emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-ioc-virt.html">IOC Virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-interrupt.html">Physical Interrupt</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-timer.html">Timer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-virt-interrupt.html">Virtual Interrupt</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-vt-d.html">VT-d</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-dev-passthrough.html">Device Passthrough</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-partitionmode.html">Partition mode</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-pm.html">Power Management</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-console.html">Console, Shell, and vUART</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-hypercall.html">Hypercall / VHM upcall</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hv-config.html">Compile-time configuration</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html">Device Model</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#configuration">Configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#dm-initialization">DM Initialization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#vhm">VHM</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#i-o-emulation-in-sos">I/O Emulation in SOS</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#device-emulation">Device Emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#isa-and-pci-emulation">ISA and PCI Emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#acpi-virtualization">ACPI Virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-devicemodel.html#pm-in-device-model">PM in Device Model</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-emulated-devices.html">Emulated Devices</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/usb-virt-hld.html">USB Virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/uart-virt-hld.html">UART virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/watchdog-hld.html">Watchdoc virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/random-virt-hld.html">Random device virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-APL_GVT-g.html">GVT-g GPU Virtualization</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html">Virtio Devices</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html#virtio-introduction">Virtio introduction</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html#key-concepts">Key Concepts</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html#virtio-frameworks">Virtio Frameworks</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html#virtio-apis">Virtio APIs</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-virtio-devices.html#supported-virtio-devices">Supported Virtio Devices</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-vm-management.html">VM Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-vm-management.html#vm-state">VM state</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-vm-management.html#scenarios-of-vm-state-change">Scenarios of VM state change</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-vm-management.html#vm-state-management">VM State management</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-power-management.html">Power Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-power-management.html#p-state-c-state-management">P-state/C-state management</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-power-management.html#s3-s5">S3/S5</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-trace-log.html">Tracing and Logging</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-trace-log.html#shared-buffer">Shared Buffer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-trace-log.html#acrn-trace">ACRN Trace</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-trace-log.html#acrn-log">ACRN Log</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-vsbl.html">Virtual Bootloader</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/hld/hld-security.html">Security</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-security.html#introduction">Introduction</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-security.html#background">Background</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/hld/hld-security.html#acrn-high-level-security-architecture">ACRN High-Level Security Architecture</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/primer.html">Developer Primer</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#source-tree-structure">Source Tree Structure</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#acrn-hypervisor-source-tree">ACRN hypervisor source tree</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#acrn-device-model-source-tree">ACRN Device Model source tree</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#acrn-tools-source-tree">ACRN Tools source tree</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#acrn-documentation-source-tree">ACRN documentation source tree</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#cpu-virtualization">CPU virtualization</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#host-gdt">Host GDT</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#host-idt">Host IDT</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#guest-smp-booting">Guest SMP Booting</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#vmx-configuration">VMX configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#cpuid-and-guest-tsc-calibration">CPUID and Guest TSC calibration</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#rdtsc-rdtscp">RDTSC/RDTSCP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#cr-register-virtualization">CR Register virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#msr-bitmap">MSR BITMAP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#i-o-bitmap">I/O BITMAP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#exceptions">Exceptions</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#memory-virtualization">Memory virtualization</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#physical-memory-layout">Physical Memory Layout</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#pv-mmu-memory-mapping-in-the-hypervisor">PV (MMU) Memory Mapping in the Hypervisor</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#pv-mmu-memory-mapping-in-vms">PV (MMU) Memory Mapping in VMs</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#host-guest-ept-memory-mapping">Host-Guest (EPT) Memory Mapping</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#graphic-mediation">Graphic mediation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#i-o-emulation">I/O emulation</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#device-assignment-management">Device Assignment Management</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#pio-mmio-trap-flow">PIO/MMIO trap Flow</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#virtual-interrupt">Virtual interrupt</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtual-lapic">Virtual LAPIC</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtual-ioapic">Virtual IOAPIC</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtual-pic">Virtual PIC</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtual-interrupt-injection">Virtual Interrupt Injection</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#vt-x-and-vt-d">VT-x and VT-d</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#hypercall">Hypercall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#device-emulation">Device emulation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/primer.html#virtio-devices">Virtio Devices</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtio-rnd">Virtio-rnd</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtio-blk">Virtio-blk</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtio-net">Virtio-net</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/primer.html#virtio-console">Virtio-console</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/GVT-g-porting.html">GVT-g Enabling and Porting Guide</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#introduction">Introduction</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#purpose-of-this-document">Purpose of this document</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#overall-components">Overall Components</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#core-scenario-interaction-sequences">Core scenario interaction sequences</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#vgpu-creation-scenario">vGPU creation scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#vgpu-destroy-scenario">vGPU destroy scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#vgpu-pci-configure-space-write-scenario">vGPU pci configure space write scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#pci-configure-space-read-scenario">pci configure space read scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#ggtt-read-write-scenario">GGTT read/write scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#mmio-read-write-scenario">MMIO read/write scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#ppgtt-write-protection-page-set-unset-scenario">PPGTT write protection page set/unset scenario</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#ppgtt-write-protection-page-write">PPGTT write protection page write</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-porting.html#api-details">API details</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html">GVT-g (AcrnGT) Kernel Options</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-enable-gvt">i915.enable_gvt</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-enable-pvmmio">i915.enable_pvmmio</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-gvt-workload-priority">i915.gvt_workload_priority</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-enable-initial-modeset">i915.enable_initial_modeset</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-avail-planes-per-pipe-and-i915-domain-plane-owners">i915.avail_planes_per_pipe and i915.domain_plane_owners</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-domain-plane-owners">i915.domain_plane_owners</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-avail-planes-per-pipe">i915.avail_planes_per_pipe</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-domain-scaler-owner">i915.domain_scaler_owner</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/GVT-g-kernel-options.html#i915-enable-hangcheck">i915.enable_hangcheck</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/trusty.html">Trusty TEE</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/trusty.html#introduction">Introduction</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/trusty.html#trusty-architecture">Trusty Architecture</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/trusty.html#trusty-specific-hypercalls">Trusty specific Hypercalls</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/trusty.html#trusty-boot-flow">Trusty Boot flow</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/trusty.html#ept-hierarchy">EPT Hierarchy</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/trusty.html#design">Design</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/trusty.html#benefit">Benefit</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/trusty.html#api">API</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/l1tf.html">L1 Terminal Fault Mitigation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/l1tf.html#overview">Overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/l1tf.html#l1tf-problem-in-acrn">L1TF Problem in ACRN</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#guest-hypervisor-attack">Guest -&gt; hypervisor Attack</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#guest-guest-attack">Guest -&gt; guest Attack</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#normal-world-secure-world-attack">Normal_world -&gt; Secure_world Attack</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#affected-processors">Affected Processors</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/l1tf.html#l1tf-mitigation-in-acrn">L1TF Mitigation in ACRN</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#l1d-flush-on-vmentry">L1D flush on VMENTRY</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#ept-sanitization">EPT Sanitization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#put-secret-data-into-uncached-memory">Put Secret Data into Uncached Memory</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#l1d-flush-on-world-switch">L1D flush on World Switch</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/l1tf.html#core-based-scheduling">Core-based scheduling</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/l1tf.html#mitigation-recommendations">Mitigation Recommendations</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/l1tf.html#mitigation-status">Mitigation Status</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/VBSK-analysis.html">VBS-K Framework Virtualization Overhead Analysis</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/VBSK-analysis.html#introduction">Introduction</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/VBSK-analysis.html#architecture-of-virtio-echo">Architecture of VIRTIO-ECHO</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/VBSK-analysis.html#virtualization-overhead-analysis">Virtualization Overhead Analysis</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/VBSK-analysis.html#conclusion">Conclusion</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/modularity.html">ACRN Hypervisor: Modular Design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/modularity.html#overview">Overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/modularity.html#principles">Principles</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/modularity.html#minimizing-cyclic-dependencies">Minimizing Cyclic Dependencies</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/modularity.html#measuring-complexity">Measuring Complexity</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/modularity.html#architecture">Architecture</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/modularity.html#references">References</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../api/index.html">API Documentation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../api/hypercall_api.html">Hypercall APIs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../api/devicemodel_api.html">Device Model APIs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../api/GVT-g_api.html">ACRN GVT-g APIs</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../api/GVT-g_api.html#core-driver-infrastructure">Core Driver Infrastructure</a></li>
<li class="toctree-l4"><a class="reference internal" href="../api/GVT-g_api.html#vhm-apis-called-from-acrngt">VHM APIs called from AcrnGT</a></li>
<li class="toctree-l4"><a class="reference internal" href="../api/GVT-g_api.html#acrngt-mediated-pass-through-mpt-interface">AcrnGT mediated pass-through (MPT) interface</a></li>
<li class="toctree-l4"><a class="reference internal" href="../api/GVT-g_api.html#gvt-g-intel-gvt-ops-interface">GVT-g intel_gvt_ops interface</a></li>
<li class="toctree-l4"><a class="reference internal" href="../api/GVT-g_api.html#acrngt-sysfs-interface">AcrnGT sysfs interface</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../reference/kconfig/index.html">Configuration Symbol Reference</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../reference/kconfig/index.html#introduction">Introduction</a></li>
<li class="toctree-l3"><a class="reference internal" href="../reference/kconfig/index.html#supported-options">Supported Options</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer-guides/index.html#contributing-to-the-project">Contributing to the project</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/contribute_guidelines.html">Contribution Guidelines</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#licensing">Licensing</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#developer-certification-of-origin-dco">Developer Certification of Origin (DCO)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#prerequisites">Prerequisites</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#repository-layout">Repository layout</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#submitting-issues">Submitting Issues</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#contribution-tools-and-git-setup">Contribution Tools and Git Setup</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#coding-style">Coding Style</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#contribution-workflow">Contribution Workflow</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/contribute_guidelines.html#commit-guidelines">Commit Guidelines</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/coding_guidelines.html">Coding Guidelines</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#preprocessor">Preprocessor</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#compilation-units">Compilation Units</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#declarations-and-initialization">Declarations and Initialization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#functions">Functions</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#statements">Statements</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#expressions">Expressions</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#types">Types</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#identifiers">Identifiers</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/coding_guidelines.html#coding-style">Coding Style</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/doc_guidelines.html">Documentation Guidelines</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#headings">Headings</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#content-highlighting">Content Highlighting</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#lists">Lists</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#multi-column-lists">Multi-column lists</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#file-names-and-commands">File names and Commands</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#internal-cross-reference-linking">Internal Cross-Reference Linking</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#non-ascii-characters">Non-ASCII Characters</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#code-and-command-examples">Code and Command Examples</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#tabs-spaces-and-indenting">Tabs, spaces, and indenting</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/doc_guidelines.html#drawings">Drawings</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer-guides/graphviz.html">Drawings using graphviz</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/graphviz.html#simple-directed-graph">Simple directed graph</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/graphviz.html#adding-edge-labels">Adding edge labels</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/graphviz.html#tables">Tables</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer-guides/graphviz.html#finite-state-machine">Finite-State Machine</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Tutorials</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="agl-vms.html">Running AGL as VMs</a><ul>
<li class="toctree-l3"><a class="reference internal" href="agl-vms.html#hardware-setup">Hardware setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="agl-vms.html#connecting-hardware">Connecting hardware</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="agl-vms.html#software-setup">Software Setup</a><ul>
<li class="toctree-l4"><a class="reference internal" href="agl-vms.html#service-os">Service OS</a></li>
<li class="toctree-l4"><a class="reference internal" href="agl-vms.html#building-acrn-kernel-for-agl-uos">Building ACRN kernel for AGL (UOS)</a></li>
<li class="toctree-l4"><a class="reference internal" href="agl-vms.html#setting-up-agls">Setting up AGLs</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="building_uos_from_clearlinux.html">Building UOS from Clear Linux OS</a><ul>
<li class="toctree-l3"><a class="reference internal" href="building_uos_from_clearlinux.html#build-uos-image-in-clear-linux-os">Build UOS image in Clear Linux OS</a></li>
<li class="toctree-l3"><a class="reference internal" href="building_uos_from_clearlinux.html#start-the-user-os-uos">Start the User OS (UOS)</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="docbuild.html">ACRN documentation generation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#documentation-overview">Documentation overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#set-up-the-documentation-working-folders">Set up the documentation working folders</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#installing-the-documentation-tools">Installing the documentation tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#documentation-presentation-theme">Documentation presentation theme</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#running-the-documentation-processors">Running the documentation processors</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#publishing-content">Publishing content</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#document-versioning">Document Versioning</a></li>
<li class="toctree-l3"><a class="reference internal" href="docbuild.html#filtering-expected-warnings">Filtering expected warnings</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="rt_linux.html">Using PREEMPT_RT-Linux for real-time UOS</a></li>
<li class="toctree-l2"><a class="reference internal" href="skl-nuc.html">GPU Passthrough on Skylake NUC</a><ul>
<li class="toctree-l3"><a class="reference internal" href="skl-nuc.html#hardware-platform">Hardware platform</a></li>
<li class="toctree-l3"><a class="reference internal" href="skl-nuc.html#software-configuration">Software Configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="skl-nuc.html#software-setup">Software Setup</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="static-ip.html">Using a static IP address</a><ul>
<li class="toctree-l3"><a class="reference internal" href="static-ip.html#acrn-network-setup">ACRN Network Setup</a></li>
<li class="toctree-l3"><a class="reference internal" href="static-ip.html#setting-up-the-static-ip-address">Setting up the static IP address</a></li>
<li class="toctree-l3"><a class="reference internal" href="static-ip.html#activate-the-new-configuration">Activate the new configuration</a></li>
</ul>
</li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Trusty and Security Services in ACRN</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#trusty-architecture">Trusty Architecture</a></li>
<li class="toctree-l3"><a class="reference internal" href="#trusty-services">Trusty Services</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#keystore">Keystore</a></li>
<li class="toctree-l4"><a class="reference internal" href="#secure-storage-ss">Secure Storage (SS)</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#trusty-in-acrn">Trusty in ACRN</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#one-vm-two-worlds">One-VM, Two-Worlds</a></li>
<li class="toctree-l4"><a class="reference internal" href="#secure-storage-virtualization">Secure Storage Virtualization</a></li>
<li class="toctree-l4"><a class="reference internal" href="#references">References:</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="using_agl_as_uos.html">Using AGL as the User OS</a><ul>
<li class="toctree-l3"><a class="reference internal" href="using_agl_as_uos.html#introduction-to-agl">Introduction to AGL</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_agl_as_uos.html#steps-for-using-agl-as-the-uos">Steps for using AGL as the UOS</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_agl_as_uos.html#enable-the-agl-display">Enable the AGL display</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_agl_as_uos.html#follow-up">Follow up</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="using_partition_mode_on_up2.html">Using partition mode on UP2</a><ul>
<li class="toctree-l3"><a class="reference internal" href="using_partition_mode_on_up2.html#prerequisites">Prerequisites</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_partition_mode_on_up2.html#build-kernel-and-modules-for-partition-mode-uos">Build kernel and modules for partition mode UOS</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_partition_mode_on_up2.html#enable-partition-mode-in-acrn-hypervisor">Enable partition mode in ACRN hypervisor</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_partition_mode_on_up2.html#switch-between-privileged-vms">Switch between privileged VMs</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="using_sbl_on_up2.html">Using SBL on UP2 Board</a><ul>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#prerequisites">Prerequisites</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#build-sbl">Build SBL</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#flash-sbl-on-the-up2">Flash SBL on the UP2</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#build-acrn-for-up2">Build ACRN for UP2</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#download-and-install-flash-tool">Download and install flash tool</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#sos-and-laag-installation">SOS and LaaG Installation</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#boot-to-sos">Boot to SOS</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_sbl_on_up2.html#launch-uos">Launch UOS</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="using_ubuntu_as_sos.html">Using Ubuntu as the Service OS</a><ul>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#install-ubuntu-natively">Install Ubuntu (natively)</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#install-acrn">Install ACRN</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#install-the-service-os-kernel">Install the Service OS kernel</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#prepare-the-user-os-uos">Prepare the User OS (UOS)</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#start-the-user-os-uos">Start the User OS (UOS)</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#enabling-network-sharing">Enabling network sharing</a></li>
<li class="toctree-l3"><a class="reference internal" href="using_ubuntu_as_sos.html#enabling-usb-keyboard-and-mouse">Enabling USB keyboard and mouse</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes.html">Release Notes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.7.html">ACRN v0.7 (Mar 2019)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.7.html#version-0-7-new-features">Version 0.7 new features</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.7.html#enable-cache-qos-with-cat">Enable cache QOS with CAT</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.7.html#support-acpi-power-key-mediator">Support ACPI power key mediator</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.7.html#document-updates">Document updates</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.7.html#new-features-details">New Features Details</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.7.html#fixed-issues-details">Fixed Issues Details</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.7.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.7.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.6.html">ACRN v0.6 (Feb 2019)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.6.html#version-0-6-new-features">Version 0.6 new features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.6.html#fixed-issues">Fixed Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.6.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.6.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.5.html">ACRN v0.5 (Jan 2019)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.5.html#version-0-5-new-features">Version 0.5 new features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.5.html#fixed-issues">Fixed Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.5.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.5.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.4.html">ACRN v0.4 (Dec 2018)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.4.html#version-0-4-new-features">Version 0.4 new features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.4.html#fixed-issues">Fixed Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.4.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.4.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.3.html">ACRN v0.3 (Nov 2018)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.3.html#version-0-3-new-features">Version 0.3 new features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.3.html#fixed-issues">Fixed Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.3.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.3.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.2.html">ACRN v0.2 (Sep 2018)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.2.html#version-0-2-new-features">Version 0.2 new features</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#vt-x-vt-d">VT-x, VT-d</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#pic-ioapic-msi-msi-x-pci-lapic">PIC/IOAPIC/MSI/MSI-X/PCI/LAPIC</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#ethernet">Ethernet</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#storage-emmc">Storage (eMMC)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#usb-xdci">USB (xDCI)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#usb-mediator-xhci-and-drd">USB Mediator (xHCI and DRD)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#csme">CSME</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#wifi">WiFi</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#ipu-mipi-cs2-hdmi-in">IPU (MIPI-CS2, HDMI-in)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#bluetooth">Bluetooth</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#gpu-preemption">GPU Preemption</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#gpu-display-surface-sharing-via-hyper-dma">GPU display surface sharing via Hyper DMA</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.2.html#s3">S3</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.2.html#fixed-issues">Fixed Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.2.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.2.html#change-log">Change Log</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../release_notes_0.1.html">ACRN v0.1 (July 2018)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.1.html#version-0-1-new-features">Version 0.1 new features</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#hardware-support">Hardware Support</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#gvt-g-for-acrn">GVT-g for ACRN</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#virtio-standard-is-supported">Virtio standard is supported</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#device-pass-through-support">Device pass-through support</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#hypervisor-configuration">Hypervisor configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="../release_notes_0.1.html#new-acrn-tools">New ACRN tools</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.1.html#known-issues">Known Issues</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release_notes_0.1.html#change-log">Change Log</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../faq.html">FAQ</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../faq.html#what-hardware-does-acrn-support">What hardware does ACRN support?</a></li>
<li class="toctree-l2"><a class="reference internal" href="../faq.html#clear-linux-os-fails-to-boot-on-my-nuc">Clear Linux* OS fails to boot on my NUC</a></li>
<li class="toctree-l2"><a class="reference internal" href="../faq.html#how-do-i-configure-acrn-s-memory-use">How do I configure ACRNs memory use?</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Project ACRN™</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Docs</a> &raquo;</li>
<li><a href="index.html">Tutorials</a> &raquo;</li>
<li>Trusty and Security Services in ACRN</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="trusty-and-security-services-in-acrn">
<span id="trusty-security-services"></span><h1>Trusty and Security Services in ACRN<a class="headerlink" href="#trusty-and-security-services-in-acrn" title="Permalink to this headline"></a></h1>
<p>This document provides an overview of the Trusty architecture for
Linux-based system, what security services Trusty provides, and how
Trusty works on top of the ACRN Hypervisor.</p>
<div class="section" id="trusty-architecture">
<h2>Trusty Architecture<a class="headerlink" href="#trusty-architecture" title="Permalink to this headline"></a></h2>
<p>Trusty is a set of software components supporting a Trusted Execution
Environment (TEE) on embedded devices. It is a full software stack
environment including OS, services, and APIs.
As shown in <a class="reference internal" href="#trusty-arch"><span class="std std-numref">Figure 202</span></a> below, it consists of:</p>
<ul class="simple">
<li>An operating system (the Trusty OS) that runs on a processor
providing a TEE;</li>
<li>Drivers for the kernel (Linux) to facilitate communication with
applications running under the Trusty OS;</li>
<li>A set of libraries for Android systems software to facilitate
communication with trusted applications executed within the Trusty OS
using the kernel drivers.</li>
</ul>
<div class="figure align-center" id="trusty-arch">
<a class="reference internal image-reference" href="../_images/trustyacrn-image1.png"><img alt="../_images/trustyacrn-image1.png" src="../_images/trustyacrn-image1.png" style="width: 600px;" /></a>
<p class="caption"><span class="caption-number">Figure 202 </span><span class="caption-text">Trusty Architecture</span></p>
</div>
<p>Google provides an Android Open Source Project (AOSP) implementation of
Trusty based on ARM TrustZone technology. Intel enables Trusty
implementation on x86 based platforms with hardware virtualization
technology (e.g. VT-x and VT-d). In <a class="reference internal" href="#trusty-arch"><span class="std std-numref">Figure 202</span></a> above, the
Secure Monitor is a VMM hypervisor. It could be any x86 hypervisor, and
it is the customers responsibility to pick the right hypervisor for
their product. Intel has developed a product-quality open source
lightweight hypervisor reference implementation for customers to use;
see <a class="reference external" href="https://github.com/intel/ikgt-core/tree/trusty">https://github.com/intel/ikgt-core/tree/trusty</a>.</p>
<p>The purpose of this secure monitor (hypervisor) is to isolate the normal
and secure worlds, and to schedule Trusty OS in and out on demand. In
the Trusty implementation, all the security services provided by Trusty
OS in the secure world are event-driven. As long as there is no service
request from normal world, Trusty OS wont be scheduled in by the
hypervisor. The normal world and secure world share the same processor
resources, so this minimizes the context switching performance penalty.</p>
<p>In Trusty OS, the kernel is a derivative of the <a class="reference external" href="https://github.com/littlekernel/lk/wiki/Introduction">Little Kernel project</a>,
an embedded kernel supporting multi-thread, interrupt management, MMU,
scheduling, and more. Google engineers added user-mode application
support and a syscall layer to support privilege level isolation, so
that each Trusted App can run in an isolated virtual address space to
enhance application security. Intel added many more security
enhancements such as SMEP (Supervisor Mode Execution Prevention), SMAP
(Supervisor Mode Access Prevention), NX (Non-eXecution), ASLR (Address
Space Layout Randomization), and stack overflow protector.</p>
<p>There are a couple of built-in Trusted Apps running in user mode of
Trusty OS. However, an OEM can add more Trusted Apps in Trusty OS to
serve any other customized security services.For security reasons and
for serving early-boot time security requests (e.g. disk decryption),
Trusty OS and Apps are typically started before Normal world OS.</p>
<p>In normal world OS, Trusty Driver is responsible for IPC communication
with Trusty OS (over hypervisor) to exchange service request commands
and messages. The IPC manager can support concurrent sessions for
communications between Trusted App and Untrusted Client App. Typically,
Trusty provides APIs for developing two classes of applications:</p>
<ul class="simple">
<li>Trusted applications or services that run on the TEE/Trusty OS in
secure world;</li>
<li>Untrusted applications running in normal world that use services
provided by Trusted applications.</li>
</ul>
<p>Software running in normal world can use Trusty client library APIs to
connect to trusted applications and exchange arbitrary messages with
them, just like a network service over IP. It is up to the application
to determine the data format and semantics of these messages using an
app-level protocol. Reliable delivery of messages is guaranteed by the
underlying Trusty infrastructure (Trusty Drivers), and the communication
is completely asynchronous.</p>
<p>Although this Trusty infrastructure is built by Google for Android OS,
it can be applied to any normal world OS (typically a Linux-based OS).
The Trusty OS infrastructure in secure world is normal world
OS-agnostic. The differences truly depend on the security services that
normal world OS would like to have.</p>
</div>
<div class="section" id="trusty-services">
<h2>Trusty Services<a class="headerlink" href="#trusty-services" title="Permalink to this headline"></a></h2>
<p>There are many uses for a Trusted Execution Environment such as mobile
payments, secure banking, full-disk encryption or file-based encryption,
multi-factor authentication, device reset protection, replay-protected
persistent storage (secure storage), wireless display (“cast”) of
protected content, secure PIN and fingerprint processing, and even
malware detection.</p>
<p>In embedded products such as an automotive IVI system, the most important
security services requested by customers are keystore and secure
storage. In this article we will focus on these two services.</p>
<div class="section" id="keystore">
<h3>Keystore<a class="headerlink" href="#keystore" title="Permalink to this headline"></a></h3>
<p>Keystore (or Keymaster app in Trusty OS) provides the following
services:</p>
<ul class="simple">
<li>Key generation</li>
<li>Import and export of asymmetric keys (no key wrapping)</li>
<li>Import of raw symmetric keys (no key wrapping)</li>
<li>Asymmetric encryption and decryption with appropriate padding modes</li>
<li>Asymmetric signing and verification with digesting and appropriate
padding modes</li>
<li>Symmetric encryption and decryption in appropriate modes, including
an AEAD mode</li>
<li>Generation and verification of symmetric message authentication codes</li>
</ul>
<p>Protocol elements, such as purpose, mode and padding, as well as access
control constraints, are specified when keys are generated or imported
and are permanently bound to the key, ensuring the key cannot be used in
any other way.</p>
<p>In addition to the list above, there is one more service that Keymaster
implementations provide, but which is not exposed as an API: Random
number generation. This is used internally for generation of keys,
Initialization Vectors (IVs), random padding, and other elements of
secure protocols that require randomness.</p>
<p>Using Android as an example, Keystore functions are explained in greater
details in this <a class="reference external" href="https://source.android.com/security/keystore/implementer-ref">Android keymaster functions document</a></p>
<div class="figure align-center" id="keymaster-app">
<a class="reference internal image-reference" href="../_images/trustyacrn-image3.png"><img alt="../_images/trustyacrn-image3.png" src="../_images/trustyacrn-image3.png" style="width: 600px;" /></a>
</div>
<p>As shown in <a class="reference internal" href="#keymaster-app"><span class="std std-numref">Figure 203</span></a> above, the Keymaster HAL is a
dynamically-loadable library used by the Keystore service to provide
hardware-backed cryptographic services. To keep things secure, HAL
implementations dont perform any security sensitive
operations/algorithms in user space, or even in kernel space. Sensitive
operations are delegated to a secure world TEE (Trusty OS) reached
through a kernel interface. The purpose of the Keymaster HAL is only to
marshal and unmarshal requests to the secure world.</p>
</div>
<div class="section" id="secure-storage-ss">
<h3>Secure Storage (SS)<a class="headerlink" href="#secure-storage-ss" title="Permalink to this headline"></a></h3>
<p>Trusty implements a secure storage services (in Secure Storage TA) based
on RPMB (Replay Protected Memory Block) partition in eMMC or UFS flash
storage. The details of how RPMB works are out of scope in this article.
You can read the <a class="reference external" href="https://www.jedec.org/standards-documents/focus/flash/universal-flash-storage-ufs">eMMC/UFS JEDEC specification</a>
to understand that.</p>
<p>This secure storage can provide data confidentiality, integrity, and
anti-replay protection.Confidentiality is guaranteed by data encryption
with a root key derived from the platform chipsets unique key/secret.</p>
<p>RPMB partition is a fixed size partition (128KB ~ 16MB) in eMMC (or UFS)
drive. Users can not change its size after buying an eMMC flash drive
from vendor.</p>
<p>This secure storage could be used for anti-rollback in verified boot,
for saving authentication (e.g. password/pin) retry attempt failure
record to prevent brute-force attacks, for storing Android attestation
keybox,
or for storing customers credential/secrets (e.g. OEM image encryption
key). See <a class="reference external" href="https://source.android.com/security/keystore/attestation">Android Key and ID Attestation</a>
for details.</p>
<p>In Trusty, the secure storage architecture is shown in the figure below.
In the secure world, there is a SS (Secure Storage) TA, which has an
RPMB authentication key (AuthKey, an HMAC key) and uses this Authkey to
talk with the RPMB controller in the eMMC device. Since the eMMC device
is controlled by normal world driver, Trusty needs to send an RPMB data
frame ( encrypted by hardware-backed unique encryption key and signed by
AuthKey) over Trusty IPC channel to Trusty SS proxy daemon, which then
forwards RPMB data frame to physical RPMB partition in eMMC.</p>
<div class="figure align-center" id="trusty-ss-ta">
<a class="reference internal image-reference" href="../_images/trustyacrn-image2.png"><img alt="../_images/trustyacrn-image2.png" src="../_images/trustyacrn-image2.png" style="width: 600px;" /></a>
</div>
<p>As shown in <a class="reference internal" href="#trusty-ss-ta"><span class="std std-numref">Figure 204</span></a> above, Trusty SS TA provides two different services
simultaneously:</p>
<ul class="simple">
<li><strong>TD (Tamper-Detection)</strong>:
The Trusty secure file system metadata is stored in RPMB, while the
user data (after encrypted with hardware-backed encryption key), is
stored in Linux-backed file system in user data partition of eMMC (as
shown in Figure above). This type of service supports large amount of
data storage.
Because of potential data deletion/modification, Trusty OS SS TA
provides a mechanism to detect such tampering behaviors
(deletion/modification, etc.)</li>
<li><strong>TP (Tamper-Proof)</strong>:
This is a tamper-resistant secure storage service with much higher
level of data protection. In this service, the file system metadata
and user data (encrypted) are both stored in RPMB. And both can
survive after a factory reset or user data partition wipe.
As previously mentioned though, the amount of data storage depends on
the eMMC RPMB partition size.</li>
</ul>
<p>Weve discussed how this secure storage architecture looks, and what
secure storage services Trusty SS TA can provide. Now lets briefly take
a look at how it can be used.</p>
<p>As <a class="reference internal" href="#trusty-ss-ta-storage"><span class="std std-numref">Figure 205</span></a> below shows, an OEM can develop a
client App in normal world and a Trusted App (TA) in Trusty OS. The OEM
TA then can talk with either TD or TP (or both) of SS TA through Trusty
internal process IPC to request TA-specific secure file
open/creation/deletion/read/write operations.</p>
<div class="figure align-center" id="trusty-ss-ta-storage">
<a class="reference internal image-reference" href="../_images/trustyacrn-image5.png"><img alt="../_images/trustyacrn-image5.png" src="../_images/trustyacrn-image5.png" style="width: 600px;" /></a>
</div>
<p>Here is a simple example showing data signing:</p>
<ol class="arabic simple">
<li>An OEM Client App sends the message that needs signing to the OEM
Trusted App in TEE/secure world.</li>
<li>The OEM Trusted App retrieves the signing key (that was previously
saved into SS TA) from SS TA, and uses it for signing the message,
then discard the signing key.</li>
<li>The OEM Trusted App sends the signed message (with signature) back to
OEM Client App.</li>
</ol>
<p>In this entire process, the secret signing key is never released outside
of secure world.</p>
</div>
</div>
<div class="section" id="trusty-in-acrn">
<h2>Trusty in ACRN<a class="headerlink" href="#trusty-in-acrn" title="Permalink to this headline"></a></h2>
<p>ACRN is a flexible, lightweight reference hypervisor, built with
real-time and safety-criticality in mind, optimized to streamline
embedded development through an open source platform. In this
section, well focus on two major components:</p>
<ul class="simple">
<li>one is the basic idea of
secure world and insecure world isolation (so called one-vm,
two-worlds),</li>
<li>the other one is the secure storage virtualization in ACRN.</li>
</ul>
<p>See <a class="reference internal" href="../developer-guides/trusty.html#trusty-tee"><span class="std std-ref">Trusty TEE</span></a> for additional details of Trusty implementation in
ACRN.</p>
<div class="section" id="one-vm-two-worlds">
<h3>One-VM, Two-Worlds<a class="headerlink" href="#one-vm-two-worlds" title="Permalink to this headline"></a></h3>
<p>As previously mentioned, Trusty Secure Monitor could be any
hypervisor. In the ACRN project the ACRN hypervisor will behave as the
secure monitor to schedule in/out Trusty secure world.</p>
<div class="figure align-center" id="trusty-isolated">
<a class="reference internal image-reference" href="../_images/trustyacrn-image4.png"><img alt="../_images/trustyacrn-image4.png" src="../_images/trustyacrn-image4.png" style="width: 600px;" /></a>
</div>
<p>As shown in <a class="reference internal" href="#trusty-isolated"><span class="std std-numref">Figure 206</span></a> above, the hypervisor creates an
isolated secure world UOS to support a Trusty OS running in a UOS on
ACRN.</p>
<p><a class="reference internal" href="#trusty-lhs-rhs"><span class="std std-numref">Figure 207</span></a> below shows further implementation details. The RHS
(right-hand system) is such a secure world in which the Trusty OS runs.
The LHS (left-hand system) is the non-secure world system in which a
Linux-based system (e.g. Android) runs.</p>
<div class="figure align-center" id="trusty-lhs-rhs">
<a class="reference internal image-reference" href="../_images/trustyacrn-image7.png"><img alt="../_images/trustyacrn-image7.png" src="../_images/trustyacrn-image7.png" style="width: 600px;" /></a>
</div>
<p>The secure world is configured by the hypervisor so it has read/write
access to a non-secure worlds memory space. But non-secure worlds do
not have access to a secure worlds memory. This is guaranteed by
switching different EPT tables when a world switch (WS) Hypercall is
invoked. The WS Hypercall has parameters to specify the services cmd ID
requested from the non-secure world.</p>
<p>In the ACRN hypervisor design of the “one VM, two worlds”
architecture, there is a single UOS/VM structure per-UOS in the
Hypervisor, but two vCPU structures that save the LHS/RHS virtual
logical processor states respectively.</p>
<p>Whenever there is a WS (world switch) Hypercall from LHS, the hypervisor
copies the LHS CPU contexts from Guest VMCS to the LHS-vCPU structure
for saving contexts, and then copies the RHS CPU contexts from RHS-vCPU
structure to Guest VMCS. It then does a VMRESUME to RHS, and vice versa!
In addition, the EPTP pointer will be updated accordingly in the VMCS
(not shown in the picture above).</p>
</div>
<div class="section" id="secure-storage-virtualization">
<h3>Secure Storage Virtualization<a class="headerlink" href="#secure-storage-virtualization" title="Permalink to this headline"></a></h3>
<p>As previously mentioned, secure storage is one of the security services
provided by secure world (TEE/Trusty). In the current ACRN
implementation, secure storage is built in the RPMB partition in eMMC
(or UFS storage).</p>
<p>Currently the eMMC in the APL SoC platform only has a single RPMB
partition for tamper-resistant and anti-replay secure storage. The
secure storage (RPMB) is virtualized to support multiple guest UOS VMs.
Although newer generations of flash storage (e.g. UFS 3.0, and NVMe)
support multiple RPMB partitions, this article only discusses the
virtualization solution for single-RPMB flash storage device in APL SoC
platform.</p>
<p><a class="reference internal" href="#trusty-rpmb"><span class="std std-numref">Figure 208</span></a> shows an overview of the virtualization of secure storage
high-level architecture.</p>
<div class="figure align-center" id="trusty-rpmb">
<a class="reference internal image-reference" href="../_images/trustyacrn-image6.png"><img alt="../_images/trustyacrn-image6.png" src="../_images/trustyacrn-image6.png" style="width: 600px;" /></a>
</div>
<p>In <a class="reference internal" href="#trusty-rpmb"><span class="std std-numref">Figure 208</span></a>, the rKey (RPMB AuthKey) is the physical RPMB
authentication key used for data authenticated read/write access between
SOS kernel and physical RPMB controller in eMMC device. The VrKey is the
virtual RPMB authentication key used for authentication between SOS DM
module and its corresponding UOS secure software. Each UOS (if secure
storage is supported) has its own VrKey, generated randomly when the DM
process starts, and is securely distributed to UOS secure world for each
reboot. The rKey is fixed on a specific platform unless the eMMC is
replaced with another one.</p>
<p>In the current ACRN project implementation on an APL platform, the rKey
is provisioned by the BIOS (SBL) near the end of the platforms
manufacturing process. (The details of physical RPMB key (rKey)
provisioning are out of scope for this document.)</p>
<p>For each reboot, the BIOS/SBL retrieves the rKey from CSE FW (or
generated from a special unique secret that is retrieved from CSE FW),
and SBL hands it off to the ACRN hypervisor, and the hypervisor in turn
sends the key to the SOS kernel.</p>
<p>As an example, secure storage virtualization workflow for data write
access is like this:</p>
<ol class="arabic simple">
<li>UOS Secure world (e.g. Trusty) packs the encrypted data and signs it
with the vRPMB authentication key (VrKey), and sends the data along
with its signature over the RPMB FE driver in UOS non-secure world.</li>
<li>After DM process in SOS receives the data and signature, the vRPMB
module in DM verifies them with the shared secret (vRPMB
authentication key, VrKey),</li>
<li>If verification is success, the vRPMB module does data address
remapping (remembering that the multiple UOS VMs share a single
physical RPMB partition), and forwards those data to SOS kernel, then
kernel packs the data and signs it with the physical RPMB
authentication key (rKey). Eventually, the data and its signature
will be sent to physical eMMC device.</li>
<li>If the verification is successful in the eMMC RPMB controller, the
data will be written into the storage device.</li>
</ol>
<p>The work flow of authenticated data read is very similar to this flow
above in reverse order.</p>
<p>Note that there are some security considerations in this architecture:</p>
<ul class="simple">
<li>The rKey protection is very critical in this system. If the key is
leaked, an attacker can change/overwrite the data on RPMB, bypassing
the “tamper-resistant &amp; anti-replay” capability.</li>
<li>Typically, the vRPMB module in DM process of SOS system can filter
data access, i.e. it doesnt allow one UOS to perform read/write
access to the data from another UOS VM.
If the vRPMB module in DM process is compromised, a UOS could
change/overwrite the secure data of other UOSs.</li>
</ul>
<p>Keeping SOS system as secure as possible is a very important goal in the
system security design. In practice, the SOS designer and implementer
should obey these following rules (and more):</p>
<ul class="simple">
<li>Make sure the SOS is a closed system and doesnt allow users to
install any unauthorized 3rd party software or components.</li>
<li>External peripherals are constrained.</li>
<li>Enable kernel-based hardening techniques, e.g., dm-verity (to make
sure integrity of DM and vBIOS/vOSloaders), kernel module signing,
etc.</li>
<li>Enable system level hardening such as MAC (Mandatory Access Control).</li>
</ul>
<p>Detailed configurations and policies are out of scope in this article.
Good references for OS system security hardening and enhancement
include: <a class="reference external" href="http://docs.automotivelinux.org/master/docs/architecture/en/dev/reference/security/part-2/0_Abstract.html">AGL security</a>
and <a class="reference external" href="https://source.android.com/security/">Android security</a></p>
</div>
<div class="section" id="references">
<h3>References:<a class="headerlink" href="#references" title="Permalink to this headline"></a></h3>
<ul class="simple">
<li><a class="reference external" href="https://source.android.com/security/trusty/">Trusty TEE | Android Open Source Project</a></li>
<li><a class="reference external" href="https://android.googlesource.com/trusty/app/storage/">Secure Storage (Tamper-resistant and Anti-replay)</a></li>
<li><a class="reference external" href="https://elinux.org/images/3/3c/ACRN-brief2.pdf">Eddie Dong, ACRN: A Big Little Hypervisor for IoT Development</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<footer>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright 2019, Project ACRN.
Last updated on Mar 14, 2019.
</p>
</div>
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" data-toggle="rst-versions" role="note" aria-label="versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span class="fa fa-book"> Project ACRN</span>
v: 0.7
<span class="fa fa-caret-down"></span>
</span>
<div class="rst-other-versions">
<dl>
<dt>Versions</dt>
<dd><a href="/latest/">latest</a></dd>
<dd><a href="/0.6/">0.6</a></dd>
<dd><a href="/0.5/">0.5</a></dd>
<dd><a href="/0.4/">0.4</a></dd>
<dd><a href="/0.3/">0.3</a></dd>
<dd><a href="/0.2/">0.2</a></dd>
<dd><a href="/0.1/">0.1</a></dd>
</dl>
<dl>
<dt>On projectacrn.org</dt>
<dd>
<a href="https://www.projectacrn.org/">Project Home</a>
</dd>
<dd>
<a href="https://github.com/projectacrn/acrn-hypervisor/wiki">Wiki</a>
</dd>
</dl>
</div>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'v 0.7',
LANGUAGE:'None',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/acrn-custom.js"></script>
<script type="text/javascript" src="../_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink