https://github.com/tzvisor/ltzvisor

LTZVisor: a Lightweight TrustZone-assisted Hypervisor
https://github.com/tzvisor/ltzvisor

hypervisor trustzone

Last synced: 10 days ago
JSON representation

LTZVisor: a Lightweight TrustZone-assisted Hypervisor

• Host: GitHub
• URL: https://github.com/tzvisor/ltzvisor
• Owner: tzvisor
• License: other
• Created: 2017-09-09T11:54:44.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2018-04-29T23:55:40.000Z (about 6 years ago)
• Last Synced: 2024-03-02T05:37:57.805Z (4 months ago)
• Topics: hypervisor, trustzone
• Language: C
• Homepage:
• Size: 444 KB
• Stars: 73
• Watchers: 20
• Forks: 26
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING
  • License: LICENSE

Lists

• awesome-trustzone - tzvisor/ltzvisor - LTZVisor: a Lightweight TrustZone-assisted Hypervisor (EMULATOR)
• awesome-privacy-chinese - ltzvisor

README

        
LTZVisor

=========

Introduction

------------

LTZVisor is a lightweight TrustZone-assisted hypervisor. It allows the 

consolidation of two virtual machines (VMs), running each of them in 

an independent virtual world (secure and non-secure) supported by 

TrustZone-enabled processors. 

The secure world is tipically used for running a small TCB size VM, 

while the non-secure world is used for running a rich environment. 

  

For the Cortex-A series a tipical configuration encompasses 

running a RTOS as secure VM and a GPOS as non-secure VM.

For the new generation Cortex-M microcontrollers it can be used for 

running a bare metal application or a lightweight RTOS as secure VM 

side by side with a RTOS or an embedded OS for IoT as non-secure VM.  

**NOTE**: This is work in progress! Don't expect things to be complete. 

Use at your own risk.

Community Resources

-------------------

Project website:

 - http://www.tzvisor.org/

Project home:

 - https://github.com/tzvisor

 

LTZVisor source code:

 - https://github.com/tzvisor/ltzvisor

 

Mailing list:

	

 - [email protected]

 

Frequently Asked Questions (FAQ):

 - Please see [FAQ file](FAQ.md)

 

Contributing:

 - Please see [Contribution file](CONTRIBUTING)

Hardware requirements

------------

LTZVisor is limited by design to TrustZone-enabled ARM processors,

which include all Cortex-A series (ARMv7-A and ARMv8-A) and the 

new generation Cortex-M series (ARMv8-M):

 - ARM Cortex-A5 (ARMv7-A)

 - ARM Cortex-A7 (ARMv7-A)

 - ARM Cortex-A8 (ARMv7-A)

 - ARM Cortex-A9 (ARMv7-A)

 - ARM Cortex-A15 (ARMv7-A)

 - ARM Cortex-A17 (ARMv7-A)

 

 - ARM Cortex-A32 (ARMv8-A)

 - ARM Cortex-A35 (ARMv8-A)

 - ARM Cortex-A53 (ARMv8-A)

 - ARM Cortex-A57 (ARMv8-A)

 - ARM Cortex-A72 (ARMv8-A)

 - ARM Cortex-A73 (ARMv8-A)

 

 - ARM Cortex-M23 (ARMv8-M)

 - ARM Cortex-M33 (ARMv8-M)

LTZVisor has support for the following boards:

 - ARMv7-A

	* Xilinx Zynq-7000 All Programmable SoC ZC702 Evaluation Kit

	* ZedBoard Zynq-7000 ARM/FPGA SoC Development Board 

	* Zybo Zynq-7000 ARM/FPGA SoC Trainer Board 

	* PYNQ-Z1 Python Productivity for Zynq (on going)

	* i.MX 6QuadPlus SABRE Development Board (on going)

	

 - ARMv8-A

	* Xilinx Zynq UltraScale+ MPSoC ZCU102 Evaluation Kit (on going)

 

 

Software requirements

------------

For building LTZVisor a host system should exist. The host system 

must be endowed with an Operating Systems supporting a compilation 

toolchain. We strongly recommend the use of Linaro GNU Toolchain:

 - Ubuntu 12.04 and Linaro GNU Toolchain (7.1.1-2017.08)

	* arm-eabi-gcc 7.1.1 

	* arm-eabi-as 2.28.2

	* arm-none-eabi-ld 2.28.2

	* arm-none-eabi-objcopy 2.28.2 

Download: https://releases.linaro.org/components/toolchain/binaries/7.1-2017.08/arm-eabi/

LTZVisor was also tested under the following host 

configurations:

 - Ubuntu 12.04 and Sourcery G++ Lite Toolchain (2011.03-42)

	* arm-none-eabi-gcc 4.5.2 

	* arm-none-eabi-as 2.20.51

	* arm-none-eabi-ld 2.20.51 

	* arm-none-eabi-objcopy 2.20.51 

For Xilinx-based platforms LTZVisor was also tested under 

the following host configurations:	

 - Ubuntu 12.04 and Sourcery CodeBench Lite Toolchain (2012.09-105)

	* arm-xilinx-eabi-gcc 4.7.2

	* arm-xilinx-eabi-as 2.23.51 

	* arm-xilinx-eabi-ld 2.23.51 

	* arm-xilinx-eabi-objcopy 2.23.51 

 - Windows 10 and Sourcery CodeBench Lite Toolchain (2015.05-16)

	* arm-xilinx-eabi-gcc 4.9.2

	* arm-xilinx-eabi-as 2.24.51 

	* arm-xilinx-eabi-ld 2.24.51 

	* arm-xilinx-eabi-objcopy 2.24.51 

	

Guest Operating Systems

------------

LTZVisor supports the following guest operating systems:

 - Secure: FreeRTOS, bare metal

 - Non-secure: Linux, bare metal

Build & Compile

------------

For build LTZVisor, just run `make`:

	make 

	

The default configuration targets the ZedBoard platform, uses

the Sourcery G++ Lite Toolchain, and setup ups a system with two

bare metal VMs. 

Optionally it is possible to specify the target board:

 - Xilinx Zynq-7000 All Programmable SoC ZC702 Evaluation Kit:

	

	`make BOARD=ZC702`

 - ZedBoard Zynq-7000 ARM/FPGA SoC Development Board

 

	`make BOARD=ZEDBOARD`

 

 - Zybo Zynq-7000 ARM/FPGA SoC Trainer Board

 

	`make BOARD=ZYBO`

	

It is also possible to specify the cross compile toolchain as well

as the VMs configuration:

	make [BOARD=ZC702] [CROSS_COMPILE=arm-xilinx-eabi-] [S_GUEST=BARE_METAL] [NS_GUEST=BARE_METAL]

(Instructions explaining how to run FreeRTOS as secure guest-OS 

and Linux as non-secure guest-OS will be added soon).	

Demonstration

------------

Before power-on your board, please make sure that you copy the 

bootloader and LTZVisor binary images to the SD card . The bootloader

is provided in the LTZVisor source project under the folder "bootloader".

Each board as a specific bootloader. Also, please make sure that your 

board is configured to boot from the SD card.

1. Power-on your board;

2. Run any terminal and setup the serial port for 115200 bps (baud rate);

3. Stop the autoboot by hitting any key;

4. Type the following sequence of commands:

	- Xilinx Zynq-7000 All Programmable SoC ZC702 Evaluation Kit:

 

		`mmcinfo`

		

		`fatload mmc 0 0x3C000000 LTZVisor.bin`

		

		`go 0x3C000000` 

	- ZedBoard Zynq-7000 ARM/FPGA SoC Development Board:

 

		`mmcinfo`

		

		`fatload mmc 0 0x1C000000 LTZVisor.bin`

		

		`go 0x1C000000` 

	

	- Zybo Zynq-7000 ARM/FPGA SoC Trainer Board:

 

		`mmcinfo`

		

		`fatload mmc 0 0x1C000000 LTZVisor.bin`

		

		`go 0x1C000000` 

LTZVisor shall start immediately running! For the default system 

configuration (two bare metal VMs) the secure VM shall blink a 

set of LEDs every second, while the non-secure VM shall print 

"Hello World" messages. 

References

------------

 1. Sandro Pinto, Jorge Pereira, Tiago Gomes, Adriano Tavares, and Jorge Cabral. 

 "LTZVisor: TrustZone is the Key." In LIPIcs-Leibniz International Proceedings 

 in Informatics, vol. 76. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2017.

 

 2. Sandro Pinto, Daniel Oliveira, Jorge Pereira, Nuno Cardoso, Mongkol 

 Ekpanyapong, Jorge Cabral, and Adriano Tavares. "Towards a lightweight embedded 

 virtualization architecture exploiting ARM TrustZone." In Emerging Technology 

 and Factory Automation (ETFA), IEEE, pp. 1-4., 2014.