15

I am working on a project where I have a router with ARMv7 processor (Cortex A15) and OpenWRT OS. I have a shell on the router and can load kernel modules with insmod.

My goal is to write a kernel module in C which changes the HVBAR register and then executes the hvc instruction to get the processor in the hyp mode. This is a scientific project where I want to check if I can place my own hypervisor on a running system. But before I start to write my own hypervisor I want to check if and how I can bring the processor in the hyp mode.

According to this picture take from armv7-a manual B.9.3.4 the system must be in insecure mode, not in user mode and the SCR.HCE bit must be set to 1.

enter image description here

My question is how I can prepare the processor with a C kernel module and inline assembly and then execute the hvc instruction. I want to do this with a kernel module because then I start in PL1. This pseudocode describes what I want to achieve:

  1. call smc // to get in monitor mode
  2. set SRC.HCE to 1 // to enable hvc instruction
  3. set SRC.NS to 1 // to set the system to not secure
  4. call hvc #0 // call the hvc instruction to produce a hypervisor exception
rage
  • 1,045
  • 2
  • 10
  • 24
Coder
  • 151
  • 1
  • 3
  • It is very unclear what you want to archive. Do you want to write your own hypervisor and run openwrt or you want to from openwrt enter the hypersivor mode. If the latter IMO is not possible and wrong. – 0___________ Aug 06 '17 at 11:45
  • 1
    I have updated my question. My goal is to call the hvc instruction from a C program/kernel module. But before I can do this I need to enable the hvc instruction in the system. My question is how a minimal C kernel module with inline assembly can look that first enables the hvc instruction and then executes it. – Coder Aug 06 '17 at 19:07
  • 1
    See: [tag:trust-zone]. When changing from secure to normal, 90+% of the CP15 registers aren't set. Setting the CP15 registers is **NOT** a simple copy. Some registers must be set in order/sequences that should be investigated on a case by case basis. It is much better to have booted Linux from NORMAL mode in the first place. See: [TZ monitor mode and IFAR, IFSR...](https://stackoverflow.com/questions/22080918/trustzone-monitor-mode-and-ifar-ifsr-dfar-dfsr) for an inkling of your 'in-line' assembler. Contemplate changing linux-mm (MMU, caches, etc) under its feet. – artless noise Aug 10 '17 at 18:11

0 Answers0