How to emulate TrustZone in QEMU?

Question

I'm trying to emulate TrustZone features in Qemu. I've found two links that seems explain this process.

The First Reference doesn't attach the image kernel that supports TrustZone (where can I find it?)

The Second Reference explains how can I compile a kernel but it doesn't start with the command line written in the first website which is as follows

./arm-softmmu/qemu-system-arm -kernel $PATH_TO_KERNEL/zImage -M vexpress-a15 -cpu cortex-a15 -dtb PATH_TO_DTB/vexpress-v2p-ca15-tc1.dtb -m 1024 -append 'console=ttyAMA0,38400n8' -serial stdio -initrd $PATH_TO_INITRD/initrd.img

Is there an alternate way to run a TrustZone emulator?

Answer 1

With OP-TEE (an open source TEE) it's very easy to run TrustZone on QEMU. You have the entire stack running code from normal world user space and Linux kernel down to secure world, running both the TEE itself as well as Trusted Applications. QEMU + OP-TEE works on both ARMv7-A and ARMv8-A. If you want to try it out on a local PC I encourage that you head over to optee_os/README.md and follow the instructions in section 4.1, 5 (only QEMU related) and 6. All in all, we're talking about less than 10 commands in a shell and you'll have all the source code downloaded, compiled and everything up and running locally on your PC.

I wrote a blog post about why QEMU is a pretty good choice for doing TrustZone development.

Answer 2

You can have a look at the following link: https://github.com/OP-TEE/build and documentation (https://optee.readthedocs.io/building/gits/build.html) to build all the images and BSP needed to run Linux.

Is there an alternate way to run a TrustZone emulator?

Apart from QEMU, you can also have a look at Arm System Guidance which uses Fastmodel (https://developer.arm.com/ip-products/system-ip/reference-design). There is also a make recipe to build all the BSP needed.

Answer 3

Here I am able to run OP-TEE and Linux on QEMU.

Refer this link for more information: https://blooggspott.blogspot.com/2022/04/op-tee-3.html

Here the complete command:

#!/bin/sh

nc -z  127.0.0.1 54320 || /usr/bin/gnome-terminal -x ./soc_term.py 54320 &
nc -z  127.0.0.1 54321 || /usr/bin/gnome-terminal -x ./soc_term.py 54321 &
while ! nc -z 127.0.0.1 54320 || ! nc -z 127.0.0.1 54321; do sleep 1; done

./qemu-system-aarch64 \
    -nographic \
    -serial tcp:localhost:54320 -serial tcp:localhost:54321 \
    -smp 2 \
    -s -S -machine virt,secure=on,gic-version=2,virtualization=false \
    -cpu cortex-a57 \
    -d unimp -semihosting-config enable=on,target=native \
    -m 1057 \
    -bios bl1.bin       \
    -initrd rootfs.cpio.gz \
    -kernel Image -no-acpi \
    -append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2 ' \
     \
    -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 -fsdev local,id=fsdev0,path=./shared_folder,security_model=none -device virtio-9p-device,fsdev=fsdev0,mount_tag=host -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic