distributionsportmap

CopyrightSamsungElectronicsCo.
,Ltd.
2008SecureXenonARMUser'sGuideSecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
2008IIRevisionHistoryVersionDateRevisedcontents1.
02008-06-11Initialrevision1.
12008-12-10AddingguideaboutXenLinux,Xen-tool,andanotherplatformsupportDocumentInformation-Pages:28pagesContactInformation&CopyrightSamsungElectronicsCo.
,Ltd.
14-1,Nongseo-dong,Giheung-gu,Yongin-si,Gyeonggi-doKorea446-712Contactus:sbuk.
suh@samsung.
comCopyright2008SamsungElectronicsCo,Ltd.
AllRightsReserved.
Thougheverycarehasbeentakentoensuretheaccuracyofthisdocument,SamsungElectronicsCo,Ltd.
cannotacceptresponsibilityforanyerrorsoromissionsorforanylossoccurredtoanyperson,whetherlegalornatural,fromacting,orrefrainingfromaction,asaresultoftheinformationcontainedherein.
Informationinthisdocumentissubjecttochangeatanytimewithoutobligationtonotifyanypersonofsuchchanges.
SamsungElectronicsCo,Ltd.
mayhavepatentsorpatentpendingapplications,trademarkscopyrightsorotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.
Thefurnishingofthisdocumentdoesnotgivetherecipientorreaderanylicensetothesepatents,trademarkscopyrightsorotherintellectualpropertyrights.
Nopartofthisdocumentmaybecommunicated,distributed,reproducedortransmittedinanyformorbyanymeans,electronicormechanicalorotherwise,foranypurpose,withoutthepriorwrittenpermissionofSamsungElectronicsCo,Ltd.
Thedocumentissubjecttorevisionwithoutfurthernotice.
Allbrandnamesandproductnamesmentionedinthisdocumentaretrademarksorregisteredtrademarksoftheirrespectiveowners.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
2008IIITableofContents1.
Introduction11.
1.
Overview11.
2.
Environment.
12.
DeploymentProcedure22.
1.
PreparationofDeployment22.
1.
1.
CrossToolchain.
22.
1.
2.
TftpService22.
1.
3.
TerminalEmulator.
22.
2.
SecureXenonARMandXenLinuxBuild32.
2.
1.
SecureXenonARMBuildProcedure.
32.
2.
2.
XenLinuxBuildProcedure52.
2.
3.
Xen-toolBuildProcedure52.
3.
DeployingSecureXenonARMtoTargetPlatform.
62.
3.
1.
WritingDom0'sRootFileSystemtoNORFlashMemory62.
4.
RunningXenandXenLinux.
62.
4.
1.
BootingXenandDom062.
4.
2.
BootingDom1.
102.
4.
3.
SwichaForegroundDomain.
132.
4.
4.
xenconsole143.
HowtoEnableSecurityFeatures163.
1.
WhymodifybootloaderforSecureXenonARM163.
1.
1.
Secureboot163.
1.
2.
Securityinformationtransfer.
163.
2.
Detaileddescriptionaboutbootloaderoperation163.
2.
1.
Initialization163.
2.
2.
ToloadSecureXenonARMandDom0binaryimagestopredefinedmemorylocations173.
2.
3.
ToverifySecureXenonARMbinaryimage.
173.
2.
4.
TocalltheSecureXenonARMbinaryimagewithaparameter.
173.
3.
DatastructuretobetransferredfrombootloadertoSecureXenonARM.
.
.
.
.
.
.
173.
4.
Descriptionaboutcryptographiclibrary.
183.
4.
1.
Overview183.
4.
2.
APIsforcryptographiclibrary.
18Appendix22A.
1.
NewhypercallsforSecureXenonARM.
22A.
2.
Anotherplatformsupport.
22A.
3.
Credit.
24SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
2008IVOverviewPurposeThisdocumentdescribestheprocedureofsettingupadevelopmentenvironmentforSecureXenonARMsolution,buildingthesolution,deployingittoarealtarget,andbootingitforcreatingVMs.
Terminology&AcronymsTermDescriptionVMMVirtualMachineMonitorVMVirtualMachineXenLinuxLinuxkernelwithpatchesappliedsothatitwillrunonthevirtualarchitecturepresentedbytheSecureXenonARMratherthanonrealhardwareDom0PrivilegeddomainconstructedbySecureXenonARMatinitialstart-uptime.
Dom1UnprivilegeddomainconstructedbyDom0.
HIDHumanInterfaceDeviceXenstoreInformationstoragespacesharedbetweendomainsForegrounddomainAmongrunningdomains,thedomainwhichcurrentlyinteractwithHID.
(e.
g.
theGUIofforegrounddomainisshowninLCD.
)References1.
ARMLtd.
,ARM926EJ-STechnicalReferenceManual,r0p4/r0p52.
FreescaleSemiconduct,"i.
MX21ApplicationProcessorReferenceManual,"Rev.
2,20053.
XenInterfaceManualhttp://www.
cl.
cam.
ac.
uk/Research/SRG/netos/xen/readmes/interface/interface.
html4.
"SecureArchitectureandImplemationofXenonARMforMobileDevices",SangbumSuh,presentedatXensummitSpring2007,IBMTJWatsonhttp://www.
xen.
org/xensummit_4/Secure_Xen_ARM_xen-summit-04_07_Suh.
pdf5.
"XenonARM:SystemVirtualizationUsingXenHypervisorforARM-BasedSecureMobilePhones",Joo-YoungHwanget.
al.
,InProceedingsofthe5thAnnualIEEEConsumerCommunications&NetworkingConference,USA,January2008.
6.
"AMulti-LayerMandatoryAccessControlMechanismforMobileDevicesBasedonVirtualization,"Sung-MinLee,Sang-bumSuh,BokdeukJeong,SangdokMo,InProceedingsofthe5thAnnualIEEEConsumerCommunications&NetworkingConference,USA,January2008.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200811.
Introduction1.
1.
OverviewXenisanopensourceVMMoriginatedasaresearchprojectattheUniversityofCambridge.
Itsfirstversion,1.
0,cameoutin2003andnowtheversionhasreachedto3.
3.
ThevirtualizationtechniqueadoptedbyXenispara-virtualizationwhichrequiresoperatingsystemmodification.
SecureXenonARMisanARMportofthex86versionofXen-3.
0.
2-2plussecurityfeaturesinXen.
ItallowsthesimultaneousexecutionofmultipleoperatingsystemsandtheirlegacyapplicationsoftwarestacksonasingleARMcore-basedsystem-on-chip.
EachguestOSinstancerunsintheirownOSpartitioncalled"domain"andtheOSpartitionsaresecurelyisolatedfromeachother.
TheoriginalXensolutioncomeswithmanyuser-landutilities.
Wehaveportedmostcorecomponentsuchasxend,xenstore,xmandxenconsole.
Notes:ThecurrentversionofSecureXenonARMonlysupports"staticpartitioning"ofsystemmemory,whichmeansthatthenumberofguestdomainsandtheamountofmemoryallocatedtotheguestdomainsisfixedatcompiletime.
YouhavetoconfiguresystemmemorypartitioningproperlybeforebuildingSecureXenonARM.
Theshadowpagetableandthewritablepagetablearenotincludedinthisrelease.
1.
2.
EnvironmentThedevelopmentenvironmentofSecureXenonARMisasfollows:HostOS:FedoraCore6isrecommended.
OtherLinuxdistributionsarenottested.
Compiler:GCC-3.
4orhigherTargetHW:FreescaleM9328MX21ADSboardSecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200822.
DeploymentProcedure2.
1.
PreparationofDeployment2.
1.
1.
CrossToolchainThegcc3.
4.
4andglibc2.
3.
5isusedforcross-compilation.
Youcandownloaditatthefollowinglinks:http://www.
ertos.
nicta.
com.
au/downloads/tools/arm-linux-3.
4.
4.
tar.
gzhttp://www.
ertos.
nicta.
com.
au/downloads/tools/arm-linux-3.
4.
4.
tar.
bz22.
1.
2.
TftpServiceYoucandownloadbinaryfilesfromhostPCtotargetbyusingtftp.
IftftpserviceisnotconfiguredinhostPC,installandsetupatftpservicefirst.
#yuminstalltftp#yuminstalltftp-server#vi/etc/xinetd.
d/tftpServicetftp{socket_type=dgramprotocol=udpwait=yesuser=rootserver=/usr/sbin/in.
tftpdserver_args=-s/tftpbootdisable=noper_source=11cps=1002flags=IPv4}#mkdir/tftpboot#servicexinetdrestartFigure2-1.
ConfiguringtftpserviceNote:InstallingtftpserverandenablingtftpservicecanbedifferentdependingonyourhostPCenvironment.
2.
1.
3.
TerminalEmulatorYoucanaccesstothetargetbyusingaterminalprogram.
'Minicom'isoneofthepopularterminalprogramsrunninginLinuxPC.
Herewe'llexplainaboutserialportset-upinMinicom.
Youcanalsouseotherterminalprogramssuchas'HyperTerminal'inWindowsPC.
1.
Executeaminicomonsettingmode.
#minicom-s2.
Select'Serialportsetup'menuandsetuptheparametersasinFigure2-2.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
20083Figure2-2.
MinicomConfiguration2.
2.
SecureXenonARMandXenLinuxBuild2.
2.
1.
SecureXenonARMBuildProcedure1.
GotothesourcedirectoryofSecureXenonARM.
(Assumption:$(XEN_ROOT)isrootdirectoryofSecureXenonARMsource.
)#cd$(XEN_ROOT)2.
GetonwiththetaskofconfiguringtheSecureXenonARM.
WhenyoudothemakemenuconfigtoconfiguretheSecureXenonARM,don'tforgettocheckthesystemtypethatissuitableforyourtargetboard.
#makemenuconfigGeneralSetup--->[]optimizeforsize[]UseAEMEABItocompiletheSecureXenonARMSystemType--->Selecttargetplatform(Freescalei.
MX21ADSboard)--->(X)Freescalei.
MX21ADSboard()Androidemulatorboard(Goldfish)()ARMversatile_pbCustomizeMemoryMap--->(0xFF000000)HypervisorvirtualaddressSecuritySupport--->[]SecuritysupportSecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
20084DebuggingandprofilingSupport--->[]DebuggingandProfilingSupportFigure2-3.
SecureXenonARMConfigurationNote:IfyouintendtouseacompilerwithsupportofEABI,enablethecorrespondingoption,"GeneralSetup->UseEABItocompiletheSecureXenonARM",inmenuconfig.
3.
Regardingeachguestdomain,configurethesizeofsystemmemoryandramdisk,andthemaximumsizeofkernelimagefileinmenuconfig.
SecureXenonARMdecidesthenumberofrunnabledomainsandtheirmemorysizesatcompiletime.
GeneralSetup--->SystemType--->CustomizeMemoryMap--->(0xFF000000)HypervisorvirtualaddressDomainMemorySize--->(0x02000000)domain0memorysize(includingxenmemorysize:2MB)(0x01000000)domain1memorysize(NEW)(0x01000000)domain2memorysize(NEW)(0x00000000)domain3memorysize(NEW)ImageMaxSize--->(0x00400000)domain0imagemaxsize(NEW)(0x00400000)domain1imagemaxsize(NEW)(0x00400000)domain2imagemaxsize(NEW)(0x00400000)domain3imagemaxsize(NEW)RamDiskSize--->(0x00400000)domain0ramdisksize(NEW)(0x00400000)domain1ramdisksize(NEW)(0x00400000)domain2ramdisksize(NEW)(0x00400000)domain3ramdisksize(NEW)SecuritySupport--->DebuggingandprofilingSupport--->Figure2-4.
MemoryPartitioningDomainMemorySize:thesizeofmemoryallocatedtoguestdomainImageMaxSize:theupperlimitofkernelimagesizeofguestdomain.
(TheimagesizeshouldbesmallerthantheImageMaxSize.
)RamDiskSize:thesizeoframdisk.
(Itisignoredunlessramdiskisused.
)4.
SetcompilerprefixinMakefile.
CROSS_COMPILE=arm-linux-5.
CompiletheSecureXenonARMbyexecuting'makexen'command.
#makexenSecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200856.
Thenxen-binfileiscreatedin$(XEN_ROOT)/xen.
Copyittotherootdirectoryoftftpserver,$(TFTP_ROOT).
#cp$(XEN_ROOT)/xen/xen-bin$(TFTP_ROOT)2.
2.
2.
XenLinuxBuildProcedure1.
DownloadLinuxkernel2.
6.
21.
1tarballandextractit.
(Assumption:$(LINUX_ROOT)isrootdirectoryofthekernel.
)2.
PatchthekernelandcreatesymboliclinktorefertoSecureXenonARM'sheaderfiles.
#cd$(LINUX_ROOT)#cp$(XEN_ROOT)/linux-spase/*.
/#cd$(LINUX_ROOT)/include/xen#ln-s$(XEN_ROOT)/xen/include/public.
/interface3.
CompileXenLinux.
ThenthekernelimagefilesofDom0andDom1(vmlinux.
out0andvmlinux.
out1)arecreatedin$(LINUX_ROOT).
#.
/do_compile.
sh4.
Copybothvmlinux.
out0andvmlinux.
out1filesto$(TFTP_ROOT).
#cp$(LINUX_ROOT)/vmlinux.
out*$(TFTP_ROOT)2.
2.
3.
Xen-toolBuildProcedure1.
First,buildARM-Linuxpythoninterpreter.
(Python2.
4.
3_xcompile.
patchfileisin$(XEN_ROOT)/tools/arm_pythondirectory.
)#patch–p12.
LoadDom0'srootfilesystemimagefiletotargetmemory.
Samsung:mx21ads>setserverip$(IPaddressofthetftpserver)Samsung:mx21ads>setipaddr$(IPaddressofthetarget)Samsung:mx21ads>tftp0xc1000000$(nameofDom0rootfilesystemfile)3.
WritetheimagefiletoP2partitionofNOR.
Samsung:mx21ads>protectoffallSamsung:mx21ads>erase0xc90000000xc9ffffffSamsung:mx21ads>cp.
b0xc10000000xc9000000$filesizeSamsung:mx21ads>protectonall2.
4.
RunningXenandXenLinux2.
4.
1.
BootingXenandDom01.
Turnontargetboardandswitchtothepromptmode.
2.
LoadtheSecureXenonARMbinaryandDom0'skernelimagefiletotargetmemory.
A.
tftp0xc0008000xen-binB.
tftp0xc1c00000vmlinux.
out0SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
20087Note:DependingonthememorysizeofDom0,theaddresswherevmlinux.
out0isloadedvaries.
3.
ExecutetheSecureXenonARM.
lA.
go0xc0008000Note:Incurrentconfiguration,Xen-binshouldbeloadedat0xc0008000andvmlinux.
out0shouldbeat0xc1c00000.
U-bootFlashpart:manuf=0x1id1=0x227eid2=0x2218id3=0x2200Flash:32MBNAND:MX2NAND:8-biti/omodeNANDdevice:ManufacturerID:0xec,ChipID:0x36(Samsungmx2nand)64MiBIn:serialOut:serialErr:serialTointerruptautoboot,pressspace-bar.
.
.
(3secdelay)TFTPfromserver169.
254.
100.
1;ourIPaddressis169.
254.
100.
2Filename'xen-bin'.
Loadaddress:0xc0008000Loading:doneBytestransferred=226584(37518hex)TFTPfromserver169.
254.
100.
1;ourIPaddressis169.
254.
100.
2Filename'vmlinux.
out0'.
Loadaddress:0xc1c00000Loading:doneBytestransferred=2475584(25c640hex)##Startingapplicationat0xC0008000.
.
.
SecureXenOnARM[XEN][XEN]Xen/ARMvirtualmachinemonitorforARMarchitecture[XEN]Copyright(C)2007SamsungElectronicsCo,Ltd.
AllRightsReserved.
[XEN]Usingscheduler:BorrowedVirtualTime(bvt)[XEN]***LOADINGDOMAIN:0***[XEN]PhysicalMemoryArrangement:c0200000->c2000000[XEN]VIRTUALMEMORYARRANGEMENT:[XEN]Loadedkernel:c0008000->c032d444[XEN]Init.
ramdisk:c032e000->c032e000[XEN]Phys-Machmap:c032e000->c0335800[XEN]Startinfo:c0336000->c0337000[XEN]Pagetables:c0338000->c034e000[XEN]Bootstack:c034e000->c034f000[XEN]TOTAL:c0000000->c1e00000[XEN]ENTRYADDRESS:c0008000[XEN][TODO]dmachannelaccesspermission,inconstruct_dom0()[XEN][dom0]XenStartinfo:Dom0[dom0]Magic:xen-3.
0-arm_32[dom0]TotalPagesallocatedtothisdomain:7680[dom0]MACHINEaddressofsharedinfostruct:0x3222228992x[dom0]VIRTUALaddressofpagedirectory:0xc0338000SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
20088[dom0]Numberofbootstrapp.
t.
frames:22[dom0]VIRTUALaddressofpage-framelist:0xc032e000[dom0]VIRTUALaddressofpre-loadedmodule:0x0[dom0]Size(bytes)ofpre-loadedmodules:0[dom0]minmfn(min_pageinxen):786432[dom0]Command-LinuxAddress:0xc0336054[dom0]Command-LineString:[dom0]GuestPHYS_OFFSET:0xc0200000[dom0]sethypervisorsetcallback[dom0]noproblem[dom0]noproblem,sharedinfoaddressis:c0009000Linuxversion2.
6.
21.
1(root@dh.
vmm)(gccversion3.
4.
4)#6ThuNov1316:38:52KST2008CPU:ARM926EJ-S[41069264]revision4(ARMv5TEJ),cr=00000000Machine:FreescaleIMX21ADSMemorypolicy:ECCdisabled,DatacachewritebackBuilt1zonelists.
Totalpages:7620Kernelcommandline:console=ttyS0,115200root=/dev/mtdblock2rootfstype=jffs2PIDhashtableentries:128(order:7,512bytes)Console:colourdummydevice80x30Dentrycachehashtableentries:4096(order:2,16384bytes)Inode-cachehashtableentries:2048(order:1,8192bytes)Memory:30MB=30MBtotalMemory:27040KBavailable(2684Kcode,421Kdata,112Kinit)Mount-cachehashtableentries:512CPU:Testingwritebuffercoherency:okNET:Registeredprotocolfamily16xenbus_probe_initinvoking!
backendXENBUS:EventChannelforXenstore:2xs_initinvoking!
Bluetooth:Corever2.
11NET:Registeredprotocolfamily31Bluetooth:HCIdeviceandconnectionmanagerinitializedBluetooth:HCIsocketlayerinitializedNET:Registeredprotocolfamily2IProutecachehashtableentries:1024(order:0,4096bytes)TCPestablishedhashtableentries:1024(order:1,8192bytes)TCPbindhashtableentries:1024(order:0,4096bytes)TCP:Hashtablesconfigured(established1024bind1024)TCPrenoregisteredNetWinderFloatingPointEmulatorV0.
97(doubleprecision)JFFS2version2.
2.
(NAND)(C)2001-2006RedHat,Inc.
fuseinit(APIversion7.
8)ioschedulernoopregisteredioscheduleranticipatoryregisteredioschedulerdeadlineregisteredioschedulercfqregistered(default)i.
MXFramebufferdriverFramebufferSSA=c0680000gw:i.
MXFramebufferdriver[SY]GWSAR=c067e000Serial:IMXdriverimx-uart.
0:ttyS0atMMIO0xe000a000(irq=20)isaIMXimx-uart.
1:ttyS1atMMIO0xe000b000(irq=19)isaIMXloop:loaded(max8devices)cs89x0:cs89x0_probe(0x0)cs89x0.
c:v2.
4.
3-pre1RussellNelson,AndrewMortoneth0:cs8900revKfoundat0xec000300[CirrusEEPROM]cs89x0mediaRJ-45,IRQ203,programmedI/O,MAC00:04:9f:00:64:78cs89x0_probe1()successfulcs89x0:cs89x0_probe(0x0)cs89x0:request_region(0xec000300,0x10)failedcs89x0:nocs8900orcs8920detected.
BesuretodisablePnPwithSETUPSecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
20089Probingflash00atphysicaladdress0xc8000000(32-bitbankwidth)flash00:Found2x16devicesat0x0in32-bitbankAmd/FujitsuExtendedQueryTableat0x0040flash00:CFIdoesnotcontainbootbanklocation.
Assumingtop.
numberofCFIchips:1cfi_cmdset_0002:Disablingerase-suspend-programduetocodebrokenness.
DetectedSpansionS29WS128Nflashchips.
Eraseblocksizeis0x40000mx2ads:usingcommandlinepartitiondefinitionCreating3MTDpartitionson"flash00":0x00000000-0x00100000:"bootloader"0x00100000-0x00500000:"KernelImagePartition"0x00500000-0x02000000:"Dom0RootFilesystem"mice:PS/2mousedevicecommonforallmiceinput:KeypadforFreescale-Suzhouas/class/input/input0KppDriver1.
0.
0,forFreescale-SuzhouPenDriver0.
4.
0,MotorolaSPS-Suzhoui2c/deventriesdriver[dom0]Setupi2c_imxdriverstructure[dom0]init_waitqueue_head(&i2c_imx->queue)[dom0]platform_set_drvdata(pdev,i2c_imx)[dom0]ret=request_irq(dom0]0[dom0]i2c_set_adapdata()[dom0]i2c_imx_set_clk()[dom0]hclk=imx_get_hclk()[dom0]desired_div=1440[dom0]writeb()[dom0]disable_delay=11[dom0]writeb()[dom0]imx_gpio_mode()[dom0]imx_gpio_mode()[dom0]writeb()[dom0]writeb()[dom0]ret=i2c_add_adapter()=>[dom0]0Bluetooth:HCIUARTdriverver2.
2Bluetooth:HCIBCSPprotocolinitializedEvent-channeldeviceinstalled.
nf_conntrackversion0.
5.
0(240buckets,1920max)ip_tables:(C)2000-2006NetfilterCoreTeamTCPcubicregisteredNET:Registeredprotocolfamily1NET:Registeredprotocolfamily17BridgefirewallingregisteredBluetooth:L2CAPver2.
8Bluetooth:L2CAPsocketlayerinitializedBluetooth:RFCOMMsocketlayerinitializedBluetooth:RFCOMMver1.
8Bluetooth:BNEP(EthernetEmulation)ver1.
2VFS:Mountedroot(jffs2filesystem)readonly.
initstarted:BusyBoxv1.
00(2006.
03.
28-11:05+0000)multi-callbinarymount:/etc/mtab:Read-onlyfilesystemcat:WriteError:Nospaceleftondevice***Runningrc.
modules***Runningrc.
serial***Runningrc.
xen***AttemptingtostartS05syslogStarting/sbin/syslogdDoneStarting/sbin/klogdDone***AttemptingtostartS20networkSettinguplinkforloopbackDoneSettinguplinkforeth0SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200810eth0:usinghalf-duplex10Base-T(RJ-45)Done***AttemptingtostartS23portmapStarting/sbin/portmapDone***Runningrc.
localsamsunglogin:rootPassword:BusyBoxv1.
00(2006.
03.
28-11:05+0000)Built-inshell(ash)Enter'help'foralistofbuilt-incommands.
#Figure2-6.
ConsolemessageafterbootingSecureXenonARMandDom02.
4.
2.
BootingDom11.
Startxenstoreandxend.
#exportPATH=$PATH:/usr/local/xen-tools/bin:/usr/local/xen-tools/sbin:/usr/local/arm-python/bin#exportLD_LIBRARY_PATH=/usr/local/arm-python/lib:/usr/local/xen-tools/lib#mkdir-p/var/run/xenstored/;rm/var/lib;mkdir-p/var/lib/xenstored/;mkdir-p/var/lib/xend/#xendstart#xenconsoledDownloadDom1'sXenLinuxkernelimagefile(vmlinux.
out1)fromhostPCtoadirectoryofDom0'srootfilesystem.
(Hereweassumethedirectoryis/images.
)2.
LaunchDom1.
#xmcreate/etc/xen/dom1Note:ToseeDom1'sbootingmessage,refertoin2.
4.
33.
CheckthatDom1isregistedinxenstorewithxenstore-lsandseeDom1'sstatewithxentop.
#xenstore-ls#xentop#xmcreate/etc/xen/dom1Usingconfigfile"/etc/xen/dom1".
privcmd_ioctl,virualaddress:40748000,mfn:c2c00npages:400***LOADINGDOMAIN:1***[XEN]PhysicalMemoryArrangement:c2000000->c3000000[XEN]VIRTUALMEMORYARRANGEMENT:[XEN]Loadedkernel:c0008000->c02c3d78[XEN]Init.
ramdisk:c02c4000->c02c4000[XEN]Phys-Machmap:c02c4000->c02c8000[XEN]Storemfn:c02c8000->c02c9000[XEN]Consolemfn:c02c9000->c02ca000SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200811[XEN]Startinfo:c02ca000->c02cb000[XEN]Pagetables:c02cc000->c02db000[XEN]Bootstack:c02db000->c02dc000[XEN]TOTAL:c0000000->c1000000[XEN]ENTRYADDRESS:c0008000[XEN]store_mfnphysicaladdresc22c8000[XEN]console_mfnphysicaladdresc22c9000[XEN][TODO]dmachannelaccesspermission,inconstruct_guest_dom()privcmd_ioctl,virualaddress:40018000,mfn:c22c8npages:1fbsetback_probecalledfbsetback_probe:be->fbsetif=0xc0b728a0privcmd_ioctl,virualaddress:40016000,mfn:c22c9npages:1[XEN][dom1]XenStartinfo:[dom1]Magic:xen-3.
0-arm_32[dom1]TotalPagesallocatedtothisdomain:4096[dom1]MACHINEaddressofsharedinfostruct:0x3222208512x[dom1]VIRTUALaddressofpagedirectory:0xc02cc000[dom1]Numberofbootstrapp.
t.
frames:15[dom1]VIRTUALaddressofpage-framelist:0xc02c4000[dom1]VIRTUALaddressofpre-loadedmodule:0x0[dom1]Size(bytes)ofpre-loadedmodules:0[dom1]minmfn(min_pageinxen):786432[dom1]Command-LinuxAddress:0xc02ca054[dom1]Command-LineString:[dom1]GuestPHYS_OFFSET:0xc2000000[dom1]sethypervisorsetcallback[dom1]noproblem[dom1]noproblem,sharedinfoaddressis:c000a000Starteddomaindom1#[dom1]xencons_open:c0ca8000[dom1]xencons_open:c0ca8000[dom1]xencons_open:c0ca8000[dom1]xencons_open:c0ca8000[dom1]xencons_open:c0ca8000[dom1]xencons_open:c0ca8000#Figure2-7.
ConsolemessageafterbootingDom1#.
/xenstore-lstool=""xenstored=""vm=""00000000-0000-0000-0000-000000000000=""ssidref="1074925120"uuid="00000000-0000-0000-0000-000000000000"on_reboot="restart"on_poweroff="destroy"name="Domain-0"vcpus="1"vcpu_avail="1"memory="30"on_crash="restart"maxmem="30"921be47f-ce3f-7720-c4e7-e1f9c05e1cb1=""image="(linux(kernel/images/vmlinux.
out1))"ostype="linux"kernel="/images/vmlinux.
out1"cmdline=""ramdisk=""ssidref="0"uuid="921be47f-ce3f-7720-c4e7-e1f9c05e1cb1"SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200812on_reboot="restart"start_time="45.
146142"on_poweroff="destroy"name="dom1"vcpus="1"vcpu_avail="1"memory="16"on_crash="restart"maxmem="16"local=""domain=""0=""cpu=""0=""availability="online"memory=""target="30720"name="Domain-0"console=""limit="1048576"vm="/vm/00000000-0000-0000-0000-000000000000"domid="0"backend=""vkpp=""1=""1=""frontend-id="1"domain="dom1"ssa="0"state="4"frontend="/local/domain/1/device/vkpp/1"vfb=""1=""1=""frontend-id="1"domain="dom1"frontend="/local/domain/1/device/vfb/1"state="4"1=""device=""vkpp=""1=""virtual-device="1"backend-id="0"state="4"backend="/local/domain/0/backend/vkpp/1/1"ring-ref="9"event-channel="6"vfb=""1=""state="4"backend-id="0"backend="/local/domain/0/backend/vfb/1/1"ring-ref="8"event-channel="5"console=""ring-ref="795337"port="2"limit="1048576"tty="/dev/pts/0"name="dom1"vm="/vm/921be47f-ce3f-7720-c4e7-e1f9c05e1cb1"domid="1"cpu=""SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
2008130=""availability="online"memory=""target="16384"store=""ring-ref="795336"port="1"#Figure2-8.
xenstore-lsFigure2-9.
xentop2.
4.
3.
SwichaForegroundDomainInordertoswitchaforegrounddomainamongtheguestdomains(Dom0andDom1),youmightjustusethemagickeyintarget'skeypad.
Currentlythemagickeyisassignedtothe"SW26"buttononkeypadmodule.
Whenitispressed,theforegrounddomainchangeoccurs.
TheGUIofforegrounddomainisdisplayedinLCDpanel.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200814Figure2-10.
Switchingforegrounddomain2.
4.
4.
xenconsoleWhenyouwanttoseetheconsolemessageofDom1,youcanusexenconsoleapplicationinDom0asfollows:#xenconsole1ThenyoucanuseDom1'sconsole.
Byinputting'ctrl'and']'keysinkeyboardsimultanesously('ctrl'youcangetbacktoDom0'sconsole.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200815#ps-xPIDUidVmSizeStatCommand1root556Sinit2rootSWN[ksoftirqd/0]3rootSWportmap760root864S-sh785rootSW[]optimizeforsize[]UseAEMEABItocompiletheSecureXenonARMSystemType--->Selecttargetplatform(Freescalei.
MX21ADSboard)--->()Freescalei.
MX21ADSboard(X)Androidemulatorboard(Goldfish)SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200823()ARMversatile_pbCustomizeMemoryMap--->(0xFF000000)HypervisorvirtualaddressSecuritySupport--->[]SecuritysupportDebuggingandprofilingSupport--->[]DebuggingandProfilingSupportAnd$(XEN_ROOT)/Config.
mkfileshouldbemodifiedtoconfigure$(XEN_TARGET_SUBARCH).
#XEN_TARGET_SUBARCH=imx21XEN_TARGET_SUBARCH=goldfish#XEN_TARGET_SUBARCH=versatileIncaseofGoldfishplatform,followthebelowstepsfortargetdeployment.
1.
BuildAndroidemulator.
($(ANDROID_EMUL)istherootdirectoryofAndroidemulatorsourcecodes.
)>tarxvjfandroid-emulator-xen_arm-081120.
tar.
bz2>cd$(ANDROID_EMUL)>.
/build-emulator.
sh2.
BuildSecureXenonARM.
>cd$(XEN_ROOT)>makemenuconfig>makexen>cpxen/xen-bin$(ANDROID_EMUL)/images/kernel-qemu3.
Buildmini-OS.
>cd$(XEN_ROOT)/extras/mini-os-arm/>make>cpmini-os.
elf$(ANDROID_EMUL)/4.
LaunchtheSecureXenonARMontheGoldfish.
>cp$(XEN_ROOT)/xen/xen-bin$(ANDROID_EMUL)>.
/run.
sh5.
Opendebugconsoleandchecktheconsolemessage.
SecureXenonARMUser'sGuideCopyrightSamsungElectronicsCo.
,Ltd.
200824A.
3.
CreditSangbumSuh(sbuk.
suh@samsung.
com)JooyoungHwang(jooyoung.
hwang@samsung.
com)SungminLee(sung.
min.
lee@samsung.
com)ChanjuPark(bestworld@samsung.
com)SungkwanHeo(sk.
heo@samsung.
com)SangdokMo(sd.
mo@samsung.
com)JaeminRyu(jy0922.
shim@samsung.
com)BokdeukJung(bd.
jeong@samsung.
com)JunghyunYoo(yjhyun.
yoo@samsung.
com)MinsungJang(minsung.
jang@samsung.
com)JoonyoungShim(jy0922.
shim@samsung.
com)DonghyukLee(dh5050.
lee@samsung.
com)InkiDae(inki.
dae@samsung.
com)YonghoHwang(yongh.
hwang@samsung.
com)JaechulLee(galaxyra@empal.
com)SunghyunJo(linu@nate.
com)Jin-MoSung(feeljuin@gmail.
com)Jeong-SeokYang(dasomoli@gmail.
com)