Document Open Access Logo

LTZVisor: TrustZone is the Key

Authors Sandro Pinto, Jorge Pereira, Tiago Gomes, Adriano Tavares, Jorge Cabral

PDF
Thumbnail PDF

File

LIPIcs.ECRTS.2017.4.pdf
  • Filesize: 4.61 MB
  • 22 pages

Document Identifiers

Author Details

Sandro Pinto
Jorge Pereira
Tiago Gomes
Adriano Tavares
Jorge Cabral

Cite As Get BibTex

Sandro Pinto, Jorge Pereira, Tiago Gomes, Adriano Tavares, and Jorge Cabral. LTZVisor: TrustZone is the Key. In 29th Euromicro Conference on Real-Time Systems (ECRTS 2017). Leibniz International Proceedings in Informatics (LIPIcs), Volume 76, pp. 4:1-4:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2017) https://doi.org/10.4230/LIPIcs.ECRTS.2017.4

Abstract

Virtualization technology starts becoming more and more widespread in the embedded systems arena, driven by the upward trend for integrating multiple environments into the same hardware platform. The penalties incurred by standard software-based virtualization, altogether with the strict timing requirements imposed by real-time virtualization are pushing research towards hardware-assisted solutions. Among existing commercial off-the-shelf (COTS) technologies, ARM TrustZone promises to be a game-changer for virtualization, despite of this technology still being seen with a lot of obscurity and scepticism. 
In this paper we present a Lightweight TrustZone-assisted Hypervisor (LTZVisor) as a tool to understand, evaluate and discuss the benefits and limitations of using TrustZone hardware to assist virtualization. We demonstrate how TrustZone can be adequately exploited for meeting the real-time needs, while presenting a low performance cost on running unmodified rich operating systems. While ARM continues to spread TrustZone technology from the applications processors to the smallest of microcontrollers, it is undeniable that this technology is gaining an increasing relevance. Our intent is to encourage research and drive the next generation of TrustZone-assisted virtualization solutions.

Subject Classification

Keywords
  • hypervisor
  • virtualization
  • TrustZone
  • space and time partitioning
  • real-time
  • embedded systems

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

References

  1. Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. SIGOPS Oper. Syst. Rev., 37(5):164-177, October 2003. URL: http://dx.doi.org/10.1145/1165389.945462.
  2. F. Baum and A. Raghuraman. Making Full use of Emerging ARM-based Heterogeneous Multicore SoCs. In Proceedings of the 8th European Congress on Embedded Real Time Software and Systems, Jan 2016. Google Scholar
  3. M. Cereia and I. Bertolotti. Virtual Machines for Distributed Real-time Systems. Comput. Stand. Interfaces, 31(1):30-39, January 2009. URL: http://dx.doi.org/10.1016/j.csi.2007.10.010.
  4. C. Dall and J. Nieh. KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor. SIGPLAN Not., 49(4):333-348, February 2014. URL: http://dx.doi.org/10.1145/2644865.2541946.
  5. T. Frenzel, A. Lackorzynski, A. Warg H., and Härtig. ARM TrustZone as a Virtualization Technique in Embedded Systems. Twelfth Real-Time Linux Workshop, 2010. Google Scholar
  6. G. Heiser. Virtualizing Embedded Systems: Why Bother? In Proceedings of the 48th Design Automation Conference, DAC'11, pages 901-905. ACM, 2011. Google Scholar
  7. H. Joe, H. Jeong, Y. Yoon, H. Kim, S. Han, and H. W. Jin. Full virtualizing micro hypervisor for spacecraft flight computer. In 2012 IEEE/AIAA 31st Digital Avionics Systems Conference (DASC), pages 6C5-1-6C5-9, Oct 2012. URL: http://dx.doi.org/10.1109/DASC.2012.6382393.
  8. Genode Labs. An Exploration of ARM TrustZone Technology. URL: https://genode.org/documentation/articles/trustzone.
  9. C. Lee, S. W. Kim, and C. Yoo. VADI: GPU Virtualization for an Automotive Platform. IEEE Transactions on Industrial Informatics, 12(1):277-290, Feb 2016. URL: http://dx.doi.org/10.1109/TII.2015.2509441.
  10. Miguel Masmano, Ismael Ripoll, Alfons Crespo, and J. Metge. Xtratum: a hypervisor for safety critical embedded systems. In 11th Real-Time Linux Workshop, pages 263-272. Citeseer, 2009. Google Scholar
  11. L. McVoy and C. Staelin. lmbench: Portable Tools for Performance Analysis. In USENIX annual technical conference, pages 279-294. San Diego, CA, USA, 1996. Google Scholar
  12. B. Ngabonziza, D. Martin, A. Bailey, H. Cho, and S. Martin. TrustZone Explained: Architectural Features and Use Cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445-451, Nov 2016. URL: http://dx.doi.org/10.1109/CIC.2016.065.
  13. S. Oh, K. Koh, C. Kim, K. Kim, and S. Kim. Acceleration of dual OS virtualization in embedded systems. In 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pages 1098-1101, Dec 2012. Google Scholar
  14. S. Patni, J. George, P. Lahoti, and J. Abraham. A zero-copy fast channel for inter-guest and guest-host communication using VirtIO-serial. In 2015 1st International Conference on Next Generation Computing Technologies (NGCT), pages 6-9, Sept 2015. URL: http://dx.doi.org/10.1109/NGCT.2015.7375072.
  15. S. Pinto, T. Gomes, J. Pereira, J. Cabral, and A. Tavares. IIoTEED: an enhanced Trusted Execution Environment for Industrial IoT Edge Devices. IEEE Internet Computing, 21(1):40-47, Jan-Feb 2017. URL: http://dx.doi.org/10.1109/MIC.2017.17.
  16. S. Pinto, D. Oliveira, J. Pereira, J. Cabral, and A. Tavares. FreeTEE: When real-time and security meet. In 2015 IEEE 20th Conference on Emerging Technologies Factory Automation (ETFA), pages 1-4, Sept 2015. URL: http://dx.doi.org/10.1109/ETFA.2015.7301571.
  17. S. Pinto, D. Oliveira, J. Pereira, N. Cardoso, M. Ekpanyapong, J. Cabral, and A. Tavares. Towards a lightweight embedded virtualization architecture exploiting ARM TrustZone. In Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), pages 1-4, Sept 2014. URL: http://dx.doi.org/10.1109/ETFA.2014.7005255.
  18. S. Pinto, J. Pereira, T. Gomes, M. Ekpanyapong, and A. Tavares. Towards a TrustZone-assisted Hypervisor for Real Time Embedded Systems. IEEE Computer Architecture Letters, PP(99):1-1, 2016. URL: http://dx.doi.org/10.1109/LCA.2016.2617308.
  19. S. Pinto, A. Tavares, and S. Montenegro. Space and time partitioning with hardware support for space applications. Data Systems In Aerospace (DASIA), European Space Agency, (Special Publication) ESA SP, 2016. Google Scholar
  20. D. Reinhardt and G. Morgan. An embedded hypervisor for safety-relevant automotive E/E-systems. In Proceedings of the 9th IEEE International Symposium on Industrial Embedded Systems (SIES 2014), pages 189-198, June 2014. URL: http://dx.doi.org/10.1109/SIES.2014.6871203.
  21. Rusty Russell. Virtio: Towards a De-facto Standard for Virtual I/O Devices. SIGOPS Oper. Syst. Rev., 42(5):95-103, July 2008. URL: http://dx.doi.org/10.1145/1400097.1400108.
  22. D. Sangorrin, S. Honda, and H. Takada. Dual operating system architecture for real-time embedded systems. In Proceedings of the 6th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications, Brussels, Belgium, pages 6-15, 2010. Google Scholar
  23. O. Schwarz, C. Gehrmann, and V. Do. Affordable Separation on Embedded Platforms. In Proceedings of the 7th International Conference on Trust and Trustworthy Computing, volume 8564 of LNCS, pages 37-54. Springer-Verlag New York, Inc., 2014. URL: http://dx.doi.org/10.1007/978-3-319-08593-7_3.
  24. Udo Steinberg and Bernhard Kauer. NOVA: A Microhypervisor-based Secure Virtualization Architecture. In Proceedings of the 5th European Conference on Computer Systems, EuroSys'10, pages 209-222. ACM, 2010. URL: http://dx.doi.org/10.1145/1755913.1755935.
  25. H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang. TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pages 367-378, June 2015. URL: http://dx.doi.org/10.1109/DSN.2015.11.
  26. A. Tavares, A. Dídimo, T. Lobo, P. Cardoso, J. Cabral, and S. Montenegro. Rodosvisor - An ARINC 653 quasi-compliant hypervisor: CPU, memory and I/O virtualization. In Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies Factory Automation (ETFA 2012), pages 1-10, Sept 2012. URL: http://dx.doi.org/10.1109/ETFA.2012.6489588.
  27. J. Taylor. Security for the next generation of safe real-time systems. In Proceedings of Embedded World Conference, Nuremberg, Germany, March 2016. Google Scholar
  28. Prashant Varanasi and Gernot Heiser. Hardware-supported Virtualization on ARM. In Proceedings of the Second Asia-Pacific Workshop on Systems, APSys'11, pages 11:1-11:5. ACM, 2011. URL: http://dx.doi.org/10.1145/2103799.2103813.
  29. P. Wilson, A. Frey, T. Mihm, D. Kershaw, and T. Alves. Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design Test of Computers, 24(6):582-591, Nov 2007. URL: http://dx.doi.org/10.1109/MDT.2007.196.
  30. J. Winter. Trusted Computing Building Blocks for Embedded Linux-based ARM Trustzone Platforms. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC'08, pages 21-30. ACM, 2008. URL: http://dx.doi.org/10.1145/1456455.1456460.
  31. S. Zampiva, C. Moratelli, and F. Hessel. A hypervisor approach with real-time support to the MIPS M5150 processor. In Sixteenth International Symposium on Quality Electronic Design, pages 495-501, March 2015. URL: http://dx.doi.org/10.1109/ISQED.2015.7085475.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact