Bureaucrats, dave_user, Administrators
743
edits
Changes
→Overview
This section describes in detail the solution implemented by DAVE Embedded Systems to overcome the limitations of basic AMP configuration a to satisfy all the requirements listed in section [[#Limitations of traditional configurations|''Limitations of traditional configurations'']].
===Overview===
The major difference with respect to the traditional AMP configuration is the use of a software monitor, specifically a customized version of TOPPERS SafeG
<ref name="TOPPERS SafeG home (en)">''TOPPERS SafeG home page (English)'', https://www.toppers.jp/en/safeg.html</ref>
<ref name="TOPPERS SafeG home (jp)">''TOPPERS SafeG home page (Japanese)'', https://www.toppers.jp/safeg.html</ref>
<ref name="TOPPERS SafeG">[http://www.wiki.xilinx.com/Multi-OS+Support+%28AMP+%26+Hypervisor%29#Asymmetric%20Multi%20Processing%20%28AMP%29%20Configurations-Open%20Source%20or%20Freely%20Available%20Solutions-TOPPERS%20SafeG%20%28Nagoya%20University%29 ''TOPPERS SafeG (Nagoya University)'']</ref>.
[[File:Safeg-arch-english.png|thumb|center|400px|Nagoya University TOPPERS SafeG architecture]]
As shown in the picture, the monitor can be viewed as a software layer that lies between Trust/Non-trust worlds and underlying hardware. The monitor is responsible for:
* enabling and initializing TrustZone in order to protect regions that must not be accessible by Non-secure world
* TBD ASsetup data structure and exception handlers needed for context switch and Secure Monitor Call (SMC)* start the trusted OS Later, once the trusted OS is ready, it will do a specific SMC that will do the context switch that will start the non-trusted OS.
About operating systems, Linux has been chosen for Non-trust world, while [http://www.freertos.org FreeRTOS ] has been selected for the Trust world. At the time of this design, the Linux/FreeRTOS combination has proven to be the most appealing for the majority of applications that this solution addresses. Nevertheless different combinations are possible{{efn|For example TOPPERS project makes use of [http://www.toppers.jp/en/index.html different RTOSes].}}.
About the multi-processing scheme, AMP has been used{{efn|The the two Zynq core are assigned statically to the two world (core0 to Linux, core1 to FreeRTOS). This allows to:* simplify the whole system implementation* reduce RTOS latency (because there's never need of ''non-trusted to trusted'' context switch) From the memory point of view:* the main memory is statically partitioned (by the monitor can support either AMP or SMP configurations.}}.) into tree sections:** a non-trusted private area (protected at MMU-only level from trusted access)** a trusted private area (protected at TrustZone level by non-trusted access)** a shared memory area, marked as non-trusted
These choices lead to the configuration depicted in the following figure.
[[File:Bora-wp001 01.png|thumb|center|400px|DAVE Embedded Systems' TrustZone-enabled AMP solution]]
