基於KVM Hypervisor虛擬化Arm TrustZone

林俊諺; Chun-Yen Lin

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96715

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	黎士瑋	zh_TW
dc.contributor.advisor	Shih-Wei Li	en
dc.contributor.author	林俊諺	zh_TW
dc.contributor.author	Chun-Yen Lin	en
dc.date.accessioned	2025-02-21T16:13:41Z	-
dc.date.available	2025-02-22	-
dc.date.copyright	2025-02-21	-
dc.date.issued	2024	-
dc.date.submitted	2024-12-18	-
dc.identifier.citation	[1] About op-tee. URL: https://optee.readthedocs.io/en/latest/general/about.html. [2] KVM. URL: https://www.linux-kvm.org/page/Main_Page. [3] QEMU. URL: https://www.qemu.org/docs/master/. [4] Tiny code generator. URL: https://www.qemu.org/docs/master/devel/index-tcg.html. [5] Introducing Amazon EC2 A1 Instances Powered By New Arm-based AWS Graviton Processors, Nov. 2018. https://aws.amazon.com/about-aws/whats-new/2018/11/introducing-amazon-ec2-a1-instances. [6] I. Advanced Micro Devices. AMD virtualization (amd-v) technology. URL: https://www.amd.com/en/technologies/virtualization. [7] Arm. ERET (exception return). URL: https://developer.arm.com/documentation/ddi0602/2024-09/Base-Instructions/ERET--Exception-return-. [8] Arm. HVC (hypervisor call). URL: https://developer.arm.com/documentation/ddi0602/2024-09/Base-Instructions/HVC--Hypervisor-call-. [9] Arm. MDCR_EL3, monitor debug configuration register (el3). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/MDCR-EL3--Monitor-Debug-Configuration-Register--EL3-. [10] Arm. SCR_EL3, secure configuration register. URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/SCR-EL3--Secure-Configuration-Register. [11] Arm. SCTLR_EL1, system control register (el1). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/SCTLR-EL1--System-Control-Register--EL1-. [12] Arm. SCTLR_EL3, system control register (el3). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/SCTLR-EL3--System-Control-Register--EL3-. [13] Arm. SMC (secure monitor call). URL: https://developer.arm.com/documentation/ddi0602/2024-09/Base-Instructions/SMC--Secure-monitor-call-. [14] Arm. SPSR_EL1, saved program status register (el1). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/SPSR-EL1--Saved-Program-Status-Register--EL1-. [15] Arm. SPSR_EL3, saved program status register (el3). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/SPSR-EL3--Saved-Program-Status-Register--EL3-. [16] Arm. Trustzone’s example use cases, content management. URL: https://developer.arm.com/documentation/PRD29-GENC-009492/c/TrustZone-System-Design/Example-use-cases/Content-management. [17] Arm. Trustzone’s example use cases, mobile payment. URL: https://developer.arm.com/documentation/PRD29-GENC-009492/c/TrustZone-System-Design/Example-use-cases/Mobile-Payment. [18] Arm. VBAR_EL1, vector base address register (el1). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/VBAR-EL1--Vector-Base-Address-Register--EL1-. [19] Arm. VBAR_EL3, vector base address register (el3). URL: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/VBAR-EL3--Vector-Base-Address-Register--EL3-. [20] Arm. Trustzone for armv8-a, 2020. URL: https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Learn%20the%20Architecture/TrustZone%20for%20Armv8-A.pdf?revision=c3134c8e-f1d0-42ff-869e-0e6a6bab824f. [21] Arm. Arm trusted firmware, 2022. URL: https://www.trustedfirmware.org/projects/tf-a. [22] B. Blazevic, M. Peter, M. Hamad, and S. Steinhorst. Teevsel4: Trusted execution environment for virtualized sel4-based systems. In 2023 IEEE 29th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), pages 67–76, 2023. doi:10.1109/RTCSA58653.2023.00017. [23] S.-K. Han and J. Jang. Mytee: Own the trusted execution environment on embedded devices. In NDSS, 2023. [24] Z. Hua, J. Gu, Y. Xia, H. Chen, B. Zang, and H. Guan. vTZ: Virtualizing ARM TrustZone. In 26th USENIX Security Symposium (USENIX Security 17), pages 541–556, Vancouver, BC, Aug. 2017. USENIX Association. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hua. [25] A. T. Inc. Ava developer platform, 2021. URL: https://www.ipi.wiki/pages/com-hpc-altra. [26] Intel. Intel virtualization technology (vt-x) architecture. URL: https://www.intel.com/content/www/us/en/architecture-and-technology/virtualization/virtualization-technology-vt-x.html. [27] W. Li, Y. Xia, L. Lu, H. Chen, and B. Zang. Teev: virtualizing trusted execution environments on mobile platforms. VEE 2019, page 2–16, New York, NY, USA, 2019. Association for Computing Machinery. doi:10.1145/3313808.3313810. [28] C. Williams. Microsoft: Can’t wait for ARM to power MOST of our cloud data centers! Take that, Intel! Ha! Ha! The Register, Mar. 2017. https://www.theregister.co.uk/2017/03/09/microsoft_arm_server_followup.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96715	-
dc.description.abstract	ARM TrustZone是一種硬體安全技術，能夠將中央處理器(CPU)的執行環境切割成普通世界以及安全世界，使較為機密的操作(如加密、身份驗證)能夠在安全世界中執行，從而與較易受到攻擊的普通世界隔離。雖然TrustZone已廣泛部署在實體硬體上，但仍不提供虛擬化技術的支援，無法直接地於虛擬機器(VM)中使用，因此在現在最多人使用的Linux KVM Hypervisor上，執行虛擬機器的使用者無法利用TrustZone功能來保護他們的系統。為了解決這項限制，我們擴充了KVM以支援TrustZone的虛擬化，並將其提供給虛擬機器使用。我們利用攔截並模擬技術，來將敏感指令重新導向至KVM並模擬它們。同時我們開發了一項新技術，例外層級多工(Exception-Level Multiplexing)，這項新穎的技術可安全地讓TrustZone軟體在虛擬機器環境中利用現有的Arm硬體執行。此外，我們基於目前QEMU中的TrustZone硬體模板，創建了一個虛擬的安全記憶體區域，並將安全IO映射到該區域。我們的虛擬化TrustZone支援OP-TEE，OP-TEE是一項需要在Arm TrustZone上的執行可信執行環境(TEE），並允許OP-TEE能夠在虛擬機器中利用我們的虛擬TrustZone中執行包含可信應用(TAs)、TEE核心以及安全監視器等TrustZone的軟體。最後，我們測量了效能，我們在使用KVM虛擬化的TrustZone上執行OP-TE的安全應用，比在QEMU虛擬機器上執行的OP-TEE有約莫十倍的效能優化。	zh_TW
dc.description.abstract	Arm TrustZone technology provides two distinct CPU execution environments: the Normal and the Secure World. Arm enforces resource isolation of the two worlds, ensuring that security-critical operations, such as encryption and authentication, can be executed in the Secure world and thus isolated from the potentially compromised Normal world that hosts a comprehensive software environment. Although TrustZone is widely deployed on physical hardware, it is unavailable to virtual machines (VMs). Notably, users who run VMs on the popular Linux KVM hypervisor cannot leverage TrustZone features to secure their systems. We have extended KVM to expose a virtual TrustZone to VMs to address this limitation. We leverage trap-and-emulate to virtualize sensitive TrustZone operations while introducing exception-level multiplexing, a novel technique that safely enables native execution of TrustZone software on the existing Arm hardware in the VM environment. Our implementation builds on the current TrustZone hardware abstraction in QEMU that exposes a virtualized secure memory and IO devices. Our resulting KVM prototype supports OP-TEE, a de-facto open-source TEE implementation for Arm TrustZone, allowing a comprehensive software environment for OP-TEE that encompasses Trusted Application (TAs), TEE kernel, and the security monitor to execute in a virtualized TrustZone on a VM. Performance evaluation of the OP-TEE prototyped running on a virtualized TrustZone in the VM on our KVM prototype shows that it outperforms OP-TEE running on a QEMU-hosted VM by 10 times.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-02-21T16:13:41Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2025-02-21T16:13:41Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Acknowledgements i 摘要 ii Abstract iii Contents v List of Figures vii List of Tables viii List of Listings ix Chapter 1 Introduction 1 Chapter 2 Background 4 2.1 Arm TrustZone 4 2.2 OP-TEE 5 2.2.1 Arm Trusted Firmware 6 2.3 QEMU 7 2.3.1 TCG 8 2.3.2 KVM 8 Chapter 3 Design 10 3.1 Overview 10 3.2 CPU Virtualization 11 3.2.1 Virtual System Registers 12 3.2.2 Sensitive Instructions Handling 14 3.2.3 Memory Virtualization 17 3.3 I/O Virtualization 17 Chapter 4 Implementation 19 4.1 KVM 19 4.1.1 Virtual System Registers 19 4.1.2 kvm_el1_smc 21 4.1.3 kvm_el3_eret 22 4.2 QEMU 23 4.2.1 Virtual Secure Memory 23 4.2.2 Semihosting Call Handling 24 4.3 OP-TEE 24 4.3.1 Arm Trusted Firmware 24 4.3.2 OP-TEE OS 25 Chapter 5 Evaluation 26 Chapter 6 Related Work 28 Chapter 7 Limitation and Future Work 32 7.1 Limitation 32 7.2 Future Work 32 Chapter 8 Conclusions 34 References 36	-
dc.language.iso	en	-
dc.subject	Arm	zh_TW
dc.subject	虛擬化	zh_TW
dc.subject	TrustZone	zh_TW
dc.subject	KVM	zh_TW
dc.subject	Virtualization	en
dc.subject	Arm	en
dc.subject	KVM	en
dc.subject	TrustZone	en
dc.title	基於KVM Hypervisor虛擬化Arm TrustZone	zh_TW
dc.title	Virtualizing Arm TrustZone on a KVM-based Hypervisor	en
dc.type	Thesis	-
dc.date.schoolyear	113-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	蕭旭君;洪鼎詠;Dominik Merli	zh_TW
dc.contributor.oralexamcommittee	Hsu-Chun Hsiao;Ding-Yong Hong;Dominik Merli	en
dc.subject.keyword	KVM,TrustZone,虛擬化,Arm,	zh_TW
dc.subject.keyword	KVM,TrustZone,Virtualization,Arm,	en
dc.relation.page	39	-
dc.identifier.doi	10.6342/NTU202404660	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2024-12-18	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
dc.date.embargo-lift	2025-02-22	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-1.pdf	2.98 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。