I am running a Linux in the non-secure world with TrustZone enabled.
Let me first state out that this is already running on a i.MX6 Quad processor, however on the Dual Lite I have an issue during
The startup fails after kernel was initialized properly and the kernel tries to jump to the
user-space the first time (init process, see function ret_to_user).
The address where the kernel wants to jump to is valid. I compared it with the memory areas of the process (via the mm pointer of
the process descriptor). After a scan of the MMU page table I can see that the memory is not mapped yet. In the reference system
on i.MX6 Quad I see that a prefetch aborts comes up that calls the page fault handler. After the page fault handler, the memory
area is mapped and ret_to_user is called again. This time no exception occurs when the kernel tries to jump to
the address of the init process and init takes place.
However in the i.MX6 DL the prefetch exception and the page fault handler are never called. If ret_to_user is called the second time it
hangs in the work_pending subroutine.
I can see that the do_page_fault handler is called during kernel startup several times, but out of the data abort exception. So it seems
to me that it works for data that is accessed but not for instructions.
If I disable the TrustZone by means of running everything in secure world the issue is gone.
In summary it seems to me that this issue is related to TrustZone AND DualLite but not Quad processors.
Now let me describe our system:
- We run a 3.14.51 Linux kernel
- The linux kernel runs on the second core, on the first core another operating system is running asynchronously (AMP).
- The boot manager is self-written. Within the boot manager the core where Linux runs is set to non-secure. The NSACR, and Secure Config
Register is set like in a U-Boot. After this, the GIC is set to non secure and the switch to normal world takes place. Then the GIC
distributor is enabled in the non-secure world. Interrupts are working in general.
- The boot manager takes also care about a lot of different ARM erratas regarding the L2 cache. Especially writes to the diagnostic
control register cannot be done by the non-secure world anymore. Therefore it is done by the bootmanager before the switch to non-secure