CN109753347A - A kind of system and method for realizing driving - Google Patents
A kind of system and method for realizing driving Download PDFInfo
- Publication number
- CN109753347A CN109753347A CN201711078956.3A CN201711078956A CN109753347A CN 109753347 A CN109753347 A CN 109753347A CN 201711078956 A CN201711078956 A CN 201711078956A CN 109753347 A CN109753347 A CN 109753347A
- Authority
- CN
- China
- Prior art keywords
- user
- space
- driving
- interrupt processing
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
- Diaphragms For Electromechanical Transducers (AREA)
- Vehicle Body Suspensions (AREA)
- Control Of Multiple Motors (AREA)
Abstract
This application discloses a kind of system and methods for realizing driving, comprising: in the attribute of user's space configuration driven TA;When kernel spacing load driver program, the attribute of parsing driving TA, to complete distribution resource, registration driving, by least one function in equipment physical address map to corresponding virtual address space.By scheme provided by the present application, the code of driver does not need to carry out integrated processing with OS again in user's space, fully achieves and carries out developing integrated and management to the driver of user in the form of TA.Also, it is not necessary to using information such as the memory mappings of sysfs record user's space driving, the activation bit of all user's spaces all only in the TA of driving and in the memory of TEE dynamic operation, therefore not will cause information leakage, ensure that the safety of driver.
Description
Technical field
This application involves but be not limited to computer technology, it is espespecially a kind of realize driving system and method.
Background technique
Currently, in the realization of driving, to realize the input of user's space/defeated in linux kernel (Linux kernel)
For outgoing interface (UIO) driving, the user's space (Userspace) of UIO realizes mmap (), for processing equipment memory
Mapping.If the driver of UIO will wait an interruption in user's space, need simply to be blocked in the/reading of dev/uioX
In read () operation, there is still a need for setting interrupt processing functions for the kernel spacing (Kernelspace) of UIO driving, in this way, when setting
When standby generation interruption, kernel spacing response is interrupted, and interrupts calculator and 1, read () operation is added to return immediately.In addition, the drive of UIO
Dynamic program realizes poll () system calling, and select () function can be used and the generation to be interrupted such as carry out.The UIO of registration is set
It is standby will appear in/sys/class/uioX under, each file under right/sys/class/uioX can be passed through to the control of equipment
Read-write is to complete.
From the point of view of the scheme that the UIO of user's space drives is realized in linux kernel in the related technology, on the one hand, one
Driver is divided still to operate in kernel spacing, therefore, being can not be with security application (TA, Trusted Application)
Mode carries out what exploitation integrated to the driving of user's space, is not also just available trusted application management (TAM) program and carries out dynamic
Installation, upgrading.On the other hand, the functions such as the calling mmap (), the driving registration that need the developer of driver to show, increase
The complexity of design is not suitable for using in small-sized operating system (OS, Operation System), and in sysfs
Information there are problems that security leak, be not suitable for using in the credible performing environment (TEE);Furthermore user's space waits one
Interruption needs to wait (wait) in the read operation of equipment, the exploitation behavior disunity with original non-UIO driver, for first
Beginning developer, undoubtedly increases and understands complexity.
Summary of the invention
In order to solve the above technical problem, the present invention provides a kind of system and methods for realizing driving, can be realized with TA
Mode the driver of user is managed, and can largely mitigate the complexity of program development.
In order to reach the object of the invention, the present invention provides a kind of systems for realizing driving, comprising: user's space and kernel
Space, wherein the first credible performing environment internal applications programming interface, security application are provided in user's space, and
Driver;The second credible performing environment internal applications programming interface, credible performing environment frame are provided in kernel spacing
Frame and secure operating system;Wherein,
Configured with the attribute for driving the security application in the driver;
It is answered inside the first credible performing environment internal applications programming interface and the described second credible performing environment
With Program Interfaces, for realizing inside user's space inside, kernel spacing and between user's space and kernel spacing
Mutually call;
The credible performing environment frame is based on the secure operating system, and when loading the driver, parsing is driven
Move the attribute of the security application, with complete distribution resource, registration driving, by equipment physical address map to it is corresponding virtually
At least one function in the space of location.
Optionally, it is additionally provided in the kernel spacing: user's space driver framework;
The credible performing environment frame is also used to: when needing to register the interruption of user's space driving, being needed for the interruption
The driver to be responded establishes an individual interrupt processing thread;
User's space driver framework, for saving interrupt processing thread, the user that the credible performing environment frame is established
The corresponding relationship of interrupt processing function and the interrupt number of the interruption in space, by the described second credible performing environment internal applications journey
Sequence program interface call registers the general interrupt processing function of user's space driving equipment;When there is interruption to generate, user's space
Driver framework calls general interrupt processing function, corresponding according to interrupt number wake-up corresponding with the interruption of generation in corresponding relationship
Interrupt processing thread, the entry address of user's space interrupt processing function is transmitted to the interrupt processing thread of wake-up.
Present invention also provides a kind of methods for realizing driving, comprising:
When kernel spacing load driver program, the attribute of parsing driving security application, to complete distribution resource, registration is driven
It is dynamic, by least one function in equipment physical address map to corresponding virtual address space, wherein the driving is safely
The attribute of application is configured in user's space.
Optionally, the method also includes:
When needing to register the interruption of user's space driving, the kernel spacing is the driver that the interruption needs to respond
Establish an individual interrupt processing thread;
The kernel spacing saves the interrupt processing thread established, interrupt processing function and this is described in the user's space
The corresponding relationship of the interrupt number of the interruption of registration registers the general interrupt processing function of the user's space driving equipment;
When have interrupt generate when, the kernel spacing calls general interrupt processing function, according in corresponding relationship with production
The corresponding interrupt number of raw interruption wakes up corresponding interrupt processing thread, with will driving the entrance of user's space interrupt processing function
Location is transmitted to the interrupt processing thread of wake-up.
The application provides a kind of computer readable storage medium again, is stored with computer executable instructions, the calculating
Machine executable instruction is used to execute the method described in any of the above embodiments for realizing driving.
The application provides a kind of device for realizing driving, including memory and processor again, wherein in memory
It is stored with the following instruction being executed by processor: when kernel spacing load driver program, the attribute of parsing driving security application,
To complete distribution resource, registration drives, will be at least one of in equipment physical address map to corresponding virtual address space
Function, wherein the attribute of the driving security application is configured in user's space.
Optionally, the following instruction being executed by processor also is stored in the memory:
When needing to register the interruption of user's space driving, the kernel spacing is the driver that the interruption needs to respond
Establish an individual interrupt processing thread;The kernel spacing saves the interrupt processing thread established, in the user's space
It is general to register the user's space driving equipment for the corresponding relationship of the interrupt number of the interruption of interrupt processing function and the registration
Interrupt processing function;When having, when interrupting generation, the kernel spacing calls general interrupt processing function, according in corresponding relationship
Interrupt number corresponding with the interruption of generation wakes up corresponding interrupt processing thread, will drive entering for user's space interrupt processing function
Port address is transmitted to the interrupt processing thread of wake-up.
Technical scheme includes at least: in the attribute of user's space configuration driven TA;Kernel spacing load driver journey
When sequence, parsing driving TA attribute, with complete distribution resource, registration driving, by equipment physical address map to it is corresponding virtually
At least one function on address space.By scheme provided by the present application, the code of driver is in user's space, no
It needs to carry out integrated processing with OS again, fully achieves and the driver of user is carried out in the form of TA to develop integrated and pipe
Reason.Also, it is not necessary to using information such as the memory mappings of sysfs record user's space driving, the driving of all user's spaces
Information all only in the TA of driving and in the memory of TEE dynamic operation, therefore not will cause information leakage, ensure that driver
Safety.
Optionally, the application further include: when registering the interruption of user's space driving, kernel spacing is that the interruption needs to ring
The TA for the driving answered establishes an individual interrupt processing thread;Kernel spacing saves the interrupt processing thread established, Yong Hukong
Between middle interrupt processing function and the registration interruption interrupt number corresponding relationship registration user's space driving equipment it is general in
Disconnected processing function;When have interrupt generate when, kernel spacing calls general interrupt processing function, according in corresponding relationship with generation
The corresponding interrupt number of interruption wake up corresponding interrupt processing thread, the entry address of user's space interrupt processing function will be driven
It is transmitted to the interrupt processing thread of wake-up.In the scheme provided by the present application for realizing driving, on the one hand, the code of Interrupt driver program
In user's space, do not need to carry out integrated processing with OS again, fully achieve in the form of TA to the driver of user into
Row exploitation is integrated and manages.On the other hand, interrupting registration still can be using the scheme for calling interruption registration API, therefore, Yong Huwu
Internal processes need to be perceived;It need to only be interrupted using the processing of independent high priority thread, in this way, ensure that interruption to the full extent
The timeliness of response.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical scheme, and constitutes part of specification, with this
The embodiment of application is used to explain the technical solution of the application together, does not constitute the limitation to technical scheme.
Fig. 1 is the composition schematic diagram for the system that the application realizes driving;
Fig. 2 is the flow chart for the method that the application realizes driving.
Specific embodiment
For the purposes, technical schemes and advantages of the application are more clearly understood, below in conjunction with attached drawing to the application
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
In a typical configuration of this application, calculating equipment includes one or more processors (CPU), input/output
Interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flashRAM).Memory is showing for computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include non-temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
The isolation that credible performing environment (TEE) passes through hardware, it can be ensured that storage, place in an isolated, believable environment
Reason and protection sensitive data.TEE is widely used in various security applications, such as payment, fingerprint and digital copyright protection (DRM).TEE
Driver is realized in user's space, can satisfy the requirement of more high security level, meanwhile, the driver of user can be with fortune
The mode of security application (TA, Trusted Application) of the row inside TEE carries out exploitation and integrates and manage.
Fig. 1 is the composition schematic diagram for the system that the application realizes driving, as shown in Figure 1, including that user's space and kernel are empty
Between, wherein in user's space at least provided with (Internal) application programming interface inside: the first TEE (API,
Application Programming Interface), security application (TA, Trusted Application), and driving
Program such as drives TA (Driver TA);At least provided with the 2nd TEE Internal API, TEE frame in kernel spacing
(Framework) and secure operating system (Secure OS);Wherein,
First TEE Internal API and the 2nd TEE Internal API, for realizing user's space inside, kernel
Mutual calling between space interior and user's space and kernel spacing.Such as: the first TEE Internal AP of TA calling,
First TEE Internal API of user's space calls the 2nd TEE Internal API of kernel spacing by sysycall,
In this way, the 2nd TEE Internal API is just capable of calling the interface of other modules of kernel spacing, term this field is implemented
The well-known technique of technical staff, is not intended to limit the scope of protection of the present invention.
The attribute configured with driving TA in TA is driven, such as: the title of driving, the physical address for needing to map and corresponding
Virtual address etc..
Configuration mode is similar with the attribute configuration mode of general T A.These attributes can be placed in one when compiling
In special section.
Driving TA includes one or more, and a third-party TA can correspond to a driving TA.
TEE frame, be based on safe OS, in load driver program, parsing driving TA attribute, with complete distribution resource,
Registration driving, by least one function in equipment physical address map to corresponding virtual address space.
In the framework provided by the present application for realizing driving, the code of driver in the driving TA of user's space, is not required to
Integrated processing is carried out with OS again, fully achieves and the driver of user is carried out in the form of TA to develop integrated and management.
Also, it is not necessary to using information such as the memory mappings of sysfs record user's space driving, the activation bit of all user's spaces
It all only in the TA of driving and in the memory of TEE dynamic operation, therefore not will cause information leakage, ensure that the peace of driver
Quan Xing.
By the framework provided by the present application for realizing driving, calling mmap (), the drive that the developer of driving shows are not needed
The correlation functions such as dynamic registration, it is only necessary to simply configure the attribute of driving TA, and be kept as far as possible with the development scheme of general T A
It is consistent, in this way, reducing the workload that third party drives developer;Moreover, also not needing the participation of sysfs, nothing is realized
The hidden danger of activation bit leakage, ensure that the safety of driver.The third-party mode for driving TA is integrated into TEE,
It is thereby achieved that dynamically updating by the way of TAM, reduce driver integrated cost.
Optionally, it is additionally provided in kernel spacing: user's space driver frame (Userspace Driver
Framework);Correspondingly,
TEE frame is also used to: when the external developer such as driving needs to register the interruption of user's space driving, in this
The disconnected TA for needing the driving responded establishes an individual interrupt processing thread;
User's space driver frame, for saving the interrupt processing thread of TEE frame foundation, interrupting in user's space
The corresponding relationship for handling the interrupt number of function and the interruption of the registration, by the 2nd TEE Internal API of TEE kernel spacing
The interrupt processing function for calling registration user's space driving equipment general;When there is interruption to generate, first call at general interruption
Function is managed, corresponding interrupt processing thread is waken up further according to interrupt number corresponding with the interruption of generation in corresponding relationship, will drive
The entry address of user's space interrupt processing function is transmitted to the interrupt processing thread of wake-up.
In this way, interrupt processing thread can be switched to the interrupt processing function of driving user's space and handle interruption.
In the system provided by the present application for realizing driving, the code of Interrupt driver program in the driving TA of user's space,
It does not need to carry out integrated processing with OS again, fully achieves and the driver of user is carried out in the form of TA to develop integrated and pipe
Reason.
By the system provided by the present application for realizing driving, the side called and interrupt registration API can still be used by interrupting registration
Case, therefore, user is without perceiving internal processes;When there is interruption to generate, need to only be handled using independent high priority thread
The interruption, in this way, ensure that the timeliness of interrupt response to the full extent.
That is, not needed in developer's perception of driver by the system provided by the present application for realizing driving
Deposit mapping, registration driving, user's space response are interrupted and the operation such as need etc. to stay in equipment read operation, in reality provided by the present application
In the system now driven, the attribute for only needing simple configuration driven is registered in mapping, the driving of memory, and is interrupted still using in calling
The mode of disconnected registration function is consistent with the scheme driven is developed in kernel spacing in the related technology, greatly reduces in this way
The complexity of driving exploitation.
Fig. 2 is the flow chart for the method that the application realizes driving, as shown in Figure 2, comprising:
Step 200: in the attribute of user's space configuration driven TA.
Optionally, attribute includes but is not limited to: the title of driving, the physical address for needing to map and corresponding virtual address
Deng.
Configuration mode is similar with the attribute configuration mode of general T A.These attributes can be placed in one when compiling
In special section.
Driving TA includes one or more, and a third-party TA can correspond to a driving TA.
Step 201: it is based on safe OS, when kernel spacing load driver program, the attribute of parsing driving TA, to complete to distribute
Resource, registration driving, by least one function in equipment physical address map to corresponding virtual address space.
In the method provided by the present application for realizing driving, the code of driver in the driving TA of user's space, is not required to
Integrated processing is carried out with OS again, fully achieves and the driver of user is carried out in the form of TA to develop integrated and management.
Also, it is not necessary to using information such as the memory mappings of sysfs record user's space driving, the activation bit of all user's spaces
It all only in the TA of driving and in the memory of TEE dynamic operation, therefore not will cause information leakage, ensure that the peace of driver
Quan Xing.
By the method provided by the present application for realizing driving, calling mmap (), the drive that the developer of driving shows are not needed
The correlation functions such as dynamic registration, it is only necessary to simply configure the attribute of driving TA, and be kept as far as possible with the development scheme of general T A
It is consistent, in this way, reducing the workload that third party drives developer;Moreover, also not needing the participation of sysfs, nothing is realized
The hidden danger of activation bit leakage, ensure that the safety of driver.The third-party mode for driving TA is integrated into TEE,
It is thereby achieved that dynamically updating by the way of TAM, reduce driver integrated cost.
The method that the application realizes driving further include:
When needing to register the interruption of user's space driving, kernel spacing is that the TA for the driving that the interruption needs to respond is established
One individual interrupt processing thread;
Kernel spacing saves the interrupt processing thread established, the interruption of interrupt processing function and the registration in user's space
The corresponding relationship of interrupt number, the general interrupt processing function of registration user's space driving equipment;
When have interrupt generate when, kernel spacing calls general interrupt processing function, according in corresponding relationship with generation
It interrupts corresponding interrupt number and wakes up corresponding interrupt processing thread, the entry address of user's space interrupt processing function will be driven to pass
To the interrupt processing thread of wake-up.
In this way, interrupt processing thread can be switched to the interrupt processing function of driving user's space and handle interruption.
In the method provided by the present application for realizing driving, the code of Interrupt driver program in the driving TA of user's space,
It does not need to carry out integrated processing with OS again, fully achieves and the driver of user is carried out in the form of TA to develop integrated and pipe
Reason.
By the method provided by the present application for realizing driving, the side called and interrupt registration API can still be used by interrupting registration
Case, therefore, user is without perceiving internal processes;When there is interruption to generate, need to only be handled using independent high priority thread
The interruption, in this way, ensure that the timeliness of interrupt response to the full extent.
That is, not needed in developer's perception of driver by the method provided by the present application for realizing driving
Deposit mapping, registration driving, user's space response are interrupted and the operation such as need etc. to stay in equipment read operation, in reality provided by the present application
In the framework now driven, the attribute for only needing simple configuration driven is registered in mapping, the driving of memory, and is interrupted still using in calling
The mode of disconnected registration function is consistent with the scheme driven is developed in kernel spacing in the related technology, greatly reduces in this way
The complexity of driving exploitation.
In actual application, in order to guarantee safety, just many drivers be need to configure into only TEE can
With access, such as crypto engine, in this case, need to integrate these drivers in TEE.Using provided by the present application
The framework and method for realizing driving, under the demand of high security level, these third-party drivers can be integrated in user's sky
Between, in this way, the mistake (bug) of third-party driver not will lead to TEE and have bug and be attacked by people;Driver collapse
(crash) entire TEE will not be caused to collapse when, facilitate the developer's exploitation and debugging of driver.Meanwhile utilizing this Shen
The framework and method, the integrated driving program in a manner of TA for the realization driving that please be provided both had facilitated the development set of driver
At, and it is convenient to use the operations such as dynamic installation, deletion, update that TAM is driven.
The application also provides a kind of computer readable storage medium, is stored with computer executable instructions, the computer
Executable instruction is used to execute the method described in any of the above embodiments for realizing driving.
The application also provides a kind of device for realizing driving, including memory and processor, wherein deposits in memory
Contain the following instruction being executed by processor: when kernel spacing loads TA, the attribute of parsing driving TA, to complete distribution money
Source, registration driving, by least one function in equipment physical address map to corresponding virtual address space, wherein institute
The attribute for stating driving security application is configured in user's space.
Optionally, the following instruction being executed by processor also is stored in the memory:
When registering the interruption of user's space driving, the kernel spacing is that the TA for the driving that the interruption needs to respond is established
One individual interrupt processing thread;The kernel spacing saves the interrupt processing thread established, and drives in the user's space
The corresponding relationship of interrupt processing function and the interrupt number of the interruption, registers the general interrupt processing of the user's space driving equipment
Function;When having, when interrupting generation, the kernel spacing, will driving user's sky according to the corresponding interrupt processing thread of interrupt number wake-up
Between the entry address of interrupt processing function be transmitted to the interrupt processing thread of wake-up.
Although embodiment disclosed by the application is as above, the content only for ease of understanding the application and use
Embodiment is not limited to the application.Technical staff in any the application fields, is taken off not departing from the application
Under the premise of the spirit and scope of dew, any modification and variation, but the application can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (7)
1. a kind of system for realizing driving characterized by comprising user's space and kernel spacing, wherein set in user's space
It is equipped with: the first credible performing environment internal applications programming interface, security application and driver;It is set in kernel spacing
It is equipped with: the second credible performing environment internal applications programming interface, credible performing environment frame and secure operating system;
Wherein,
Configured with the attribute for driving the security application in the driver;
The first credible performing environment internal applications programming interface and the described second credible performing environment internal applications journey
Sequence programming interface, for realizing mutual inside user's space inside, kernel spacing and between user's space and kernel spacing
It calls;
The credible performing environment frame is based on the secure operating system, when loading the driver, parsing driving institute
The attribute of security application is stated, to complete distribution resource, registration drives, equipment physical address map is empty to corresponding virtual address
Between at least one function.
2. system according to claim 1, which is characterized in that be additionally provided in the kernel spacing: user's space driving
Frame;
The credible performing environment frame is also used to: when needing to register the interruption of user's space driving, needing to ring for the interruption
The driver answered establishes an individual interrupt processing thread;
User's space driver framework, interrupt processing thread, the user's space established for saving the credible performing environment frame
The corresponding relationship of middle interrupt processing function and the interrupt number of the interruption is compiled by the described second credible performing environment internal applications
The interrupt processing function that journey interface calls registration user's space driving equipment general;When having, when interrupting generation, user's space is driven
Frame calls general interrupt processing function, is waken up in corresponding according to interrupt number corresponding with the interruption of generation in corresponding relationship
The entry address of user's space interrupt processing function, is transmitted to the interrupt processing thread of wake-up by disconnected processing thread.
3. a kind of method for realizing driving characterized by comprising
When kernel spacing load driver program, the attribute of driving security application is parsed, to complete distribution resource, registration drives, will
At least one function in equipment physical address map to corresponding virtual address space, wherein the driving security application
Attribute user's space configure.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
When needing to register the interruption of user's space driving, the kernel spacing is that the driver that the interruption needs to respond is established
One individual interrupt processing thread;
The kernel spacing saves the interrupt processing thread established, interrupt processing function and registration in the user's space
Interruption interrupt number corresponding relationship, register the general interrupt processing function of the user's space driving equipment;
When have interrupt generate when, the kernel spacing calls general interrupt processing function, according in corresponding relationship with generation
It interrupts corresponding interrupt number and wakes up corresponding interrupt processing thread, the entry address of user's space interrupt processing function will be driven to pass
To the interrupt processing thread of wake-up.
5. a kind of computer readable storage medium, is stored with computer executable instructions, the computer executable instructions are used for
Execute the described in any item methods for realizing driving of 3~claim 4 of the claims.
6. a kind of device for realizing driving, including memory and processor, wherein being stored in memory following can be located
Manage device execute instruction: when kernel spacing load driver program, parsing driving security application attribute, with complete distribution resource,
Registration driving, by least one function in equipment physical address map to corresponding virtual address space, wherein the drive
The attribute of dynamic security application is configured in user's space.
7. device according to claim 6, which is characterized in that be also stored in the memory following can be held by processor
Capable instruction:
When needing to register the interruption of user's space driving, the kernel spacing is that the driver that the interruption needs to respond is established
One individual interrupt processing thread;The kernel spacing saves the interrupt processing thread established, interrupts in the user's space
The corresponding relationship for handling the interrupt number of the interruption of function and the registration, registers the general interruption of the user's space driving equipment
Handle function;When have interrupt generate when, the kernel spacing calls general interrupt processing function, according in corresponding relationship with production
The corresponding interrupt number of raw interruption wakes up corresponding interrupt processing thread, with will driving the entrance of user's space interrupt processing function
Location is transmitted to the interrupt processing thread of wake-up.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
TW107131126A TWI783034B (en) | 2017-11-06 | 2018-09-05 | System and method for implementing drive |
PCT/CN2018/111815 WO2019085811A1 (en) | 2017-11-06 | 2018-10-25 | System and method for implementing driving |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109753347A true CN109753347A (en) | 2019-05-14 |
CN109753347B CN109753347B (en) | 2023-03-21 |
Family
ID=66332819
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711078956.3A Active CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN109753347B (en) |
TW (1) | TWI783034B (en) |
WO (1) | WO2019085811A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116049809A (en) * | 2022-06-14 | 2023-05-02 | 荣耀终端有限公司 | Drive calling method and device |
WO2023134376A1 (en) * | 2022-01-17 | 2023-07-20 | 荣耀终端有限公司 | Information processing method and apparatus |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110442462B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
US10699015B1 (en) | 2020-01-10 | 2020-06-30 | Alibaba Group Holding Limited | Method and apparatus for data transmission in a tee system |
CN110399235B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030172109A1 (en) * | 2001-01-31 | 2003-09-11 | Dalton Christoper I. | Trusted operating system |
WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200722992A (en) * | 2005-12-14 | 2007-06-16 | Inventec Corp | Physical memory testing method under Linux system |
CN101453572A (en) * | 2007-11-30 | 2009-06-10 | 上海复旦上科多媒体有限公司 | Control method for multimedia show system equipment |
CN106775833B (en) * | 2016-11-28 | 2021-03-16 | 青岛海信移动通信技术股份有限公司 | Device driver loading method, terminal and system |
CN107247578A (en) * | 2017-06-12 | 2017-10-13 | 北京奇虎科技有限公司 | Configuration parameter storage method and device |
-
2017
- 2017-11-06 CN CN201711078956.3A patent/CN109753347B/en active Active
-
2018
- 2018-09-05 TW TW107131126A patent/TWI783034B/en active
- 2018-10-25 WO PCT/CN2018/111815 patent/WO2019085811A1/en active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030172109A1 (en) * | 2001-01-31 | 2003-09-11 | Dalton Christoper I. | Trusted operating system |
WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023134376A1 (en) * | 2022-01-17 | 2023-07-20 | 荣耀终端有限公司 | Information processing method and apparatus |
CN116484438A (en) * | 2022-01-17 | 2023-07-25 | 荣耀终端有限公司 | Information processing method and device |
CN116049809A (en) * | 2022-06-14 | 2023-05-02 | 荣耀终端有限公司 | Drive calling method and device |
CN116049809B (en) * | 2022-06-14 | 2023-11-07 | 荣耀终端有限公司 | Drive calling method and device |
Also Published As
Publication number | Publication date |
---|---|
WO2019085811A1 (en) | 2019-05-09 |
TW201923568A (en) | 2019-06-16 |
TWI783034B (en) | 2022-11-11 |
CN109753347B (en) | 2023-03-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109753347A (en) | A kind of system and method for realizing driving | |
US20230024083A1 (en) | Method and System for Executing Applications Using Native Code Modules | |
US8938737B2 (en) | Delivering interrupts directly to a virtual processor | |
US8151264B2 (en) | Injecting virtualization events in a layered virtualization architecture | |
WO2020244369A1 (en) | Inter-process communication method and apparatus, and computer device | |
US20070136790A1 (en) | Method and system for a security model for a computing device | |
US20070239965A1 (en) | Inter-partition communication | |
KR102104695B1 (en) | Software interface for a hardware device | |
US20210042138A1 (en) | Computing devices | |
US20200097646A1 (en) | Virtualization techniques with real-time constraints | |
WO2023123850A1 (en) | Method and apparatus for implementing firmware root of trust, device, and readable storage medium | |
EP3123388B1 (en) | Virtualization based intra-block workload isolation | |
CN112740211A (en) | Boot firmware sandboxing | |
US9396041B2 (en) | Optimization of resource usage in a multi-environment computing system | |
KR20210011010A (en) | Processor Feature ID Response for Virtualization | |
WO2014107542A1 (en) | Capability based device driver framework | |
CN110998575B (en) | Method and apparatus for executing trusted applications on a processor supporting a protected execution environment | |
US10169113B2 (en) | Storage and application intercommunication using ACPI | |
US10127064B2 (en) | Read-only VM function chaining for secure hypervisor access | |
WO2022100693A1 (en) | Method for configuring address translation relationship, and computer system | |
US20140237469A1 (en) | Firmware metadata and migration in virtualized systems | |
US11074200B2 (en) | Use-after-free exploit prevention architecture | |
US20210208928A1 (en) | Interrupt servicing in userspace | |
EP2941695A1 (en) | High throughput low latency user mode drivers implemented in managed code | |
US20220327230A1 (en) | Controlled data access via container visible location |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |