CN111414246A - Cross-secure-world real-time function calling method and device on computing platform with TEE extension - Google Patents

Cross-secure-world real-time function calling method and device on computing platform with TEE extension Download PDF

Info

Publication number
CN111414246A
CN111414246A CN202010251385.4A CN202010251385A CN111414246A CN 111414246 A CN111414246 A CN 111414246A CN 202010251385 A CN202010251385 A CN 202010251385A CN 111414246 A CN111414246 A CN 111414246A
Authority
CN
China
Prior art keywords
time
call
gpos
tee
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010251385.4A
Other languages
Chinese (zh)
Other versions
CN111414246B (en
Inventor
董攀
朱浩
高珑
李小玲
谭郁松
杨沙洲
秦莹
马俊
刘晓东
廖湘科
吴庆波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202010251385.4A priority Critical patent/CN111414246B/en
Publication of CN111414246A publication Critical patent/CN111414246A/en
Application granted granted Critical
Publication of CN111414246B publication Critical patent/CN111414246B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/04Generating or distributing clock signals or signals derived directly therefrom
    • G06F1/14Time supervision arrangements, e.g. real time clock
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • G06F9/4818Priority circuits therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5038Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the execution order of a plurality of tasks, e.g. taking priority or time dependency constraints into consideration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/48Indexing scheme relating to G06F9/48
    • G06F2209/484Precedence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/5021Priority

Abstract

The invention discloses a method and a device for calling a cross-safe world real-time function on a computing platform with TEE extensionGTo control the return result of RG call in RTOS to GPOS in REE general subsystem, ensure RG call in RTOS in TEE real-time subsystem to be executed for the first time of GPOS and obtain the corresponding execution result for the first time, and also combine the notification mechanism based on software interrupt and the (called) work based on interrupt serviceTwo mechanisms can be implemented to enhance the call. The invention ensures that the time for returning the function call sent by the TEE real-time subsystem to the REE general subsystem meets certain certainty, does not obviously influence the normal operation and the original performance of the two subsystems, and can effectively ensure the real-time property of the RG call from the TEE to the REE.

Description

Cross-secure-world real-time function calling method and device on computing platform with TEE extension
Technical Field
The invention relates to a computer operating system, in particular to a method and a device for calling a cross-secure world real-time function on a computing platform with TEE extension.
Background
As is well known, the so-called "Real-time" of a computer operating system means "on-time", and a Real-time system (RTS) means that a system can respond to a request of an external event in time, complete processing of the event within a specified time, and control coordinated and consistent operation of all Real-time tasks. The correctness of a real-time system depends not only on the logical result calculated by the system, but also on the time at which this result is generated. Real-time operating systems have strict deterministic requirements for the design of their sub-functions, including: task management, memory management, file management, I/O device management, and the like. First, timing accuracy is an important factor affecting real-time performance. These rely not only on the clock accuracy provided by some hardware, but also on the high accuracy clock timing functions implemented by the real-time operating system. Second, a real-time application system usually needs to process a variety of external information or events, but the urgency of the processing is a small or urgent component. Some must react immediately and some may delay processing. Therefore, a multi-level interrupt nesting processing mechanism needs to be established to ensure timely response and processing of real-time events with high urgency. Third, the real-time operating system also needs to be able to schedule and run real-time tasks in time. The real-time scheduling mechanism comprises two aspects, namely, the real-time task is guaranteed to be scheduled preferentially on a scheduling strategy and an algorithm; and secondly, more 'safe switching' time points are established to ensure timely scheduling of real-time tasks.
Although both systems are multitasking systems, the General systems are more demanding on System throughput, user interaction or multimedia capabilities, which are contradictory to real-time performance, so that the common Windows, L inux, Android and iOS Operating systems are developed as General systems, and have less than ideal real-time performance guarantee capability.
The tee (trusted Execution environment) is also called a trusted Execution environment, is a secure area isolated from the host system, and runs in parallel with the host operating system as an independent environment. The TEE technology protects data and codes by using hardware and software, thereby ensuring that confidentiality and integrity of codes and data loaded in a security area are protected, and obtaining stronger security guarantee than that of a traditional ree (rich Execution environment) environment. Trusted applications running in the TEE can access all functions of the main processor and memory on the platform, while hardware isolation protects these components from user-installed applications running in the main operating system.
Currently, common TEE technologies include TrustZone, SGX and the like. The TrustZone is proposed by ARM company, and software resources and hardware resources are divided into a trusted area and an untrusted area, which are respectively used as TEE and REE, so as to protect sensitive data and applications. The TrustZone can ensure that the security state software is started firstly when being powered on, and the subsequent loaded starting image is verified step by step. After TrustZone is enabled, the physical processor can switch between two security modalities, defined as normal world (running GPOS) and secure world (running TEE OS), respectively. An extra control signal bit, called as a Non-Secure (NS) bit, is added by the TrustZone to read and write each channel on the system bus, and resources such as a memory can be divided into a Secure state and a Non-Secure state through the NS bit. TrustZone realizes the safety isolation of resources such as memory, IO and the like through bus control and auxiliary controllers such as TZASC, TZMA, TZPC and the like. SGX, fully known as Software GuardExtensions, is a security extension to the Intel architecture. SGX builds a TEE by creating an enclave (enclave) that encapsulates the security operations of legitimate software in one enclave, protecting it from malware, neither privileged nor non-privileged software accessing the enclave. The security boundaries of the enclave contain only the CPU and itself, that is, even the operating system or and vmm (hypervisor) cannot affect the code and data inside the enclave once the software and data are located in the enclave.
Because the design goal of the TEE is to isolate the resources therein from the resources of the REE, and avoid the influence of the REE operation, the TEE can also be used for realizing a Real-Time subsystem which coexists with the REE concurrently, and further a hybrid System with a general-Time Operating System (RTOS) environment and a Real-Time Operating System (RTOS) environment is constructed. An important requirement of such a hybrid system is the sharing and interaction of information between subsystems, for example, the IVIS subsystem in the vehicle system needs to obtain sensor information from the ECU subsystem, and the IVIS subsystem may also need to help it store log information, etc. The invention is here of particular interest for function calls issued by the RTOS to the REE, since such function calls, as an operation of the RTOS, should not impair the real-time behavior, i.e. also satisfy the time-deterministic requirements. This in turn creates a conflict with the system nature of the interacting party REE, since the REE has no guarantee of time certainty.
In a TEE-based hybrid system, the RTOS is typically operating at a higher priority, the GPOS is configured to run when the RTOS has no Ready real-time Task (Ready Task), and the ID L E Task of the RTOS switches the GPOS to the CPU, thus avoiding time waste in the RTOS.A function call issued by a Task of the RTOS (set to τ) is called an RG call.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the invention provides a method and a device for calling the real-time function of a cross-safety world on a computing platform with TEE extension, aiming at the problems in the prior art, and the method and the device enable the time for returning the function call sent by a TEE real-time subsystem to an REE general subsystem to meet certain certainty, simultaneously do not obviously influence the normal operation and the original performance of the two subsystems, and can effectively ensure the real-time property of RG call from the TEE to the REE.
In order to solve the technical problems, the invention adopts the technical scheme that:
a cross-secure-world real-time function calling method on a computing platform with TEE extension comprises the following implementation steps:
1) system task tau specified in RTOS in TEE real-time subsystemGThe initial priority of (2) is set to be the same as the idle task;
2) detecting RG call sent to GPOS in REE general subsystem in RTOS, and skipping to execute the next step when RG call is sent by task in RTOS;
3) changing system task τGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
4) checking whether a return result from GPOS exists, if so, setting the RG-called task corresponding to the return result to a ready state, and correcting the system task tauGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
5) judging whether all RG calls have received the return result, if all RG calls have received the return result, the system task tau is processedGThe priority of (2) is restored to the initial priority and the jump is performed step 2).
Optionally, the step 4) further includes a step of recording an issue time of an RG call when detecting the RG call sent to a GPOS in the REE generic subsystem in the RTOS, and the processing step specified in the step 2) further includes: step 4), aiming at all RG calls which do not receive the return result, judging whether the time difference between the current system time and the sending time of the RG call exceeds a preset threshold value, if so, awakening the task called by the RG and informing the RG call of overtime error, and then correspondingly correcting the system task tauGThe priority of (2) makes it the highest priority task among all tasks in the RTOS that issued the RG call and have not received the return result.
Optionally, the step 4) further includes a step of counting the number of timeout errors of the RG calls.
Optionally, the step 4) further includes that when the number of timeout errors exceeds a preset threshold, the RTOS kernel suspends the GPOS, broadcasts the errors, and sends the system task τ to the system taskGThe priority of (1) is restored to the original priority.
Optionally, the system task τGThe execution steps are as follows: and entering a critical zone, judging whether the GPOS operates, if the GPOS operates, calling the request monitor to switch to the GPOS through the SMC, and exiting the critical zone.
Optionally, steps 3) to 5) are executed by scheduling in a clock interrupt processing function.
Optionally, the RG call sent to the GPOS in the REE general subsystem in step 2) is specifically a notification transfer RG call sent to the GPOS in a software interrupt manner, so that the RG call is processed at the first time of online execution of the GPOS, and after the execution of the RG call by the GPOS is completed, the CPU is immediately switched to the TEE environment by invoking software interrupt or actively generating an exception, and the caller is notified that the execution result is returned.
Optionally, when the GPOS executes the RG call, the service code of the called function is directly executed in the interrupt service of the GPOS or indirectly called by the interrupt service.
In addition, the embodiment also provides a device for calling the function in real time across the secure world on the computing platform with the TEE extension, which includes a computer device, on which a GPOS and an RTOS are simultaneously run, wherein the GPOS is located in an REE environment, and the RTOS is located in a TEE environment, the computer device is programmed or configured to execute the step of the method for calling the function in real time across the secure world on the computing platform with the TEE extension, or a memory of the computer device stores a computer program programmed or configured to execute the method for calling the function in real time across the secure world on the computing platform with the TEE extension.
Furthermore, the present embodiment also provides a computer-readable storage medium, on which a computer program programmed or configured to execute the cross-secure-world real-time function call method on the TEE-extended computing platform is stored.
Compared with the prior art, the invention has the following advantages: the invention assigns a system task tau in RTOS in a TEE real-time subsystemGThe initial priority of (2) is set to be the same as the idle task; detecting RG call sent to GPOS in REE general subsystem in RTOS, and promoting system task tau when RG call is sent by task in RTOSGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG calls and do not receive the return result in the RTOS, and simultaneously, the appointed processing steps are executed at regular time, and the appointed processing steps comprise: checking whether a return result from the GPOS exists or not, if so, setting an RG-called task corresponding to the return result to be in a ready state, and correcting a system task tauGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS; step (b), judging whether all RG calls have received the return result, if all RG calls have received the return result, the system task tau is processedGThe priority of the TEE is recovered to the initial priority, and a task calling mechanism (G-priority interchange mechanism) between the TEE real-time subsystem and the REE general subsystem is realized through the method, so that the time for returning the function calling sent by the TEE real-time subsystem to the REE general subsystem meets certain certainty, the normal operation and the original performance of the two subsystems cannot be obviously influenced, and the real-time property of RG calling from the TEE to the REE can be effectively ensured. By adopting the method, the RTOS of the TEE-based hybrid system can obtain services from the GPOS, and the more abundant functions of the GPOS are utilized; service requests sent by the RTOS across the environment can be executed in a deterministic time, so that the real-time requirement of the RTOS subsystem is still met; the mechanism of the invention has little influence on the operation and the efficiency of the original system, and can still maximally utilize the CPU resource on the premise of ensuring the real-time performance of the RTOS.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
FIG. 2 is an example of task invocation in an embodiment of the present invention.
Detailed Description
The computing platform with the TEE extension generally runs an RTOS (real-time operating system) in a TEE real-time subsystem, a GPOS (general operating system, such as L inux, Android and the like) in a REE general subsystem, the technical problem to be solved by the method and the device for calling the real-time function across the secure world on the computing platform with the TEE extension is that the time returned by the function call sent by the TEE real-time subsystem to the REE general subsystem meets certain certainty by establishing a plurality of methods and mechanisms in the GPOS and the RTOS, and meanwhile, the normal operation and the original performance of the two subsystems are not obviously influenced.
As shown in fig. 1, the method for invoking a real-time function across a secure world on a computing platform with a TEE extension according to the embodiment includes:
1) system task tau specified in RTOS in TEE real-time subsystemGThe initial priority of (2) is set to be the same as the idle task;
2) detecting RG call sent to GPOS in REE general subsystem in RTOS, and skipping to execute the next step when RG call is sent by task in RTOS;
3) changing system task τGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
4) checking whether a return result from GPOS exists, if so, setting the RG-called task corresponding to the return result to a ready state, and correcting the system task tauGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
5) judging whether all RG calls have received the return result, if all RG calls have received the return result, the system task tau is processedGThe priority of (2) is restored to the initial priority and the jump is performed step 2).
The steps 1) to 2) are the task calling mechanism (i.e. the G-priority interchange mechanism) between the TEE real-time subsystem and the REE universal subsystem. The priority mechanism is a core means for allocating resources and guaranteeing real-time tasks according to importance degree. The RG calls also need to work in conjunction with the priority mechanism of task scheduling to meet the requirements of the priority channel system, otherwise it may eventually cause confusion in task execution. In the embodiment, a special task with variable priority is specially set in the RTOS for the requirement: system task tauGThe G-task operates similarly to the ID L E task (idle task) in RTOS, acts as a container for GPOS, and once switched to CPU, causes a context switch immediately to allow the GPOS to executeCan be invoked, the priority of the G-task is consistent with the ID L E task.
In this embodiment, the step 2) of detecting an RG call in the RTOS, which is addressed to a GPOS in the REE generic subsystem, further includes a step of recording an issue time of the RG call, and the processing step specified in the step 2) further includes: step 4), aiming at all RG calls which do not receive the return result, judging whether the time difference between the current system time and the sending time of the RG call exceeds a preset threshold value, if so, awakening the task called by the RG and informing the RG call of overtime error, and then correspondingly correcting the system task tauGThe priority of (2) makes it the highest priority task among all tasks in the RTOS that issued the RG call and have not received the return result.
In this embodiment, step 4) further includes a step of counting the number of timeout errors occurring in the RG call.
In this embodiment, step 4) further includes that when the number of timeout errors exceeds a preset threshold, the RTOS kernel suspends the GPOS and broadcasts the errors, and the system task τ is processedGThe priority of (1) is restored to the original priority.
In this embodiment, the system task τGThe execution steps are as follows: entering a critical zone, judging whether the GPOS operates, if the GPOS operates, calling a request monitor to switch to the GPOS through an SMC (sheet molding compound), and exiting the critical zone, wherein a C language pseudo code is as follows:
G_system_task( ) // τGfunction definition of
{
EnterCritical ()/enter critical section
if (GPOS _ Running)// first judging whether GPOS is Running
{
SMC _ call (Switch _ to _ GPOS)// requesting Monitor to Switch to GPOS through SMC call
}
ExitCritical (),/exit critical section
}
System task tauGIs in fact similar to the idle task ID L E system task () with the difference that it has a variable preferenceAnd the idle tasks have fixed lowest priority, and the idle tasks have some functions of counting CPU utilization rate information of the RTOS.
In this embodiment, steps 3) to 5) are performed by scheduling in a clock interrupt processing function.
This embodiment assigns a system task τGWhen a task in the RTOS sends an RG call request, the RTOS changes the system task tau after calling yield () operationGPriority, let system task τGBecomes the highest priority task of all tasks that the RG call has not yet been requested to return. When RTOS is doing clock-driven scheduling (i.e. scheduling in clock interrupt handling function), it will check if there is RG call return, if yes, will set its caller task to ready state, and will system task tauGIs adjusted to the task of highest priority among the tasks that have not been returned. If all RG calls have been returned, the system task τ will be sentGThe original priority is restored. Considering that the GPOS is a subsystem (relative to the RTOS) with lower reliability, in this embodiment, a timeout threshold is set for each RG call, and when the RTOS detects that the RG call does not return after the duration of the RG call exceeds the threshold, the RTOS wakes up the caller task, notifies the caller task of the timeout error, and then corrects the system task τ correspondinglyGThe priority of (2). Further, if such timeout errors are excessive, the RTOS kernel may suspend the GPOS and broadcast the error, recovering the system task τGThe priority of the system is an initial value, so that the situation that the GPOS is in error and affects the RTOS subsystem can be avoided. FIG. 2 is an example of a method for enhancing cross-secure world real-time function calls on a TEE extended computing platform based on a notification mechanism of software interrupts: there are 3 real-time tasks in the RTOS subsystem in this example: tau is1、τ2And τ3In the order of priority τ123Before time ①, τ1、τ2And τ3Are all idle states, which will keep the system in the GPOS running state at time ①, τ3Ready and scheduled to execute immediately.At tau3During operation τ1Ready, wait τ3Tau after completion of time1Is scheduled to execute at time ③, tau2Ready and preempting CPU, resume τ after completion of time ④1Is performed. Tau is1An RG call is made at time ⑤ and goes to sleep, after which the system task τGIs adjusted to τ1The priority held is scheduled for execution on the CPU, the GPOS is executed on-line and further executes the service called by the RG, the service called at time ⑥ is not completed, at which time the system is due to τ3Takes place with preemption, τ3At time ⑦, τ3After the execution, the ready task with the highest priority in the system is the system task tauGAt time ⑧, the service completes and the system will take the system task τGIs returned to the initial value, wake-up τ1And causes it to execute until time ⑨, τ1When all real-time tasks in the system are in an idle state, the ID L E task executes, and the system is switched to the GPOS, and tau is processed at a time2Ready and preempts the CPU.
Further, the present embodiments also provide a notification mechanism based on software interrupts to enhance cross-secure world real-time function calls on a TEE-extended computing platform: in this embodiment, the RG call sent to the GPOS in the REE generic subsystem in step 2) is specifically to send a notification delivery RG call to the GPOS in a manner of software-generated interrupt, so that the RG call is started to be processed at the first time of online execution of the GPOS, and after the execution of the RG call by the GPOS is completed, the CPU is immediately switched to the TEE environment by invoking the software-generated interrupt or actively generating an exception, and the caller is notified that the execution result has been returned. Since the Interrupt is the fastest mechanism to trigger the processor response, this embodiment uses a Software Generated Interrupt (Software Generated Interrupt) mode to send a notification to the GPOS of the REE, and passes the RG call request, so that the first time when the GPOS executes online starts to process the RG call request without relying on secondary scheduling. Therefore, the real-time task of the RTOS triggers a "software-generated interrupt" by way of a software instruction while executing the RG call function interface. Conversely, when the RG call is processed in the GPOS, the GPOS may also cause the CPU to immediately switch to the TEE environment by calling "software-generated interrupt" or proactively generating an exception, and notify the caller that the result has been returned.
In this embodiment, an sgi (software Generated interrupt) interrupt on the ARM architecture is used as a notification mechanism for an RG call request, and an smc (secure Monitor call) is used as a notification mechanism for an RG call return. The RG calls are packaged in the RTOS in the form of library functions, which implement C-language pseudo code:
RG_func_call( )
{
write _ data _ to _ shared _ memory (), Write data to be transferred to shared memory buffer
Send _ SGI _ interrupt (), Send SGI interrupt to GPOS
Yield CPU, sleep
}
The return of the RG call is also implemented in the GPOS kernel as a generic interface function, whose C language pseudo code is:
RG_func_return( )
{
write _ data _ to _ shared _ memory (), Write data to be transferred to shared memory buffer
SMC _ call (),/trigger SMC call request, switch to TEE
}
After finishing RG calling service, the service program in GPOS will switch to E L3 immediately after RG _ func _ return () is called, and the Monitor module will recover the RTOS site.
Further, the present embodiments also provide a way to enhance the cross-secure-world real-time function calls on TEE-enabled computing platforms based on the execution of the (called) function of the interrupt service: in this embodiment, when the GPOS executes the RG call, the service code of the called function is directly executed in the interrupt service of the GPOS or indirectly called by the interrupt service. The method and the device directly execute the service code of the called function in the interrupt service function of the GPOS or indirectly call the interrupt service function, can reduce the uncertain time caused by scheduling, and can avoid page missing overhead caused by the service code being swapped out of a memory system, thereby realizing the time certainty from the recovery execution of the GPOS to the execution of the service code.
The implementation of RG-invoked service functions in the corresponding SGI Interrupt service function (Interrupt Handler) may avoid many time uncertainties including page faults, and if the RG-invoked service is longer, it may be considered to be implemented in the higher priority softirq section, where this embodiment assumes that the number of hardirq per unit time in the system is limited, so that the execution time of the RG-invoked service (from the time the GPOS is switched to execute) is determined.
In summary, the embodiment guarantees the real-time performance of the RG call from the TEE to the REE through three main mechanisms: g-priority interchange mechanism, notification mechanism based on software interrupts, methods for interrupt service based (called) function execution. Through the comprehensive application of the 3 mechanisms, the RG calling processing process and the return priority system meeting the RTOS can be realized. That is, the RG call process is integrated with other operations of its caller, and it is ensured to the maximum extent that only real-time tasks with high priority (or RG calls issued by them) can be executed preemptively. Even inside the GPOS, the RG call is in the priority state. Through the three comprehensive measures, the system can be guaranteed to be preferentially switched to the GPOS when the RG request is sent by the task with high priority; after switching, the RG request service can be executed as a part of an interrupt service function at the first time, and the request of the real-time task with the highest priority can be preferentially executed; the system will switch to the RTOS immediately after the service is completed and wake up the caller task of the returned RG call. Therefore, the whole RG calling process has time certainty and keeps compatible with the priority system of the RTOS subsystem. Therefore, the method for calling the real-time function across the secure world on the computing platform with the TEE extension has the following advantages: (1) the RTOS of the TEE-based hybrid system can obtain services from the GPOS, and the services can be utilized by the GPOS; (2) enabling service requests issued by the RTOS across the environment to be executed within a deterministic time, thereby still meeting the real-time requirements of the RTOS subsystem; (3) the mechanism of the invention has little influence on the operation and the efficiency of the original system, and can still maximally utilize the CPU resource on the premise of ensuring the real-time performance of the RTOS.
In addition, the embodiment also provides a device for calling the function in real time across the secure world on the computing platform with the TEE extension, which includes a computer device, on which a GPOS and an RTOS are simultaneously run, wherein the GPOS is located in an REE environment, and the RTOS is located in a TEE environment, the computer device is programmed or configured to execute the step of the method for calling the function in real time across the secure world on the computing platform with the TEE extension, or a memory of the computer device stores a computer program programmed or configured to execute the method for calling the function in real time across the secure world on the computing platform with the TEE extension. In addition, the present embodiment also provides a computer readable storage medium, which stores thereon a computer program programmed or configured to execute the cross-secure-world real-time function call method on the computing platform with TEE extension.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is directed to methods, apparatus (systems), and computer program products according to embodiments of the application wherein instructions, which execute via a flowchart and/or a processor of the computer program product, create means for implementing functions specified in the flowchart and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.

Claims (10)

1. A cross-secure-world real-time function calling method on a computing platform with TEE extension is characterized by comprising the following implementation steps:
1) system task tau specified in RTOS in TEE real-time subsystemGThe initial priority of (2) is set to be the same as the idle task;
2) detecting RG call sent to GPOS in REE general subsystem in RTOS, and skipping to execute the next step when RG call is sent by task in RTOS;
3) changing system task τGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
4) checking whether a return result from GPOS exists, if so, setting the RG-called task corresponding to the return result to a ready state, and correcting the system task tauGThe priority of the system is made to be the task with the highest priority in all the tasks which send the RG call and do not receive the return result in the RTOS;
5) judging whether all RG calls have received the return result, if all RG calls have received the return result, the system task tau is processedGThe priority of (2) is restored to the initial priority and the jump is performed step 2).
2. The method for invoking real-time functions across secure worlds on a computing platform with TEE extensions according to claim 1, wherein the step 2) of detecting RG calls in the RTOS to GPOS in the REE generic subsystem further comprises the step of recording the issue time of the RG calls, and the step 4) further comprises the steps of judging whether the time difference between the current system time and the issue time of the RG calls exceeds a preset threshold for all RG calls that have not received a return result, waking up the task of the RG call and notifying the RG call of occurrence of timeout error if the time difference exceeds the preset threshold, and then correspondingly correcting the system task τGThe priority of (2) makes it the highest priority task among all tasks in the RTOS that issued the RG call and have not received the return result.
3. The method for invoking a function in real time across a secure world on a computing platform with a TEE extension according to claim 2, wherein step 4) further comprises the step of counting the number of timeout errors of the RG call.
4. The method for invoking the real-time function across the secure world on the computing platform with the TEE extension according to claim 3, wherein the step 4) further comprises suspending GPOS, broadcasting the error and assigning the system task τ to the RTOS kernel when the number of timeout errors exceeds a preset thresholdGThe priority of (1) is restored to the original priority.
5. The method of claim 1, wherein the system task τ is a real-time function call across a secure world on a TEE-enabled computing platformGThe execution steps are as follows: and entering a critical zone, judging whether the GPOS operates, if the GPOS operates, calling the request monitor to switch to the GPOS through the SMC, and exiting the critical zone.
6. The method for invoking the real-time function across the secure world on the computing platform with the TEE extension according to claim 1, wherein the steps 3) -5) are executed by scheduling in a clock interrupt processing function.
7. The method as claimed in claim 1, wherein the RG call sent to the GPOS in the REE generic subsystem in step 2) is specifically a notification delivery RG call sent to the GPOS in a software interrupt manner, so that the RG call is processed at the first time of online execution of the GPOS, and after the execution of the RG call by the GPOS is completed, the CPU is immediately switched to the TEE environment by invoking software interrupt or actively generating an exception, and the caller is notified that the execution result is returned.
8. The cross-secure-world real-time function call method on a TEE-enabled computing platform of claim 7, wherein when the GPOS executes the RG call, the service code of the called function is directly executed in the interrupt service of the GPOS or indirectly called by the interrupt service.
9. A cross-secure-world real-time function calling apparatus on a computing platform with TEE extension, comprising a computer device, wherein a GPOS and an RTOS are simultaneously run on the computer device, the GPOS is located in an REE environment, and the RTOS is located in a TEE environment, wherein the computer device is programmed or configured to execute the steps of the cross-secure-world real-time function calling method on the computing platform with TEE extension according to any one of claims 1 to 8, or a computer program programmed or configured to execute the cross-secure-world real-time function calling method on the computing platform with TEE extension according to any one of claims 1 to 8 is stored in a memory of the computer device.
10. A computer-readable storage medium having stored thereon a computer program programmed or configured to perform the cross-secure-world real-time function call method on a TEE-extended computing platform according to any one of claims 1 to 8.
CN202010251385.4A 2020-04-01 2020-04-01 Cross-secure-world real-time function calling method and device on computing platform with TEE extension Active CN111414246B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010251385.4A CN111414246B (en) 2020-04-01 2020-04-01 Cross-secure-world real-time function calling method and device on computing platform with TEE extension

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010251385.4A CN111414246B (en) 2020-04-01 2020-04-01 Cross-secure-world real-time function calling method and device on computing platform with TEE extension

Publications (2)

Publication Number Publication Date
CN111414246A true CN111414246A (en) 2020-07-14
CN111414246B CN111414246B (en) 2022-10-11

Family

ID=71494787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010251385.4A Active CN111414246B (en) 2020-04-01 2020-04-01 Cross-secure-world real-time function calling method and device on computing platform with TEE extension

Country Status (1)

Country Link
CN (1) CN111414246B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859395A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 Communication optimization method and system on computing platform with TEE extension
CN112527478A (en) * 2020-11-30 2021-03-19 成都中科大旗软件股份有限公司 Method and system for realizing automatic task registration and asynchronous scheduling based on distribution
CN113190869A (en) * 2021-05-27 2021-07-30 中国人民解放军国防科技大学 TEE-based mandatory access control security enhancement framework performance evaluation method and system
CN113486355A (en) * 2021-06-29 2021-10-08 北京紫光展锐通信技术有限公司 Information storage device, information storage method, communication device, chip and module equipment thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031325A1 (en) * 2006-12-22 2010-02-04 Virtuallogix Sa System for enabling multiple execution environments to share a device
CN106547618A (en) * 2016-10-19 2017-03-29 沈阳微可信科技有限公司 Communication system and electronic equipment
CN106845285A (en) * 2016-12-28 2017-06-13 北京握奇智能科技有限公司 A kind of TEE systems coordinate to realize the method and terminal device of service with REE systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031325A1 (en) * 2006-12-22 2010-02-04 Virtuallogix Sa System for enabling multiple execution environments to share a device
CN106547618A (en) * 2016-10-19 2017-03-29 沈阳微可信科技有限公司 Communication system and electronic equipment
CN106845285A (en) * 2016-12-28 2017-06-13 北京握奇智能科技有限公司 A kind of TEE systems coordinate to realize the method and terminal device of service with REE systems

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859395A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 Communication optimization method and system on computing platform with TEE extension
CN111859395B (en) * 2020-07-21 2024-03-26 中国人民解放军国防科技大学 Communication optimization method and system on computing platform with TEE expansion
CN112527478A (en) * 2020-11-30 2021-03-19 成都中科大旗软件股份有限公司 Method and system for realizing automatic task registration and asynchronous scheduling based on distribution
CN112527478B (en) * 2020-11-30 2023-11-07 成都中科大旗软件股份有限公司 Method and system for realizing automatic registration and asynchronous scheduling of tasks based on distribution
CN113190869A (en) * 2021-05-27 2021-07-30 中国人民解放军国防科技大学 TEE-based mandatory access control security enhancement framework performance evaluation method and system
CN113190869B (en) * 2021-05-27 2022-10-11 中国人民解放军国防科技大学 TEE-based mandatory access control security enhancement framework performance evaluation method and system
CN113486355A (en) * 2021-06-29 2021-10-08 北京紫光展锐通信技术有限公司 Information storage device, information storage method, communication device, chip and module equipment thereof
CN113486355B (en) * 2021-06-29 2023-03-14 北京紫光展锐通信技术有限公司 Information storage device, information storage method, communication device, chip and module equipment thereof

Also Published As

Publication number Publication date
CN111414246B (en) 2022-10-11

Similar Documents

Publication Publication Date Title
CN111414246B (en) Cross-secure-world real-time function calling method and device on computing platform with TEE extension
CN111414626B (en) Real-time guaranteeing method and system based on TEE expansion
US9092356B2 (en) Executing a kernel device driver as a user space process
EP2831728B1 (en) Architecture and method for managing interrupts in a virtualized environment
KR100983061B1 (en) Interrupt control function adapted to control the execution of interrupt requests of differing criticality
US9311138B2 (en) System management interrupt handling for multi-core processors
CN109933451B (en) RISC-V architecture based exception and interrupt handling system and method
US20240126593A1 (en) User-mode interrupt request processing method and apparatus
CN111324432A (en) Processor scheduling method, device, server and storage medium
US20170212852A1 (en) Method and accelerator unit for interrupt handling
US20070204085A1 (en) Method of processing nonsecure interrupts by a processor operating in the secure mode, associated processor
KR102235142B1 (en) Handling time intensive instructions
WO2016033755A1 (en) Task handling apparatus and method, and electronic device
CN115858020B (en) Interrupt processing method, device, equipment and processor
CN109933549B (en) Interrupt controller suitable for RISC-V treater
CN115576734B (en) Multi-core heterogeneous log storage method and system
CN115248726A (en) Interrupt processing method and device, computer equipment and storage medium
CN112559136A (en) Method and device for interrupting delivery of computer
Huang et al. Investigating time properties of interrupt-driven programs
CN117272412B (en) Interrupt control register protection method, device, computer equipment and storage medium
JP5703505B2 (en) Computer with bus partition structure
US11461134B2 (en) Apparatus and method for deferral scheduling of tasks for operating system on multi-core processor
US20230305872A1 (en) Efficient central processing unit overcommit for virtual machines with symmetric multi-processing
EP3255544B1 (en) Interrupt controller
CN117407054A (en) Interrupt processing method, electronic device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant