-
Notifications
You must be signed in to change notification settings - Fork 20
QEMU Virtual Armory
#Introduction
It is often useful to have a test environment independent of hardware. This environment is based on a Versatile Express board with a Cortex-A9 cpu; this hardware was chosen for Trustzone support in QEMU-tz which requires either and A9 or A15, and Versatile Express with A9 support in uBoot. This should provide a low risk way to test Secure Boot, for example.
QEMU-Trustzone is Linaro's patch of QEMU with TrustZone support.
$ git clone git://git.linaro.org/people/greg.bellows/qemu.git --branch qemutz qemutz-git
$ cd qemutz-git
$ ./configure --target-list=arm-softmmu --enable-seccomp --extra-ldflags="-fPIC" --extra-cflags="-fPIC"
$ make -j4
$ cp arm-softmmu/qemu-system-arm ~/bin/qemu-system-arm-trustzone
To test the new qemu binary without using trustzone
$ ~/bin/qemu-system-arm-trustzone -M vexpress-a9 -m 1024M -serial stdio -kernel $PATH_TO_KERNEL/zImage -dtb PATH_TO_DTB/vexpress-v2p-ca9.dtb -append 'console=ttyAMA0,38400n8' -initrd $PATH_TO_INITRD/initrd.img
To test the new qemu with trustzone (not sure if this works yet)
$ ~/bin/qemu-system-arm-trustzone -M vexpress-a9 -m 1024M -serial stdio -bios $PATH_TO_IMAGE/image -append 'console=ttyAMA0,38400n8'
$ make vexpress_ca9x4_config
$ vi include/configs/vexpress_common.h # add CONFIG_RSA, CONFIG_FIT_SIGNATURE, CONFIG_CMD_EXT2
$ make oldconfig # or menuconfig
$ env CROSS_COMPILE=arm-linux-gnueabihf- make -j4
$ D=/tmp/linux-trustzone/boot
$ mkdir -p $D
$ cp u-boot* $D
$ mv $D/u-boot $D/u-boot.elf
Once the QEMU MicroSD has been prepared, it can be booted with the command below. There is still some work to be done to get the emulator to boot from SD like a real usbarmory, and for uboot to interact with sdcard for environment storage.
$ qemu-system-arm-trustzone -M vexpress-a9 -m 1024M -no-reboot -net user -net nic,model=lan9118 -nographic -drive format=raw,media=disk,if=sd,file=usbarmory_rootfs.img,index=0 -kernel linux-trustzone/boot/u-boot
The following uBoot commands are required for the previous qemu command to work
setenv loadaddr 0x60008000
setenv fdt_addr 0x67f00000
setenv bootargs "root=/dev/mmcblk0p2 rw verbose console=ttyAMA0 mem=1024M panic=5 vmalloc=256M"
fatload mmc 0:1 ${fdt_addr} vexpress-v2p-ca9.dtb
fatload mmc 0:1 ${loadaddr} zimage
bootz ${loadaddr} - ${fdt_addr}
$ wget https://www.kernel.org/pub/linux/kernel/v3.x/testing/linux-3.19-rc2.tar.xz
$ tar xf linux-3.19-rc2.tar.xz
$ export ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf-
$ make vexpress_defconfig
# add "console=ttyAMA0,115200 panic=5" to kernel args, Block Layer > Large Files
$ make menuconfig
$ make -j4 zImage uImage LOADADDR=0x60008000 dtbs modules
$ mkdir -p /tmp/linux-trustzone/boot
$ cp arch/arm/boot/{,z,u}Image arch/arm/boot/dts/vexpress*ca9*dtb /tmp/linux-trustzone/boot/
$ make modules_install INSTALL_MOD_PATH=/tmp/linux-trustzone
Disabling huge file support on the file system is necessary unless the kernel has been built with CONFIG_LBDAF, which is not the default for the Versatile Express.
Also have a look at Debian Package Management and install mtd-utils uboot-envtools dosfstools into the image.
$ cp /tmp/linux-trustzone/boot/uboot.bin pflash_0.img
$ truncate --size 64M pflash_0.img
$ truncate --size 64M pflash_1.img
$ truncate --size 1G Q_sbarmory.img
$ losetup --find --show Q_sbarmory.img # assuming this returns "/dev/loop0"
$ parted /dev/loop0 --script mklabel msdos
$ parted /dev/loop0 --script mkpart primary fat32 2M 30M
$ parted /dev/loop0 --script mkpart primary ext4 32M 100%
$ mkfs.vfat -n UBOOT /dev/loop0p1
$ mkfs.ext4 -O ^huge_files -L usbarmory /dev/loop0p2
$ mount /dev/loop0p2 /mnt
$ mkdir /mnt/boot
$ mount /dev/loop0p1 /mnt/boot/
$ qemu-debootstrap --arch=armhf wheezy /mnt https://mirrors.kernel.org/debian/
$ rsync -rv /tmp/linux-trustzone/ /mnt
$ chroot /mnt # do stuff...
$ umount /mnt/boot
$ umount /mnt
$
~/bin/qemu-system-arm-trustzone -M vexpress-a9 -m 1024M -no-reboot -net user -net nic,model=lan9118 -nographic -sandbox enable=on -drive format=raw,if=pflash,file=pflash.img -drive format=raw,if=sd,file=usbarmory_rootfs.img