ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

Overview

trustzone-m-rs

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

This project is based on guide Writing secure applications using Rust and TrustZone-M, Version 1.0 by ARM, (c) 2022 Arm Limited.

Features

This project illustrates how to:

  • Write and run TrustZone-M application in Rust
  • Enter Non-Secure entry function in Secure World
  • Handle secure faults
  • Call secure function in Non-Secure World (using veneers.o)
  • Check permission in secure functions with pointers

Run

You need to install rustc target, using:

rustup target add thumbv8m.main-none-eabi

Additionally, you should check if your computer have arm-none-eabi-ld installed by arm-none-eabi-ld --version 2. This special ARM linker is used on veneer generation; veneer is an important media where non-secure applications get a list of supported functions provided by secure world side.

Clone repository and run:

git clone [email protected]:IoTS-P/trustzone-m-rs.git
cd trustzone-m-rs
cargo qemu

You'll get the following results:

    Finished dev [unoptimized + debuginfo] target(s) in 0.05s
     Running `target\debug\xtask.exe qemu`
xtask: make application and run in QEMU
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
Hello from Secure World!
BLXNS with misaligned SP is UNPREDICTABLE
Hello from Non-Secure World!
secure function called!
secure function with pointers called!
Permission denied
secure function with pointers called!
Permission accepted
Return value: 0
BLXNS with misaligned SP is UNPREDICTABLE
Non-Secure World callback function called!
Exit Non-Secure World!

The program should finish without any error.

You might also like...
Example (with solution) for the Rust Fundamentals Workshop

Workshop Repo: Rust Fundamentals NOTE: This is Work-In-Progress! Please check for updates a day before the workshop. This Github repository contains a

A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models you subscribe to on Onlyfans.

OF-notifier A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models

Complete code for the larger example programs from the book.

Code Examples for Programming Rust This repository contains complete code for the larger example programs from the book “Programming Rust”, by Jim Bla

High Assurance Rust - A free book about developing secure and robust systems software.

High Assurance Rust - A free book about developing secure and robust systems software.

Secure mTLS and gRPC backed runtime daemon. Alternative to systemd. Written in Rust.

Auraed A runtime daemon written in Rust. Designed to run as pid 1 mTLS backed gRPC API over unix domain socket Run executables Run containers Run virt

A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable.

Volksforo A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable. Stack Rust actix-web askama ScyllaDB

A fast and secure RISC-V based virtual machine

PolkaVM PolkaVM is a general purpose user-level RISC-V based virtual machine. This project is still unfinished and is a very heavy work-in-progress! D

A relatively simple puzzle generator application written in Rust and used via Javascript
A relatively simple puzzle generator application written in Rust and used via Javascript

Puzzlip Basic Overview This is a relatively simple puzzle generator application written in Rust and used via Javascript in https://puzzlip.com. If you

A mobile application platform for tertiary students to communicate, collaborate and share ideas with each other

Qreeket (pronounced "cricket") A mobile application platform for tertiary students to communicate, collaborate and share ideas with each other. As the

Comments
  • Compliation error

    Compliation error

    Hello, I have just seen your post on twitter. I have an existing Rust embedded development environment on Ubuntu 20.04. Running the cargo qemu command, I get the error message:

    Finished dev [unoptimized + debuginfo] target(s) in 0.02s Running target/debug/xtask qemu xtask: make application and run in QEMU Compiling secure-app v0.1.0 (/home/dcabanis/Documents/rust/TrustZone_QEMU/trustzone-m-rs/secure-app) error[E0554]: #![feature] may not be used on the stable release channel --> secure-app/src/main.rs:1:1 | 1 | #![feature(abi_c_cmse_nonsecure_call, cmse_nonsecure_entry)] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    For more information about this error, try rustc --explain E0554. error: could not compile secure-app due to previous error xtask: cargo build failed with exit status: 101

    Do you have any ideas about what I am missing?

    opened by dcabanis 2
  • Unable to compile

    Unable to compile

    Hi I have checked the installation of arm-none-eabi-ld via arm-none-eabi-ld --version. It is installed properly. Now when i am trying to perform cargo make. I am getting this error

    xtask: make secure and non secure application
    ...
    ...
    ...
       Compiling cortex-m-rt-macros v0.7.0 (https://github.com/rust-embedded/cortex-m#b0d2d035)
    error: linking with `arm-none-eabi-ld` failed: exit status: 1
      |
      = note: "arm-none-eabi-ld" "/tmp/rustcL3HWxb/symbols.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.11eov6swfi6svmu8.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.12xi3yfk8cbo0y6o.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.17z8kfxvu2bsxmq1.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.19jsr6efccu12aew.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1sqlml00tf90r1uj.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1w763bqk96q6u2cw.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1zwmbtp8u5tzyu2v.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.21lxdmdj29dey1ln.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.24ia6qlhjxo1c3wg.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.28h3kjxod1dtsa2u.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2iaqb828d213aaxy.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2ma5hdnoyzof6dg4.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2yao2jad3ltxqp0b.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.322rdtapcyr6r3sf.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3ata7m8xvfjlp88u.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3o4ps5d88g7qlcow.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3pdy0tj4pq98whei.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3rxb4e2jyu0211iq.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.490xzzqd792za4w3.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4od2uqyhlsf2nkgu.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4tjs4wgfc317kp2v.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4tv1j92tes8pzzhz.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.58q4p7m14uw6zgxg.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.nyxubf6yis4rzi.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.w8qdf05iv30oaxc.rcgu.o" "--as-needed" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/debug/deps" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/build/secure-app-51e613bd53d77945/out" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/build/cortex-m-rt-c32156b80f560e05/out" "-L" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib" "-Bstatic" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcortex_m_rt-15ce9524518cad3c.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcortex_m-532676757f21918a.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcritical_section-6caca69fc2e367cb.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libembedded_hal-50f0445822613a22.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvoid-4e4b25f9e1290b6b.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libnb-0be0c7ab53f654d3.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libnb-9907e5e02f6e1654.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvolatile_register-dff01539336ab770.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvcell-87bdb54fe943c8a8.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libbitfield-181d58d8e68d5d9c.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/librustc_std_workspace_core-e1c6b1daf2bba68b.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/libcore-a8fbef9d2dd34190.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/libcompiler_builtins-4eb2265660fbce82.rlib" "-Bdynamic" "--eh-frame-hdr" "-znoexecstack" "-L" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib" "-o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f" "--gc-sections" "--nmagic" "-Tlink.x" "--allow-multiple-definition" "--cmse-implib" "--out-implib=target/veneers.o"
      = note: arm-none-eabi-ld: /home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1sqlml00tf90r1uj.rcgu.o: in function `critical_section::acquire':
              /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:180: undefined reference to `_critical_section_1_0_acquire'
              arm-none-eabi-ld: /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:180: undefined reference to `_critical_section_1_0_acquire'
              arm-none-eabi-ld: /home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.58q4p7m14uw6zgxg.rcgu.o: in function `critical_section::release':
              /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:197: undefined reference to `_critical_section_1_0_release'
              
      = help: some `extern` functions couldn't be found; some native libraries may need to be installed or have their path specified
      = note: use the `-l` flag to specify native libraries to link
      = note: use the `cargo:rustc-link-lib` directive to specify the native libraries to link with Cargo (see https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorustc-link-libkindname)
    
    error: could not compile `secure-app` due to previous error
    xtask: cargo build failed with exit status: 101
    

    Is there something I am missing? I am using following version

    anand@anand-VirtualBox:~/Desktop/dev_space/Test/trustzone-m-rs$ arm-none-eabi-ld --version
    GNU ld (2.38-3ubuntu1+15build1) 2.38
    Copyright (C) 2022 Free Software Foundation, Inc.
    This program is free software; you may redistribute it under the terms of
    the GNU General Public License version 3 or (at your option) a later version.
    This program has absolutely no warranty.
    

    Solution: As per the discussion on nrf_rust group Need to include critical-section-single-core as cortex_m dependency.

    Also would like to know if there is matrix channel available for the chat or you have any element.io group where we can discuss the problems. This would be really great. :+1:

    opened by Strange21 0
Owner
null
A Domain Driven Design example application in Rust.

Rust Domain Driven Design Example rust-ddd Rust Domain-Driven-Design (DDD) Summery This repository is used to present how I find implementing DDD in R

Behrouz R.Farsi 6 Nov 15, 2022
Rust implementation of Andrej Karpathy's micrograd for purposes of learning both ML and Rust.

micrograd_rs Rust implementation of Andrej Karpathy's micrograd for purposes of learning both ML and Rust. Main takeaways Basically the same takeaways

null 3 Oct 28, 2022
High-order Virtual Machine (HVM) is a pure functional compile target that is lazy, non-garbage-collected and massively parallel

High-order Virtual Machine (HVM) High-order Virtual Machine (HVM) is a pure functional compile target that is lazy, non-garbage-collected and massivel

null 5.5k Jan 2, 2023
An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets.

Promise x Tokio = Prokio An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets. Rationale When designing components and libr

Yew Stack 29 Feb 6, 2023
The non-opinionated Rust-based commit message linter.

Documentation | Website git-sumi The non-opinionated Rust-based commit message linter Transform your commit practices with flexible linting for consis

Óscar 6 Mar 1, 2024
A collection (eventually) of examples that use some non-beginner things.

nannou examples A collection (eventually) of examples that use some non-beginner things. Right now the only example combines nannou's standard draw AP

Alexis Andre 22 Oct 21, 2022
A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

FREE Reverse Engineering Self-Study Course HERE Hacking Rust A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32

Kevin Thomas 98 Jun 21, 2023
Single-side boolean deserializers.

serde-bool Single value, true or false, boolean deserializers. Examples Supporting serde untagged enums where only one boolean value is valid, allowin

null 5 Dec 3, 2023
a function programming language for real world applications made in rust

a function programming language for real world applications made in rust

Tanay Pingalkar 6 Jun 12, 2022
An example of a Kubernetes operator implemented in Rust

Rust Kubernetes operator example A Kubernetes operator built on top of kube-rs project. There is an explanatory article available. Steps to run on Lin

Pavel Pscheidl 91 Jan 1, 2023