ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

Related tags

Learning Resources trustzone-m-rs
Overview

trustzone-m-rs

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

This project is based on guide Writing secure applications using Rust and TrustZone-M, Version 1.0 by ARM, (c) 2022 Arm Limited.

Features

This project illustrates how to:

  • Write and run TrustZone-M application in Rust
  • Enter Non-Secure entry function in Secure World
  • Handle secure faults
  • Call secure function in Non-Secure World (using veneers.o)
  • Check permission in secure functions with pointers

Run

You need to install rustc target, using:

rustup target add thumbv8m.main-none-eabi

Additionally, you should check if your computer have arm-none-eabi-ld installed by arm-none-eabi-ld --version 2. This special ARM linker is used on veneer generation; veneer is an important media where non-secure applications get a list of supported functions provided by secure world side.

Clone repository and run:

git clone [email protected]:IoTS-P/trustzone-m-rs.git
cd trustzone-m-rs
cargo qemu

You'll get the following results:

    Finished dev [unoptimized + debuginfo] target(s) in 0.05s
     Running `target\debug\xtask.exe qemu`
xtask: make application and run in QEMU
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
Hello from Secure World!
BLXNS with misaligned SP is UNPREDICTABLE
Hello from Non-Secure World!
secure function called!
secure function with pointers called!
Permission denied
secure function with pointers called!
Permission accepted
Return value: 0
BLXNS with misaligned SP is UNPREDICTABLE
Non-Secure World callback function called!
Exit Non-Secure World!

The program should finish without any error.

You might also like...
Example (with solution) for the Rust Fundamentals Workshop

Workshop Repo: Rust Fundamentals NOTE: This is Work-In-Progress! Please check for updates a day before the workshop. This Github repository contains a

Stefan Baumgartner 5 Jan 31, 2023
A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models you subscribe to on Onlyfans.

OF-notifier A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models

Gentlemen Mercenary 10 Dec 20, 2022
Complete code for the larger example programs from the book.

Code Examples for Programming Rust This repository contains complete code for the larger example programs from the book “Programming Rust”, by Jim Bla

Programming Rust 670 Jan 1, 2023
example codes for CIS198 https://cis198-2016s.github.io/
example codes for CIS198 https://cis198-2016s.github.io/

CIS198: RUST 编程语言 学习背景 rust 和 c/c++/Java/Python/golang 不太一样 rust 学习曲线比较陡峭 rust 有很多颠覆认知的特性: 所有权,生命周期,借用检测 cargo 工具 函数式+命令式支持 视频讲解见 B站 课程大纲 Timeline Lec

Jinghui Hu 3 Apr 9, 2024
The example anchor implementation for solana-swap

anchor-liquidity-pool This is the example anchor implementation for solana-swap. The curve is always ConstantProduct in this implementation. The fee r

Something-Something 2 Aug 17, 2024
High Assurance Rust - A free book about developing secure and robust systems software.

High Assurance Rust - A free book about developing secure and robust systems software.

Tiemoko Ballo 1.1k Jan 9, 2023
Secure mTLS and gRPC backed runtime daemon. Alternative to systemd. Written in Rust.

Auraed A runtime daemon written in Rust. Designed to run as pid 1 mTLS backed gRPC API over unix domain socket Run executables Run containers Run virt

Aurae Runtime 57 Dec 22, 2022
A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable.

Volksforo A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable. Stack Rust actix-web askama ScyllaDB

Josh 5 Mar 21, 2023
A fast and secure RISC-V based virtual machine

PolkaVM PolkaVM is a general purpose user-level RISC-V based virtual machine. This project is still unfinished and is a very heavy work-in-progress! D

Koute 31 Sep 4, 2023
Comments
  • Compliation error

    Compliation error

    Hello, I have just seen your post on twitter. I have an existing Rust embedded development environment on Ubuntu 20.04. Running the cargo qemu command, I get the error message:

    Finished dev [unoptimized + debuginfo] target(s) in 0.02s Running target/debug/xtask qemu xtask: make application and run in QEMU Compiling secure-app v0.1.0 (/home/dcabanis/Documents/rust/TrustZone_QEMU/trustzone-m-rs/secure-app) error[E0554]: #![feature] may not be used on the stable release channel --> secure-app/src/main.rs:1:1 | 1 | #![feature(abi_c_cmse_nonsecure_call, cmse_nonsecure_entry)] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    For more information about this error, try rustc --explain E0554. error: could not compile secure-app due to previous error xtask: cargo build failed with exit status: 101

    Do you have any ideas about what I am missing?

    opened by dcabanis 2
  • Unable to compile

    Unable to compile

    Hi I have checked the installation of arm-none-eabi-ld via arm-none-eabi-ld --version. It is installed properly. Now when i am trying to perform cargo make. I am getting this error

    xtask: make secure and non secure application
...
...
...
   Compiling cortex-m-rt-macros v0.7.0 (https://github.com/rust-embedded/cortex-m#b0d2d035)
error: linking with `arm-none-eabi-ld` failed: exit status: 1
  |
  = note: "arm-none-eabi-ld" "/tmp/rustcL3HWxb/symbols.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.11eov6swfi6svmu8.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.12xi3yfk8cbo0y6o.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.17z8kfxvu2bsxmq1.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.19jsr6efccu12aew.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1sqlml00tf90r1uj.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1w763bqk96q6u2cw.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1zwmbtp8u5tzyu2v.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.21lxdmdj29dey1ln.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.24ia6qlhjxo1c3wg.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.28h3kjxod1dtsa2u.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2iaqb828d213aaxy.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2ma5hdnoyzof6dg4.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.2yao2jad3ltxqp0b.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.322rdtapcyr6r3sf.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3ata7m8xvfjlp88u.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3o4ps5d88g7qlcow.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3pdy0tj4pq98whei.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.3rxb4e2jyu0211iq.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.490xzzqd792za4w3.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4od2uqyhlsf2nkgu.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4tjs4wgfc317kp2v.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.4tv1j92tes8pzzhz.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.58q4p7m14uw6zgxg.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.nyxubf6yis4rzi.rcgu.o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.w8qdf05iv30oaxc.rcgu.o" "--as-needed" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/debug/deps" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/build/secure-app-51e613bd53d77945/out" "-L" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/build/cortex-m-rt-c32156b80f560e05/out" "-L" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib" "-Bstatic" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcortex_m_rt-15ce9524518cad3c.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcortex_m-532676757f21918a.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libcritical_section-6caca69fc2e367cb.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libembedded_hal-50f0445822613a22.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvoid-4e4b25f9e1290b6b.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libnb-0be0c7ab53f654d3.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libnb-9907e5e02f6e1654.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvolatile_register-dff01539336ab770.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libvcell-87bdb54fe943c8a8.rlib" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/libbitfield-181d58d8e68d5d9c.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/librustc_std_workspace_core-e1c6b1daf2bba68b.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/libcore-a8fbef9d2dd34190.rlib" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib/libcompiler_builtins-4eb2265660fbce82.rlib" "-Bdynamic" "--eh-frame-hdr" "-znoexecstack" "-L" "/home/anand/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/thumbv8m.main-none-eabi/lib" "-o" "/home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f" "--gc-sections" "--nmagic" "-Tlink.x" "--allow-multiple-definition" "--cmse-implib" "--out-implib=target/veneers.o"
  = note: arm-none-eabi-ld: /home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.1sqlml00tf90r1uj.rcgu.o: in function `critical_section::acquire':
          /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:180: undefined reference to `_critical_section_1_0_acquire'
          arm-none-eabi-ld: /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:180: undefined reference to `_critical_section_1_0_acquire'
          arm-none-eabi-ld: /home/anand/Desktop/dev_space/Test/trustzone-m-rs/target/thumbv8m.main-none-eabi/debug/deps/secure_app-59684ae284bc7c7f.58q4p7m14uw6zgxg.rcgu.o: in function `critical_section::release':
          /home/anand/.cargo/registry/src/github.com-1ecc6299db9ec823/critical-section-1.1.1/src/lib.rs:197: undefined reference to `_critical_section_1_0_release'
          
  = help: some `extern` functions couldn't be found; some native libraries may need to be installed or have their path specified
  = note: use the `-l` flag to specify native libraries to link
  = note: use the `cargo:rustc-link-lib` directive to specify the native libraries to link with Cargo (see https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorustc-link-libkindname)

error: could not compile `secure-app` due to previous error
xtask: cargo build failed with exit status: 101

    Is there something I am missing? I am using following version

    anand@anand-VirtualBox:~/Desktop/dev_space/Test/trustzone-m-rs$ arm-none-eabi-ld --version
GNU ld (2.38-3ubuntu1+15build1) 2.38
Copyright (C) 2022 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.

    Solution: As per the discussion on nrf_rust group Need to include critical-section-single-core as cortex_m dependency.

    Also would like to know if there is matrix channel available for the chat or you have any element.io group where we can discuss the problems. This would be really great. :+1:

    opened by Strange21 0
Owner
null
GitHub
Rust implementation of Andrej Karpathy's micrograd for purposes of learning both ML and Rust.

micrograd_rs Rust implementation of Andrej Karpathy's micrograd for purposes of learning both ML and Rust. Main takeaways Basically the same takeaways

null 3 Oct 28, 2022
A Domain Driven Design example application in Rust.

Rust Domain Driven Design Example rust-ddd Rust Domain-Driven-Design (DDD) Summery This repository is used to present how I find implementing DDD in R

Behrouz R.Farsi 6 Nov 15, 2022
High-order Virtual Machine (HVM) is a pure functional compile target that is lazy, non-garbage-collected and massively parallel

High-order Virtual Machine (HVM) High-order Virtual Machine (HVM) is a pure functional compile target that is lazy, non-garbage-collected and massivel

null 5.5k Jan 2, 2023
An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets.

Promise x Tokio = Prokio An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets. Rationale When designing components and libr

Yew Stack 29 Feb 6, 2023
The non-opinionated Rust-based commit message linter.

Documentation | Website git-sumi The non-opinionated Rust-based commit message linter Transform your commit practices with flexible linting for consis

Óscar 6 Mar 1, 2024
A collection (eventually) of examples that use some non-beginner things.

nannou examples A collection (eventually) of examples that use some non-beginner things. Right now the only example combines nannou's standard draw AP

Alexis Andre 22 Oct 21, 2022
A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

FREE Reverse Engineering Self-Study Course HERE Hacking Rust A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32

Kevin Thomas 98 Jun 21, 2023
Single-side boolean deserializers.

serde-bool Single value, true or false, boolean deserializers. Examples Supporting serde untagged enums where only one boolean value is valid, allowin

null 5 Dec 3, 2023
a function programming language for real world applications made in rust

a function programming language for real world applications made in rust

Tanay Pingalkar 6 Jun 12, 2022
An example of a Kubernetes operator implemented in Rust

Rust Kubernetes operator example A Kubernetes operator built on top of kube-rs project. There is an explanatory article available. Steps to run on Lin

Pavel Pscheidl 91 Jan 1, 2023