Secure Architecture and Secure Architecture and Implementation of - - PowerPoint PPT Presentation
Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM Implementation of for Mobile Devices for Mobile Devices Sang- -bum bum Suh Suh Sang sbuk.suh@samsung.com sbuk.suh@samsung.com SW Laboratories SW
Presented at Presented at Xen Xen Summit Spring 2007, IBM TJ Watson Summit Spring 2007, IBM TJ Watson
2
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
3
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
4
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
End user: Secure and reliable mobile terminals for mobile Intern End user: Secure and reliable mobile terminals for mobile Internet et services using services using WiBro WiBro Manufacturer: Robustness though complexity of devices gets Manufacturer: Robustness though complexity of devices gets increased increased Contents provider: Protection of IP rights in end Contents provider: Protection of IP rights in end-
user terminals Carrier companies: Open and Secure Mobile Platform Carrier companies: Open and Secure Mobile Platform
OSTI (Open Secure Terminal Initiative): NTT OSTI (Open Secure Terminal Initiative): NTT DoCoMo DoCoMo, Intel , Intel
Expected Beyond 3G Environments
m-Commerce m-Commerce Downloadable Application Downloadable Application
I nternet/ Cellular I ntegration
Needs
Security, Reliability
(Secure Terminal)
Robustness, Time-to-market
VoIP VoIP
CPU > 500 MIPS CPU > 500 MIPS Memory > 64MB Memory > 64MB High-speed
(10~ 100Mbps),
Multi-mode Modem High-speed
(10~ 100Mbps),
Multi-mode Modem
User Manufacturer
U-Health U-Health Web Browsing Web Browsing Internet Banking Internet Banking Multimedia Service Multimedia Service Mobile 3D Game Mobile 3D Game Component Reusability Component Reusability
System
Multi- function Multi- function
System Complexity
Beyond 3G environments and Needs
5
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
The number of The number of malware malware created for Windows CE/Mobile created for Windows CE/Mobile and and Symbian Symbian was expected to reach 726 by the end of 2006, was expected to reach 726 by the end of 2006, from an estimated 226 at the end of 2005 [KAW06] from an estimated 226 at the end of 2005 [KAW06]
Steals financial data and sends them to a remote attacker Steals financial data and sends them to a remote attacker Examples [GOS06] Examples [GOS06]
StealWar StealWar Worm (2006), Worm (2006), Flexispy Flexispy Trojan (2006), Trojan (2006), Brador Brador Backdoor (2004) Backdoor (2004)
Inappropriate execution of instructions consuming system Inappropriate execution of instructions consuming system resources (e.g., memory, CPU, battery), resetting a system resources (e.g., memory, CPU, battery), resetting a system Examples [GOS06] Examples [GOS06]
Cabir Cabir Worm (2004) Worm (2004), , CommWarrior CommWarrior Worm (2005), Worm (2005), Skulls Trojan Skulls Trojan (200 (2004 4) ), , Mobler.a Mobler.a Worm Worm (200 (2006 6) ), , Cxoever Cxoever Worm (2006) Worm (2006)
6
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
H/W
OS
App1 App2 App3
VMM
OS m-Wallet Client App.
m-Wallet Server
(Trusted Server) Secure Channel
Secure Domain
Non-trusted Servers
Unstable or Malicious App. OTA (over-the-air)
Non-secure Domain
H/W
OS
App1 App2 App3 m-Wallet Client App.
m-Wallet Server
(Trusted Server) Secure Channel Non-trusted Servers
Unstable or Malicious App. OTA (over-the-air)
Without VMM With VMM
* VMM = Virtual Machine Monitor
7
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
8
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
9
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
VMM on ARM using VMM on ARM using Xen Xen architecture architecture
Security features using Security features using Xen Xen on ARM:
guaranteeing confidentiality, integrity, and availability guaranteeing confidentiality, integrity, and availability
10
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Application Application Application Application
CPU CPU
Application Application Application Application
VM Interface VM Interface VM Interface VM Interface Peripheral Devices Peripheral Devices Peripheral Devices Peripheral Devices Back Back-
end Drivers Front Front-
end Drivers Native Drivers Native Drivers
Resource Resource Allocator Allocator Domain Manager Domain Manager Access Control Access Control
Hardware Hardware Secure Secure Xen Xen on ARM
Domain Domain
System Memory System Memory Flash Memory Flash Memory
Dom 0 Dom 0 Dom U Dom U
Application Application
11
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
SW SW
Xen Xen : Xen : Xen-
3.0.2 Linux : ARM Linux Linux : ARM Linux-
2.6.11 GUI : GUI : Qtopia Qtopia
HW HW
Processor : ARM Processor : ARM-
9 266Mhz (Freescale Freescale i.MX21) i.MX21) Memory : 64MB Memory : 64MB Flash : NOR 32MB / NAND 64MB Flash : NOR 32MB / NAND 64MB LCD : 3.5 inch LCD : 3.5 inch Network : CS8900A 10Base Network : CS8900A 10Base-
T Ethernet Controller
OS : Fedora Core 6 OS : Fedora Core 6 Cross Cross-
compiler: Montavista Montavista ARM GCC 3.3.1 ARM GCC 3.3.1 Debugger : Trace32 ICD (In Circuit Debugger) Debugger : Trace32 ICD (In Circuit Debugger)
12
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
13
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Application Application Application Application
CPU CPU
Application Application Application Application
VM Interface VM Interface VM Interface VM Interface Peripheral Devices Peripheral Devices Peripheral Devices Peripheral Devices Back Back-
end Drivers Front Front-
end Drivers Native Drivers Native Drivers Domain Domain Scheduler Scheduler System Event Manager System Event Manager Domain Create/Destroy Domain Create/Destroy Memory Memory Manager Manager Inter Inter-
domain Comm.
Hardware Hardware Xen Xen on ARM
Domain Domain
System Memory System Memory Flash Memory Flash Memory
Dom 0 Dom 0 Dom U Dom U
14
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Supervisor mode is assigned to Supervisor mode is assigned to Xen Xen mode mode User mode is split into two logical modes (kernel and user User mode is split into two logical modes (kernel and user process of Linux) process of Linux) Address space protection between kernel mode and user Address space protection between kernel mode and user process mode is guaranteed by process mode is guaranteed by ARM ARM domain access domain access control mechanism control mechanism. .
Xen Mode Logical mode split Virtualized CPU modes Virtualized CPU modes
15
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
16
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
User Process User Process User Process User Process User Process User Process
Guest Domain Guest Domain Guest Domain Guest Domain Xen Xen Guest Domain 1 Guest Domain 1
0x00000000 0xFF000000 0xFFFFFFFF
Guest Domain 0 Guest Domain 0 Xen Xen Physical Address Space (Freescale i.MX21) Virtual Address Space Kernel Kernel User Process User Process Guest Domain Virtual Address Space
0xC0000000 0xC0200000 0xC2000000 0xC4000000 0x00000000 0xC0000000 0xFEFFFFFF
17
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Kernel Mode : D0, D1, D2 enabled Kernel Mode : D0, D1, D2 enabled User Process Mode: D0, D2 enabled, D1 disabled User Process Mode: D0, D2 enabled, D1 disabled
Kernel Kernel Xen Xen User User Process Process
Virtual Address Space ARM Domain (Dynamic)
D0 D1 D2
Page Table Access Permission Field (static)
S: RW, U: No Access
* S : ARM Supervisor mode U : ARM User mode
S: RW, U: RW S: RW, U: RW
00 00 01 01 10 10 11 11 Bit Bit Field Field No Access No Access (Disabled) (Disabled) U Use page table access se page table access permission field. permission field. Client Client (Enabled) (Enabled) Reserved Reserved No access control No access control Manager Manager Comments Comments Access Access
ARM Domain access bit assignments [ARM01]
D3 ~ D15 : reserved for future use.
18
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
ARM926 provides 8 lockdown TLB entries ARM926 provides 8 lockdown TLB entries
Guest Domain Guest Domain Guest Domain Guest Domain Xen Xen (TLB (TLB lockdowned lockdowned) ) Guest Domain Guest Domain
0x00000000 0xFF000000 0xFFFFFFFF
19
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Back Back-
end Driver Front Front-
end Driver Native Driver Native Driver HID Event Router HID Event Router Ethernet Ethernet KeyPad KeyPad Sound Sound LCD LCD Touch Touch-
Screen Flash Flash
Application Application
Xen Xen on ARM
i.MX21 i.MX21 Platform Platform
Communications Communications via virtual I/O via virtual I/O between domains between domains Route HID interrupts Route HID interrupts to the foreground to the foreground domain domain
Application Application
UART UART HID Devices HID Devices Native HID Drivers Native HID Drivers (LCD, TS) (LCD, TS) Native HID Drivers Native HID Drivers (LCD, TS) (LCD, TS)
Dom 0 Dom 0 Dom U Dom U
20
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Split device driver model Split device driver model Xen Xen-
compliant device driver architecture
E.g.: Network device, storage device, keypad device E.g.: Network device, storage device, keypad device
Coordinated native device driver model Coordinated native device driver model Foreground domain gets exclusive access rights to Foreground domain gets exclusive access rights to coordinated native devices coordinated native devices
Coordinated native device drivers installed in each guest OS Coordinated native device drivers installed in each guest OS domain domain One button in keypad is reserved to change between domains. One button in keypad is reserved to change between domains. E.g.: Human Interaction Device (HID: LCD, touch screen) and E.g.: Human Interaction Device (HID: LCD, touch screen) and UART UART
21
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Load Kernel Image for Dom 0 Load Kernel Image for Dom 0 Load and Jump to Load and Jump to Xen Xen Image Image Initialize System Resources Initialize System Resources (Timer, UART, Memory, IRQ) (Timer, UART, Memory, IRQ) Create Dom 0 Create Dom 0 Bootloader Bootloader Blob or u Blob or u-
boot Xen Xen/ARM /ARM Execute Dom 0 Execute Dom 0 Dom 0 Dom 0 Xen Xen 0xC1C00000 0xC1C00000 0xC0008000 0xC0008000 I.MX21 I.MX21 Load Address Load Address Platform Platform Partition 0 Xen Partition 1 Kernel Image Partition 2 File System (JFFS2) NOR Flash Partition for Dom 0 Create / Load Guest Domains Create / Load Guest Domains Guest Operating System Guest Operating System Ex) Para Ex) Para-
virtualized Linux Hardware Initialization Hardware Initialization System Boot Procedure System Boot Procedure
22
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Dom0_util supports only create and destroy functions. Dom0_util supports only create and destroy functions.
dom0_util Domain control driver
Control guest domain Request Xen to create and execute / destroy dom U kernel, where this driver loads the kernel image.
Xen Partition 0 Kernel Image Partition 1 File System (JFFS2) NAND Flash Partition for Dom 1 0xc3c00000 0xc3c00000 I.MX21 I.MX21 Load Address Load Address Platform Platform
Create and execute dom U / destroy dom U
23
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
24
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Secure Secure App3 App3 Access Control Access Control Decision Maker Decision Maker Access Control Access Control Policy Conductor Policy Conductor Hooks Hooks AC Policy AC Policy Manager Manager
Decision Decision Cache Cache Secure SW Secure SW I nstaller I nstaller
OS OS
Secure Secure App1 App1 Secure Secure App2 App2
Hardware Layer Domain Secure Domain (Dom 0) Open Domain (Dom U)
Flash Memory Flash Memory
E EMK
MK(Access
(Access Control Policy) Control Policy)
Devices Devices
App4 App4 App1 App1 App3 App3 App2 App2 App5 App5 Access Access Control Control
SoC SoC Secure ROM Secure ROM
Master Key (MK), Bootloader
CPU CPU
Secure Xen
Domain Domain I ntegrity Manager I ntegrity Manager Front Front-
end device drivers device drivers
OS OS
Back Back-
end device drivers device drivers
25
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
SoC SoC Secure ROM Secure ROM
Master Key (MK), Master Key (MK), Bootloader Bootloader
Root of Trust Root of Trust Xen Xen Domains Domains
Integrity check of the Integrity check of the Xen Xen with with Cert Cert M
M
Integrity check of each Integrity check of each domain with domain with Cert Cert M
M
Flash Memory Flash Memory
E EMK
MK(Cert
(Cert M
M), signed
), signed Xen Xen, , signed domains signed domains … …
E EMK
MK: Encryption with the master key (MK)
: Encryption with the master key (MK) Cert Cert M
M: Manufacturer
: Manufacturer’ ’s public key certificate s public key certificate
26
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
SP1 SP2 OS Images Offset
Flash memory
Bootloader Bootloader I mage, Master Key (MK) I mage, Master Key (MK)
Secure ROM
Encrypted data DP1 DP2 DPn SP3 Secure partition Data Partition
Partitions for guest OS domains. Each OS is allowed to access it Partitions for guest OS domains. Each OS is allowed to access its own partition. s own partition. DP DPn
n
A secure partition for cryptographic keys which are used by secu A secure partition for cryptographic keys which are used by secure domain. re domain.
E EMK
MK(Cryptographic
(Cryptographic keys) keys)
SP SP3
3
A secure partition for access control policies. A secure partition for access control policies.
E EMK
MK(Access
(Access Control Policies) Control Policies)
SP SP2
2
A secure partition for A secure partition for Xen Xen image and data for integrity measurement during a image and data for integrity measurement during a system boot. system boot.
E EMK
MK(Xen
(Xen Image||Sig Image||SigM
M(H(Xen
(H(Xen Image))||Sig Image))||SigM
M(H(Secure
(H(Secure Domain Domain Image))||Sig Image))||SigM
M(H(Normal
(H(Normal Domain Domain Image))|| Image))||Cert CertM
M)
)
SP SP1
1
Manufacturer Manufacturer’ ’s public key certificate. It is used for integrity measurement o s public key certificate. It is used for integrity measurement of f Xen Xen or
kernel images. kernel images. Cert CertM
M
Master key. Each mobile device has a unique MK to encrypt data s Master key. Each mobile device has a unique MK to encrypt data stored in secure tored in secure partitions ( partitions (SPs SPs). ). MK MK Descriptions Descriptions Symbols Symbols
SP1 SP2 OS Images DP1 DP2 OS image partition SP1 SP2 OS Images DP1 DP2
27
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
28
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
29
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
About 20 micro sec. per access control hook About 20 micro sec. per access control hook
About 75 ms for the integrity measurement (digital About 75 ms for the integrity measurement (digital signature verification) during a system boot signature verification) during a system boot
30
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
31
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
32
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
33
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Physical/virtual resources and domain management Physical/virtual resources and domain management are enforced by ACM at are enforced by ACM at Xen Xen
In order not to degrade In order not to degrade Xen Xen performance, detailed performance, detailed access control of the resources in each domain is access control of the resources in each domain is individually enforced by ACM at each domain individually enforced by ACM at each domain
34
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
35
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
36
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
[COK06] G. Coker, [COK06] G. Coker, “ “Xen Xen Security Modules (XSM), Security Modules (XSM),” ” Xen Xen Summit, Summit, 2006. 2006.
[GOS06] A. [GOS06] A. Gostev Gostev, , “ “Mobile Mobile Malware Malware Evolution: An Overview, Part Evolution: An Overview, Part
1, 1,” ” 2006. 2006. http://www.viruslist.com/en/analysis?pubid=200119916 http://www.viruslist.com/en/analysis?pubid=200119916 [KAW05] D. Kawamoto, [KAW05] D. Kawamoto, “ “2006: Year of the mobile 2006: Year of the mobile malware malware, ,” ” 2005. 2005. http://news.com.com/2006+Year+of+the+mobile+malware/2100 http://news.com.com/2006+Year+of+the+mobile+malware/2100-
7349_3-
6001651.html [SAI05] R. [SAI05] R. Sailer Sailer, E. Valdez, T. Jaeger, R. Perez, L. van , E. Valdez, T. Jaeger, R. Perez, L. van Doorn Doorn, J. , J.
“sHype:A sHype:A secure secure hypervisor hypervisor approach approach to trusted virtualized systems, to trusted virtualized systems,” ” IBM Research Report, 2005. IBM Research Report, 2005. [ARM01] Andres [ARM01] Andres N.Sloss N.Sloss, Dominic , Dominic Symes Symes, , C.Wright C.Wright. . “ “ARM ARM System Developer System Developer’ ’s Guide s Guide” ”, Morgan Kaufmann, 2004 , Morgan Kaufmann, 2004 [KEV01] Kevin Lawton, [KEV01] Kevin Lawton, “ “Running multiple operating systems Running multiple operating systems concurrently on an IA32 PC using virtualization techniques concurrently on an IA32 PC using virtualization techniques” ”. . 2000. 2000.
37
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
38
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Lightweight version of XM Lightweight version of XM XM XM Booting guest domain U Booting guest domain U NAND, NOR flash NAND, NOR flash IDE, SCSI HDD IDE, SCSI HDD Virtual Block Device Virtual Block Device Support Support Deterministically coordinated Deterministically coordinated HID Device Driver HID Device Driver Xenconsole Xenconsole daemon daemon and and xenconsole xenconsole client client Console I/O Console I/O Static Static Dynamic Dynamic Memory allocation to Memory allocation to domain domain Modified Modified Xenbus Xenbus* / * / Proprietary Proprietary ( (Xenstore Xenstore to be implemented) to be implemented) Xenbus Xenbus / / Xenstore Xenstore Virtual Device Interface / Virtual Device Interface / Device Configuration Device Configuration Xen Xen/ARM /ARM Xen/x86 Xen/x86 Feature Feature
* Modified * Modified Xenbus Xenbus to support virtual I/O setup without to support virtual I/O setup without xenstore xenstore Based on current status Based on current status
39
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Indirect execution Indirect execution through VMM through VMM Direct execution Direct execution Software Interrupt Software Interrupt Handling Handling 18 [ARM01] 18 [ARM01] (in case of ARM v5) (in case of ARM v5)
# of sensitive # of sensitive instructions instructions VIVT VIVT – – Cache Alias Cache Alias PIPT PIPT – – No cache alias No cache alias Cache Model Cache Model 2 2 4 4 # of Privilege levels # of Privilege levels ARM v4/v5 ARM v4/v5 x86 x86 Feature Feature
40
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Xen Xen on ARM specific
hooks hooks Etc Etc Enforced by ACM at Enforced by ACM at each domain (for each domain (for performance reason) performance reason) Enforced by ACM at Enforced by ACM at VMM VMM Enforced by ACM at Enforced by ACM at VMM VMM Access control to Access control to
domain domain Memory, battery, Memory, battery, DMA, and event DMA, and event channels are channels are controlled by ACM controlled by ACM N/A N/A N/A N/A Protection against Protection against mobile mobile malware malware-
based DoS DoS attacks attacks Physical/virtual Physical/virtual resources and resources and domain management domain management Physical/virtual Physical/virtual resources and resources and domain management domain management Virtual resources and Virtual resources and domain management domain management Objects of access Objects of access control control Flexible based on Flexible based on Flask (TE and Flask (TE and proprietary policy) proprietary policy) Flexible based on Flexible based on Flask (TE, Chinese Flask (TE, Chinese Wall, RBAC, MLS, and Wall, RBAC, MLS, and MCS) MCS) Flexible based on Flexible based on Flask (TE and Flask (TE and Chinese Wall) Chinese Wall) Access Control Access Control Policies Policies Our ACM Our ACM XSM [COK06] XSM [COK06] sHype sHype [SAI05] [SAI05]
41
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
200 400 600 800 1000 1200 P i p e A F _ U N I X s
k e t s t r e a m M e m
y W r i t e F i l e W r i t e F i l e C
y B l
k Z e r
i l l B l
k C
y (MB/sec) Native Linux Para-virtualized Linux
42
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
50 100 150 200 250 300 350 400 F i l e l
k / u n l
k P i p e S e m a p h
e A F _ U N I X s
k e t s t r e a m S i g n a l ( i n s t a l l ) S i g n a l ( c a t c h ) S y s t e m C a l l ( n u l l ) S y s t e m C a l l ( r e a d ) S y s t e m C a l l ( w r i t e ) P r
e s s c r e a t i
( p r
e d . . . microsecond Native Linux Para-virtualized Linux
43
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
40 40 280 280 # of modules # of modules 5.7MB 5.7MB 40MB 40MB T Total size
Embedded Python Embedded Python Full Python Full Python
Python version : 2.4.3 Python version : 2.4.3
44
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
.
E.g. : E.g. : Event Channel No. Event Channel No. Grant Table Ref. No. Grant Table Ref. No.
45
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Application Application
Xen Xen on ARM
NOR Flash Chip NOR Flash Chip
Application Application
Back Back-
end MTD Driver Front Front-
end MTD Driver Modified Modified Xenbus Xenbus Virtual I/O Virtual I/O help to setup JFFS2 JFFS2 JFFS2 JFFS2 Native MTD Native MTD NOR Flash NOR Flash Chip Driver Chip Driver
NAND Flash Chip NAND Flash Chip NAND Flash NAND Flash Chip Driver Chip Driver
46
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Xen Xen on ARM
Application Application Application Application Native Driver Native Driver Bridge Bridge Modified Modified Xenbus Xenbus Virtual I/O Virtual I/O help to setup help to setup
Ethernet Device Ethernet Device Back Back-
end Front Front-
end
47
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
720 720 security/ security/secure_storage secure_storage 1500 1500 security/ security/secure_boot secure_boot 793 793 security/crypto security/crypto 4030 4030 Include/asm Include/asm-
arm/arch-
Include/asm Include/asm-
arm/arch-
imx include/ include/asm asm-
arm arch/arm/lib arch/arm/lib arch/arm/arch arch/arm/arch-
arch/arm/arch arch/arm/arch-
imx arch/arm/ arch/arm/xen xen security/ security/access_control access_control Directory Directory 2110 2110 4953 4953 2695 2695 1127 1127 1031 1031 7455 7455 2500 2500 LOC LOC
48
SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Include/ Include/asm asm-
arm arch/arm/mach arch/arm/mach-
imx a arch/arm/mm rch/arm/mm a arch/arm/kernel rch/arm/kernel Directory Directory 646 646 1008 1008 1730 1730 1134 1134 LOC LOC