Patent Application
20200089918
This application relates to the computer field, and more specifically, to a Secure World access method, apparatus, and system.
A concept of a TrustZone is introduced in an advanced reduced instruction set computer (RISC) machines (ARM) processor in an architecture v6. The TrustZone is a unique processor mode of the ARM processor.
As shown in
In an architecture shown in
For ease of understanding, the following describes a method for accessing the Secure World by a user program from the Normal World with reference to the architecture shown in
Step 1: A CA program (for example, a CA1, a CA2, or a CA3) invokes an application programming interface (API) provided based on a common SMC driver, and transmits a parameter to an SMC driver of a rich execution environment (REE) operating system (OS) kernel.
Step 2: The SMC driver writes the parameter into a register, calls the SMC instruction, and triggers an exception event.
Step 3: After taking over the exception event, the runtime firmware switches a system mode, and calls a function related to a secure service delivery and scheduling module in a trusted execution environment (TEE) OS kernel.
Step 4: The secure service delivery and scheduling module further parses the parameter, and analyzes a parameter parsing result, to schedule a related trusted application (TA) program.
Step 5: The TA program (for example, a TA1, a TA2, or a TA3 shown in
In the foregoing procedure in which the CA program obtains the secure service, the common SMC driver may be used by any program (including a malicious program). Consequently, the malicious program may access the Secure World, and security of the Secure World is reduced.
This application provides a Secure World access method, apparatus, and system, to improve security of a Secure World.
According to a first aspect, a Secure World access method is provided, including creating a first virtual machine (VM) in a Normal World, loading a plurality of programs in the Normal World to the first VM, where the plurality of programs include a kernel and at least one user program, the kernel runs in a first-level mode, the at least one user program runs in a second-level mode, and the first level is higher than the second level, when it is determined that a first user program in the at least one user program needs to access a Secure World, creating, in the Normal World, a second VM running in the first-level mode, and stripping the first user program from the first VM, and loading the first user program to the second VM such that the first user program accesses the Secure World using the second VM.
Therefore, in the solution, a common SMC driver is no longer deployed in an operating system kernel of the Normal World, and an ordinary program (including a malicious program) cannot obtain secure service call by invoking the common SMC driver. In addition, to facilitate a user program to access the Secure World, a VM that works in a same level as the kernel may be created such that a user program that needs to access the Secure World may access the Secure World using the VM that works in the same level as the kernel, and does not need to access the Secure World through the common SMC driver. Therefore, security of the Secure World may be improved while access to the Secure World accessing is implemented.
Further, because a level of the second VM is the same as a level of the kernel, information returned by a program in the Secure World to the first user program may be directly received by the first user program using the second VM instead of the shared kernel, to greatly avoid a case in which the returned information is snooped or tampered with by the kernel, or avoid a case in which another malicious program snoops or tampers with the returned information using the kernel.
With reference to the first aspect, in a possible implementation of the first aspect, the method further includes setting a virtualization list, to prohibit all programs in the first VM (another program in the plurality of programs other than the first user program) from continuously accessing a memory page of the stripped first user program. Optionally, a page table corresponding to the first user program may be deleted from a level-2 page table such that a program in the first VM accesses a memory page of the first user program.
Because some vulnerabilities may occur in an operating system, the malicious program performs some operations (such as privilege escalation) using these vulnerabilities, and destroys or steals data from a normal user program, to implement an attack. After the virtualization list is set to prohibit all the programs in the first VM from accessing the memory page of the stripped first user program, the malicious program in the first VM cannot access the memory page of the first user program. It means that the first user program cannot be attacked (if a program is to be attacked, a memory page of the program is necessarily accessed). Therefore, according to this implementation, security of an application program is further enhanced.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the creating, in the Normal World, a second VM running in the first-level mode includes allocating, to the second VM, a resource exclusive to the first user program. The exclusive resource optionally includes at least one of a central processing unit (CPU) resource, a peripheral, or a memory.
Some resources are to be used when the first user program accesses the Secure World. If these resources are used by another program, information that is obtained by accessing the Secure World is leaked. For example, if a memory resource in the second VM is shared by the first user program and another program in the Normal World, information that is from the Secure World and that is stored in the memory is likely to be stolen by the other program. Therefore, the resource exclusive to the first user program is allocated to the second VM, to avoid a case in which another program steals, using the resources used when the first user program accesses the Secure World, information related to the Secure World.
Optionally, when the plurality of user programs need to access the Secure World, a plurality of VMs working in the first-level mode may be created. The plurality of VMs are in a one-to-one correspondence with a plurality of user programs, and are used by the corresponding user programs to access the Secure World. The plurality of VMs each have an exclusive resource.
Therefore, each valid user program is exclusively deployed in an independent VM such that each user program can have an exclusive secure service channel, and the secure service channel used by the user program to access the Secure World may not be used by another user program, to avoid a case in which the malicious program accesses the Secure World using the service channel.
In addition, each user program has an independent secure service channel, and no user program accesses the Secure World using a same secure service channel, to avoid breakdown of a secure service of another user program that is caused because malicious software occupies the same secure service channel for a long time (for example, occupies a common SMC driver).
Optionally, the exclusive resource includes a memory. A memory in the second VM may be used as a memory shared by the first user program and a program in the Secure World.
Therefore, because the memory in the second VM created for the first user program is exclusive, a shared memory used for communication between a user program in the Normal World and a program in the Secure World is isolated at a VM level, and the malicious program in the first VM cannot steal and destroy data in the shared memory used for communication between a user program in the second VM and a user program in the Secure World.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the plurality of programs further include an agent program corresponding to the first user program, after the first user program is stripped from the first VM, the agent program is used as an agent of the first user program in the first VM, to trigger the kernel to process a to-be-processed event that needs to be processed by the kernel, and the to-be-processed event is generated when the first user program runs in the second VM.
Therefore, when an event that needs to be processed by the kernel is generated when the first user program runs in the second VM, the user program may be replaced with the agent program corresponding to the first user program in the first VM, and an environment in which the first user program still works in the first VM is created such that the operating kernel of the first VM can process the event that needs to be processed by the kernel.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the method further includes obtaining the to-be-processed event, where the to-be-processed event needs to be processed by the kernel, and is generated when the first user program runs in the second VM, storing a context of the second VM, and restoring a context of the agent program in the first VM, to trigger the kernel loaded to the first VM to process the to-be-processed event.
Therefore, when the to-be-processed event that needs to be processed by the kernel is obtained, running of the first user program is interrupted by storing the context of the second VM, the context of the agent program is restored, and an environment in which the first user program still works in the first VM may be created without directly switching the first user program to the first VM such that the operating kernel of the first VM can process the event that needs to be processed by the kernel.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the method further includes, after the first VM completes processing of the to-be-processed event, restoring the first user program in the second VM.
Therefore, after the first VM completes processing of the to-be-processed event, the first user program is restored in the second VM, and the first user program can continue to run in the second VM.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the to-be-processed event is an interrupt event, a page fault exception event, or a system invocation event.
The interrupt event, the page fault exception event, or the system invocation event is an event that needs to be processed by the kernel. Therefore, when the event is generated when the first user program runs in the second VM, the user program may be replaced with the agent program corresponding to the first user program in the first VM, and an environment in which the first user program still works in the first VM is created such that the operating kernel of the first VM can process the event.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, before the stripping the first user program from the first VM, the method further includes determining that the first user program is a secure user program.
Therefore, when the first user program needs to access the secure world, it is determined that the first user program is the secure user program, to avoid loading a malicious program to a VM working in the second-level mode, and avoid a case in which the malicious program accesses the Secure World.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the determining that the first user program is a secure user program includes obtaining a first hash value group and a second hash value group, where the first hash value group includes at least one first hash value, and the second hash value group includes at least one second hash value, each first hash value is in a one-to-one correspondence with each of at least one data object in the first user program, and each hash value is a current hash value of the data object, and each second hash value is in a one-to-one correspondence with each of the at least one data object in the first user program, and the second hash value is a factory-set hash value of the data object, and when the first hash value group is the same as the second hash value group, determining that the first user program is the secure user program.
A hash value of a data object of a user program does not change in a normal case, and if the hash value is tampered with or used, the hash value of the data object is different from a factory-set hash value. Therefore, it may be accurately determined, by comparing a current hash value of the data object of the user program with the factory-set hash value, that whether the user program is the secure user program.
With reference to the first aspect or any one of the foregoing possible implementations of the first aspect, in a possible implementation of the first aspect, the method is implemented by an ARM processor, the first-level mode is an exception level 1 (EL1) mode, and the second-level mode is an exception level 0 (EL0) mode.
According to a second aspect, a virtual machine monitor (VMM) is provided, and may include a module or a unit configured to perform the method according to the first aspect or any one of the foregoing optional implementations of the first aspect.
According to a third aspect, a Secure World access apparatus is provided, and includes a memory and a processor, where the memory stores program code that may be used to instruct to perform the method according to the first aspect or any one of the foregoing optional implementations of the first aspect, and when the code is executed, the processor may implement the method according to the first aspect or any one of the foregoing optional implementations of the first aspect.
According to a fourth aspect, a Secure World access system is provided, including a hardware layer of a Normal World, and a virtual machine monitor (VMM) running on the hardware layer of the Normal World, and a first VM and a second VM that are created and controlled by the VMM, where the first VM is configured to load a plurality of programs in the Normal World, the plurality of programs include a kernel and at least one user program, the kernel runs in a first-level mode, the at least one user program runs in a second-level mode, and the first level is higher than the second level, and the second VM is configured to load a first user program that is in the at least one user program and that is stripped from the first VM such that the first user program accesses a Secure World using the second VM, and the second VM runs in the second-level mode. The VMM may be configured to perform the method according to the first aspect or any one of the foregoing optional implementations of the first aspect.
According to a fifth aspect, a computer storage medium is provided, where the computer storage medium stores program code, and the program code is used to enable a computer to perform the method according to the first aspect or any one of the foregoing possible implementations of the first aspect.
According to a sixth aspect, a computer program product including an instruction is provided. When the computer program product runs on a computer, the computer performs the method according to the first aspect or any one of the foregoing optional implementations of the first aspect.
The following describes technical solutions of this application with reference to accompanying drawings.
An embodiment of the present disclosure provides a TrustZone architecture shown in
As shown in
For the Normal World, there are a REE OS and a CA (or may be referred to as a user program or the like), for example, a CA1, a CA2, and a CA3 shown in
Compared with the Normal World, in the Secure World, there are a TEE OS and a TA, for example, a TA1, a TA2, and a TA3 shown in
The TEE OS is responsible for hardware resource abstract management and secure service program scheduling in the Secure World. For example, after receiving a service request from the Normal World and parsing a parameter, the TEE OS schedules a corresponding TA program to complete related secure task processing. The TA is a program that provides a specific secure service function, and runs in the TrustZone in a Secure World process manner.
The TrustZone technology can provide a complete physically-isolated running environment that includes a CPU, a register, a bus, a memory, a cache, a translation lookaside buffer (LTB), and a peripheral.
For the memory, the Secure World and the Normal World each have memory space. A program in the Normal World cannot access a memory of the Secure World, but a program in the Secure World can access a mapped memory of the Normal World.
If the Normal World needs to transmit a large piece of data (for example, a size of data that cannot be transmitted using the register) to the Secure World, the large piece of data is transmitted using a shared memory.
As shown in
Optionally, there are three working modes in the Secure World an exception level 3 (EL3) mode, a secure exception level 1 (SEL1) mode, and a secure exception level 0 (SEL0) mode.
A VMM shown in
In the architecture shown in
It should be understood that the architecture shown in
For ease of understanding, the following describes a Secure World access method in this embodiment of the present disclosure with reference to
It should be understood that this embodiment of the present disclosure may be applied to an architecture of an ARM processor, for example, an architecture of an ARMv8 Cortex A-series processor. However, this embodiment of the present disclosure is not limited thereto.
110. The VMM creates a first VM in a Normal World.
For example, the first VM may be a VM0 shown in
120. The VMM loads a plurality of programs in the Normal World to the first VM, where the plurality of programs include a kernel and at least one user program.
For example, the plurality of programs include an OS kernel, a CA1, a CA2, and a CA3 shown in
Optionally, in the first VM, the kernel runs in a first-level mode, the at least one user program runs in a second-level mode, and the first level is higher than the second level.
Optionally, the first-level mode may be an EL1 mode shown in
For example, as shown in
130. When it is determined that a first user program in the at least one user program needs to access a Secure World, the VMM creates a second VM in the Normal World.
For example, as shown in
Optionally, the VMM allocates, to the second VM, a resource exclusive to the first user program. The exclusive resource optionally includes at least one of a CPU resource, a peripheral, and a memory.
Some resources are to be used when the first user program accesses the Secure World. If these resources are used by another program, information that is obtained by accessing the Secure World is leaked. For example, if a memory resource in the second VM is shared by the first user program and another program in the Normal World, information that is from the Secure World and that is stored in the memory is likely to be stolen by the o program. Therefore, the resource exclusive to the first user program is allocated to the second VM, to avoid a case in which another program steals, using the resources used when the first user program accesses the Secure World, information related to the Secure World.
Optionally, when the plurality of user programs need to access the Secure World, a plurality of VMs working in the first-level mode may be created. The plurality of VMs are in a one-to-one correspondence with a plurality of user programs, and are used by the corresponding user programs to access the Secure World. The plurality of VMs each have an exclusive resource.
Therefore, each valid user program is exclusively deployed in an independent VM such that each user program can have an exclusive secure service channel, and the secure service channel used by the user program to access the Secure World may not be used by another user program, to avoid a case in which a malicious program accesses the Secure World using the service channel.
In addition, each user program has an independent secure service channel, and no user program accesses the Secure World using a same secure service channel, to avoid breakdown of a secure service of another user program that is caused because malicious software occupies the same secure service channel for a long time (for example, occupies a common SMC driver).
Optionally, the exclusive resource includes a memory. A memory in the second VM may be used as a memory shared by the first user program and a program in the Secure World.
Therefore, because the memory in the second VM created for the first user program is exclusive, a shared memory used for communication between a user program in the Normal World and a program in the Secure World is isolated at a VM level, and a malicious program in the first VM cannot steal and destroy data in the shared memory used for communication between a user program in the second VM and a user program in the Secure World.
Optionally, the VMM may set a virtualization list, to prohibit the kernel and another user program that are loaded to the first VM in which stripping is performed from accessing a memory page in the second VM.
For example, as shown in
Optionally, a page table corresponding to the first user program may be deleted from a level-2 page table such that a program in the first VM accesses a memory page of the first user program.
Because some vulnerabilities may occur in an operating system, the malicious program performs some operations (such as privilege escalation) using these vulnerabilities, and destroys or steals data from a normal user program, to implement an attack. After the virtualization list is set to prohibit all programs in the first VM from accessing the memory page of the stripped first user program, the malicious program in the first VM cannot access the memory page of the first user program. It means that the first user program cannot be attacked (if a program is to be attacked, a memory page of the program is necessarily accessed). Therefore, according to this implementation, security of an application program is further enhanced.
Optionally, when the first user program needs to access the Secure World, the VMM determines whether the first user program is a secure user program. When determining that the first user program is the secure user program, the VMM strips the first user program from the first VM, and loads the first user program to the created second VM.
In an embodiment, when a user program needs to access the Secure World, the first VM may be trapped in the VMM. The VMM may store a context of the first VM, trigger a dynamic measurement function of the Secure World, and measure integrity and validity of the user program, to ensure security.
Optionally, an action of determining that the first user program is the secure user program may be performed before the first user program is stripped from the first VM.
In an embodiment, the action of determining that the first user program is the secure user program may be performed before the first user program is stripped from the first VM and after the second VM working in the first-level mode is created in the Normal World.
Alternatively, the action of determining that the first user program is the secure user program may be performed before the second VM working in the first-level mode is created in the Normal World and after the first user program is loaded to the first VM.
Further, in addition to integrity and security of a user program that currently needs to access the Secure World, integrity and validity of another program may also need to be measured, for example, integrity and security of an agent program and/or another user program may be measured.
Optionally, dynamic measurement is a dynamic security monitoring function deployed in a TrustZone, and may be used to check a data object that does not change during program running in order to ensure, based on a hash value of a check object, that there is no invalid tampering in a running process.
In an embodiment, the VMM may obtain a first hash value group (including at least one first hash value) and a second hash value group (including at least one second hash value). The first hash value is a current hash value of at least one data object (for example, a user program code segment, or a dynamic link library required for running the user program) in the first user program, and the second hash value is a factory-set hash value of the data object (for security, the factory-set hash value is placed in a memory area of the Secure World). When the first hash value group is the same as the second hash value group (in an embodiment, hash values of each data object are the same), determine that the first user program is the secure user program.
A hash value of a data object of a user program does not change in a normal case, and if the hash value is tampered with or used, the hash value of the data object is different from a factory-set hash value. Therefore, it may be accurately determined, by comparing a current hash value of the data object of the user program with the factory-set hash value, that whether the user program is the secure user program.
Optionally, in the architecture shown in
Optionally, in the architecture shown in
140. The first user program is stripped from the first VM, and is loaded to the second VM such that the first user program accesses the Secure World using the second VM.
In an embodiment, after determining that the first user program is a valid and secure program, the VMM may migrate the first user program, in other words, strip the first user program from the first VM, and load the first user program to the second VM such that the first user program can invoke an SMC driver in the second VM to access the Secure World. For example, the first user program may apply for a shared memory using the SMC driver, and interact with a TA in the Secure World through the shared memory.
Optionally, the second VM may access the Secure World by calling an SMC instruction.
“Stripping” in this application is “removing”. Essentially, the first user program does not run in the first VM, but runs in the second VM. It may be considered that a code segment is “cut” from the first VM into the second VM.
Optionally, in this embodiment of the present disclosure, the first user program may be stripped from the first VM and loaded to the second VM using a plurality of implementations.
In an implementation, the VMM may copy a memory page of the first user program in the first VM (including code segments of various programs, dynamic link libraries required for running various programs, or the like) into the second VM, and modify a mapping relationship of a memory page in the first VM such that the memory page of the first user program in the first VM is recycled.
In another implementation, the VMM may directly map the memory page of the first user program in the first VM to the second VM (in an embodiment, an address of the memory page in a physical memory is mapped to an address in the second VM).
In this embodiment of the present disclosure, a user program may be stripped from a VM and loaded to another VM in another manner. For details, refer to other approaches, and details are not described herein.
For ease of understanding, the following describes, with reference to
141. A CA3 invokes an initialization interface of an agent program.
142. The agent program triggers, by reading a CTR_EL0 register in an ID register group 2, a CPU to be trapped in a VMM in an EL2 mode.
143. After the CPU is trapped in the VMM, the VMM stores a context of a virtual machine, VM0, triggers a dynamic measurement function of a Secure World, and measures integrity and validity of the CA3, to ensure security.
144. The VMM creates a new virtual machine, VM1, and the VMM migrates the CA3 to the VM1 in an EL1 mode, to continue to run the CA3.
Optionally, in this embodiment of the present disclosure, the plurality of programs loaded to the first VM further include an agent program corresponding to a user program. After the user program is stripped from the first VM, the agent program is used as an agent of the user program in the first VM, to execute a to-be-processed event that is generated when the user program runs in the second VM.
Optionally, in this embodiment of the present disclosure, the agent program may be in a one-to-one correspondence with the user process. The agent program may be used as an agent of the corresponding user process. Further, when the user program is loaded to the second VM, the agent program may be used as the agent of the user program.
Optionally, in this embodiment of the present disclosure, the VMM may further obtain a to-be-processed event for the first user program, where the to-be-processed event needs to be processed by the kernel, store a context of the second VM, and restore a context of the agent program such that the kernel processes the to-be-processed event.
Optionally, in this embodiment of the present disclosure, after the first VM completes processing of the to-be-processed event, the VMM restores the first user program in the second VM.
Optionally, the agent program may be in the second-level mode, for example, the EL0 mode shown in
Optionally, the to-be-processed event is an interrupt event, a page fault exception event, or a system invocation event.
Therefore, in this embodiment of the present disclosure, when a VM in which a currently running user program is located has no operating system kernel, an agent program may be used as an agent of the user program, and the interrupt event, the page fault exception event, or the system invocation event are processed using an operating kernel of an original VM.
For ease of understanding, the following respectively describes processing procedures when to-be-processed events are an interrupt event, a page fault exception event, and a system invocation event with reference to
151. A VMM obtains an interrupt signal triggered by hardware, and at this time, a CA3 is running in a current system.
152. The VMM triggers a virtual interrupt, and restores running of an agent program of the CA3.
153. The system is switched to the agent program, the virtual interrupt arrives at a virtual machine, VM0, and the interrupt preempts the running of the agent program.
154. A kernel of the VM0 processes the virtual interrupt.
155. After completing interrupt processing, the VM0 restores the running of the agent program.
156. The agent program is trapped into the VMM.
157. The VMM restores an interrupted context of a VM1.
Therefore, in the solution shown in
161. When a CA3 runs in a system, if a scheduling interrupt occurs, the interrupt is captured by a VMM.
162. The VMM restores a context of a VM0, switches from the CA3 to an agent program for running, and forwards a virtual interrupt to the VM0.
163. After preempting the agent program, the interrupt enters a kernel of the VM0.
164. A scheduling module of the kernel executes, based on a scheduling policy of the scheduling module of the kernel, a related process for running.
165. After the agent program is rescheduled, the agent program is trapped into the VMM.
166. The VMM restores execution of a VM1, in an embodiment, switches the CA3 to the VM1.
Therefore, in the architecture in this application, the VM1 in which a CA1 is located has no operating system kernel, and cannot perform self-scheduling, for example, time slicing for executing the CA1 cannot be determined, and the CA1 needs to comply with a scheduling policy of the VM0. Therefore, in the solution shown in
171. An exception that is triggered after a page fault of a CA3 occurs is taken over by a VMM.
172. When the VMM identifies that a page fault exception occurs in the CA3, the VMM restores a context of an agent program of the CA3.
173. The agent program triggers the page fault exception event to re-enter a kernel of a VM0.
174. A page fault processing program of the kernel performs page fault-related processing.
175. The kernel restores processing of the agent program.
176. The agent program is trapped in the VMM.
177. After setting a corresponding memory page, the VMM restores a VM1, in an embodiment, switches the CA3 to the VM1.
Therefore, in the solution shown in
The creation unit 210 is configured to create a first VM in a Normal World. The loading unit 220 is configured to load a plurality of programs in the Normal World to the first VM. The plurality of programs include a kernel and at least one user program, the kernel runs in a first-level mode, the at least one user program runs in a second-level mode, and the first level is higher than the second level. The creation unit 210 is further configured to, when a first user program in the at least one user program needs to access a Secure World, create, in the Normal World, a second VM running in the first-level mode. The loading unit 220 is further configured to strip the first user program from the first VM, and load the first user program to the second VM such that the first user program accesses the Secure World using the second VM.
Optionally, as shown in
Optionally, the creation unit 210 is further configured to allocate, to the second VM, a resource exclusive to the first user program.
Optionally, the plurality of programs further include an agent program. After the first user program is stripped from the first VM, the agent program is used as an agent of the first user program in the first VM, to trigger the kernel to process a to-be-processed event that needs to be processed by the kernel. The to-be-processed event is generated when the first user program runs in the second VM.
Optionally, as shown in
Optionally, the processing unit 240 is further configured to, after the first VM completes processing of the to-be-processed event, restore the first user program in the second VM.
Optionally, the to-be-processed event is an interrupt event, a page fault exception event, or a system invocation event.
Optionally, as shown in
Optionally, the determining unit 250 is further configured to obtain a first hash value group and a second hash value group, where the first hash value group includes at least one first hash value, and the second hash value group includes at least one second hash value, each first hash value is in a one-to-one correspondence with each of at least one data object in the first user program, and each hash value is a current hash value of the data object, and each second hash value is in a one-to-one correspondence with each of the at least one data object in the first user program, and the second hash value is a factory-set hash value of the data object, and when the first hash value group is the same as the second hash value group, determine that the first user program is the secure user program.
It should be understood that the foregoing and other operations and/or functions of each unit in the VMM 200 in this embodiment of the present disclosure are used to respectively implement the corresponding procedure of the VMM in the method 100 in
The memory 320 is configured to store a program, where the program includes code.
The processor 310 is configured to execute the program code in the memory 320.
Optionally, when the code is executed, the processor 310 may implement operations performed by the VMM in the method 100 in
The first VM 430 is configured to load a plurality of programs in the Normal World, the plurality of programs include a kernel and at least one user program, the kernel runs in a first-level mode, the at least one user program runs in a second-level mode, and the first level is higher than the second level. The second VM is configured to load a first user program that is in the at least one user program and that is stripped from the first VM such that the first user program accesses a Secure World using the second VM, and the second VM runs in the second-level mode.
Optionally, the hardware layer 410 may include a processor, a communications interface, a memory, and the like.
It should be understood that for corresponding descriptions of the VMM 420, the first VM 430, and the second VM 440, refer to the method 100 shown in
It should be understood that, in this embodiment of the present disclosure, the processor may be a CPU, or the processor may be another general purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA) or another programmable logic device, a discrete gate or a transistor logic device, a discrete hardware component, or the like. The general purpose processor may be a microprocessor, or the processor may be any conventional processor or the like.
The memory may include a read-only memory and a random access memory, and provide an instruction and data for the processor. A part of the memory may further include a nonvolatile random access memory. For example, the memory may further store information about a device type.
The communications interface may be configured to implement a signal sending and receiving function, for example, a frequency modulation and demodulation function or an up-conversion or down-conversion function.
In an implementation process, at least one step of the foregoing method may be completed using an integrated logic circuit of hardware in the processor, or the integrated logic circuit may complete the at least one step after being driven by an instruction in a form of software. Therefore, the communications apparatus may be a chip or a chip group. The steps of the method disclosed with reference to the embodiments of the present disclosure may be directly performed by a hardware processor, or may be performed using a combination of hardware module and a software module in the processor. The software module may be located in a mature storage medium in the art, such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory, an electrically erasable programmable memory, or a register. The storage medium is located in the memory, and the processor reads information in the memory and completes the steps in the foregoing methods in combination with hardware of the processor. To avoid repetition, details are not described herein again.
All or some of the foregoing embodiments may be implemented through software, hardware, firmware, or any combination thereof. When software is used to implement the embodiments, the embodiments may be all or partially implemented in a form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedure or functions according to the embodiments of the present disclosure are all or partially generated. The computer may be a general-purpose computer, a dedicated computer, a computer network, or other programmable apparatuses. The computer instructions may be stored in a computer-readable storage medium or may be transmitted from a computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, a computer, a server, or a data center to another website, computer, server, or data center in a wired (for example, a coaxial cable, an optical fiber, or a digital subscriber line (DSL)) or wireless (for example, infrared, radio, or microwave) manner. The computer storage medium may be any usable medium accessible by a computer, or a data storage device, such as a server or a data center, integrating one or more usable media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a digital video disc (Digital Video Disc (DVD)), a semiconductor medium (for example, a solid state disk (SSD)), or the like.
It should be understood that sequence numbers of the foregoing processes do not mean execution sequences in various embodiments of this application. The execution sequences of the processes should be determined according to functions and internal logic of the processes, and should not be construed as any limitation on the implementation processes of the embodiments of the present disclosure.
It may be clearly understood by a person skilled in the art that, for the purpose of convenient and brief description, for a detailed working process of the foregoing system, apparatus, and unit, refer to a corresponding process in the foregoing method embodiments, and details are not described herein again.
The foregoing descriptions are merely specific implementations of this application, but are not intended to limit the protection scope of this application. Any variation or replacement readily figured out by a person skilled in the art within the technical scope disclosed in this application shall fall within the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201710364027.2 | May 2017 | CN | national |
This application is a continuation application of International Patent Application No. PCT/CN2018/087699, filed on May 21, 2018, which claims priority to Chinese Patent Application No. 201710364027.2, filed on May 22, 2017. The disclosures of the aforementioned applications are hereby incorporated by reference in their entireties.
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/CN2018/087699 | May 2018 | US |
| Child | 16690310 | US |
