I want to load in an Arm TrustZone file in qemu (along with a hypervisor and kernel). The trustzone file's _start is located at 0x14680000, which is below 0x40000000, and thus in device memory. As such, my qemu command:
qemu-system-aarch64 \
-machine virt \
-cpu cortex-a57 \
-smp 1 \
-m 3G \
-kernel boot.img \
-machine gic-version=3 \
-device loader,addr=0x80040000,cpu-num=0,file=./hyp.mbn \
-device loader,addr=0x14680000,cpu-num=0,file=./tz.mbn \
-machine secure=true \
-machine virtualization=true \
-nographic \
-S -s
Fails to load in the trustzone file. I dont have access to the soure code to recompile it, and brute-force altering the elf to change its load address obviously wont work. Is there any way in qemu to load it in at a different address? Or to change where RAM starts?
It is in theory possible to get QEMU to load the file at a different address (for instance you could use objdump to convert it to a binary blob and then load that at whatever address you like), but that doesn't mean it's going to work when you do.
For this kind of low level code, the image has to be built to run on the hardware you're trying to run it on. At a minimum, that means it either has to be linked to run at the address where RAM is, or else that it must self-relocate. If this image is built for the wrong RAM address it probably also hardcodes a lot of other things for whatever hardware it was built for, like the addresses of devices and the interrupt controller, which won't match the virt board either.
You either need to: