I want to know how to invalidate or clean to cache only used secure-world

Hello experts.

I making a security operating system using trustzone using ARMv8 big-little core.

I face some probleam of cache clean or invalidate.

I want to cache flush to used only secure-world memory based on virtual memory, no flush non-secure world cache line.

I know the ns bit in cache tags determine secure or non-secure.

and I found some coprocess register for cache flush based on virtual address like a ICIMVAU, DCIMVAC, DCCMVAC, DCCMVAU, DCCIMVAC.

but i didn't found the check secure cache or non-secure cache and operate to only secure world cache flush.

so how to flush to only secure area cache.

Is not supported operation?

thanks for read my question and please help me.

Parents
  • It depends on exactly what you mean...

    The cache maintenance operations you are quoted take a virtual address as an argument.  While the caches are tagged by physical address, which as you mentioned in whether the line is Secure or Non-secure.

    A Secure virtual address can translate to either a Secure or Non-secure physical address.  It's controlled by the Secure world's translation tables.

    So invalidating (or clean+invalidating) all the Secure virtual addresses is straight forward.  You just have to iterate through the address space.

    However, if you only want to invalidate those Secure virtual addresses that translate to a Secure physical address, there isn't a specific command for that.  You need to know which addresses you had mapped as what.

Reply
  • It depends on exactly what you mean...

    The cache maintenance operations you are quoted take a virtual address as an argument.  While the caches are tagged by physical address, which as you mentioned in whether the line is Secure or Non-secure.

    A Secure virtual address can translate to either a Secure or Non-secure physical address.  It's controlled by the Secure world's translation tables.

    So invalidating (or clean+invalidating) all the Secure virtual addresses is straight forward.  You just have to iterate through the address space.

    However, if you only want to invalidate those Secure virtual addresses that translate to a Secure physical address, there isn't a specific command for that.  You need to know which addresses you had mapped as what.

Children
More questions in this forum