Can we use a particular device in secure and non secure mode simultaneously without switching between modes?
Can it be done by by configuring/partitioning the address space of device ?
Yes. of course.
Usually when the memory regions are setup you would assign a certain address of the peripheral to secure and a different address to non secure access
There is no "switching" involved. The processor executes and does the access based on the address at hand which is what makes TrustZone for ARMv8-M suited for embedded applications
it is highly recommended to use this separate address for secure and non secure access to a peripheral to simplify the design from a sw perspective
Diya, Thanks for reply :)
This memory region setup is done by which IP, is it TZPC or some other IP ?
Usually the setup is done by the software running in the TrustZone on boot.
At power up, all the address space is marked as secure and will stay as such until software running in the TrustZone configures regions otherwise
Ok, but software will configure some hardware IP to partition the memory address space of device.
Like if we want to partition the DDR in secure and non secure, software program TZASC, Which H/W IP will be programmed to separate device address space ?
depends on the design of the peripheral
if it has already multiple registers then there is nothing to configure in the peripheral since those different addresses are mapped by the security regions
if the peripheral does not have distinct registers then it will most likely need to be configured in order to support this secure/non secure access
if not, then you would need support in the driver to handle this secure non secure access
Thanks a lot Diya,
View all questions in TrustZone for Armv8-M forum