This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Extensions in ARMv7

"the Security Extensions integrate hardware security features into the architecture". Please can anybody make clear what exactly is "security" in hardware point of view in an ARMv7-A profile..?

can you please give any real-time example for  secure state and non-secure state for better understanding.?

Parents
  • Hi,

    Short question, much longer answer - but hope this helps get you started.

    Bit of background:

    Security extensions provide a form of extension to the privilege model.  This is driven by requirements in complex software stacks. In a typical OS/user space environment we have the idea of a privileged OS and unprivileged user applications. The applications aren't allowed to do things like disable caches or change virtual mappings - they must ask the OS. However an OS is typically a big complex piece of software. It's hard to guarantee it is secure. So the idea of a smaller secure code base for managing early boot and handling operations like payments and DRM emerged.

    What the hardware provides (briefly):

    The Architecture supports this concept using the Security Extensions.

    - The core can operate in a Secure or Non Secure world, a secure interrupt or special system call can be used to generate a transition between worlds

    - Some system configuration operations are only permitted in Secure world

    - The Secure world has its own Virtual/Physical translation regime

    - Data is also segregated (both internally in the caches and for bus accesses) between Secure and Non Secure worlds using the NS bit

    What the hardware provides (in detail):

    Look at the ARM ARM (Architecture Reference Manual) B1.5 The Security Extensions http://infocenter.arm.com/help/topic/com.arm.doc.ddi0406c/index.html

Reply
  • Hi,

    Short question, much longer answer - but hope this helps get you started.

    Bit of background:

    Security extensions provide a form of extension to the privilege model.  This is driven by requirements in complex software stacks. In a typical OS/user space environment we have the idea of a privileged OS and unprivileged user applications. The applications aren't allowed to do things like disable caches or change virtual mappings - they must ask the OS. However an OS is typically a big complex piece of software. It's hard to guarantee it is secure. So the idea of a smaller secure code base for managing early boot and handling operations like payments and DRM emerged.

    What the hardware provides (briefly):

    The Architecture supports this concept using the Security Extensions.

    - The core can operate in a Secure or Non Secure world, a secure interrupt or special system call can be used to generate a transition between worlds

    - Some system configuration operations are only permitted in Secure world

    - The Secure world has its own Virtual/Physical translation regime

    - Data is also segregated (both internally in the caches and for bus accesses) between Secure and Non Secure worlds using the NS bit

    What the hardware provides (in detail):

    Look at the ARM ARM (Architecture Reference Manual) B1.5 The Security Extensions http://infocenter.arm.com/help/topic/com.arm.doc.ddi0406c/index.html

Children