Hi experts,
I have tried to configure the attribute of one memory region not able to be write in secure world and then try to write data into this region.
What I expect is that there will be an exception raising after write data into this region. But what I saw is that the write data successfully and the read data successfully.
It could be that the data already is in the cache when reading, so I have tried using "device memory" - GIC mapped address as memory region. There was still no exception raising.
I'm wondering if the functionality of TZC400 is ready on ARMv8 FVP base model.
Hi Sabrina,
Just want to clarify if you meant ".. one memory region not able to be write in non-secure world" ?
If yes it should work.
Which FVP model are you using ? Try passing the following argument for
1. AEMv8 base: -C bp.secure_memory=1
2. Foundation: --secure-memory
I had tried on one of the secure timer block and it did raise exception.
Regards,
Sudeep
I am sorry somehow I am unable to see your response.
Having checked again, if you mark a region with no r/w secure access in TZC,
you need to check if your page tables have NS attribute if you are not seeing
exception. That's one possible reason.
Hello Sudeep,
For TZC, I think we can control the secure/non-secure access behavior.
If we denied secure access for a region, we don't need to have NS attribute
in page tables, and TZC should deny the access.
We can confirm the asynchronous data abort raised by access violation.
But only for address 0x8000_0000 to 0xffff_ffff (which is external DRAM).
When we try to access GIC or TZDRAM (0x0600_0000 to 0x0800_0000),
the filter does no effect. (and I don't see the permission check reported by
fvp tzc400 diagnostic log)
Does GIC and TZDRAM not connected through TZC400 filter0 ? Or we missing
something?