This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting Non-Secure Memory from Secure Memory on TrustZone for Armv8-m

Hello,

I have a very simple program on TrustZone enabled Cortex M33 core;
 - Start Secure & Privileged state
 - Set an SRAM Memory Region as Non-Secure using SAU
 - Set a WORD Value in Non-Secure World from Secure World (I don't switch to Non-Secure code, always running in Secure World)

But, somehow I cannot write an NS memory from Secure World.

Secure World should access both Secure & Non-Secure world, but what is the limitation here?

The below link mentions some limitations: https://developer.arm.com/documentation/100720/0200/Secure-software-guidelines?lang=en#:~:text=Non%2Dsecure%20memory%20access

 - "When Secure code has to access Non-secure memory using an address that is calculated by the Non-secure state, it cannot trust that the address lies in a Non-secure memory region."
 
    Herein, I don't know what does mean "calculated by the Non-secure state", I have set a NS region using SAU, and set by absolute address.

 - "Furthermore, the Memory Protection Unit (MPU) is banked between the security states. Secure and Non-secure code might have different access rights to Non-secure memory."

   MPU is not set yet.

 - "The Secure code can use the TT instruction to check Non-secure memory permissions."

    Ok, if TT shows I don't have permission, how to give permission, using MPU?


Parents
  • The chapter you are referring to is for the case where some NS code provides a pointer to some new memory and wants secure code to access it.TT instruction is to prevent an attack where non privileged ns code tries to access memory it should not have access rights.

Reply
  • The chapter you are referring to is for the case where some NS code provides a pointer to some new memory and wants secure code to access it.TT instruction is to prevent an attack where non privileged ns code tries to access memory it should not have access rights.

Children
No data