I have a question about how the peripheral controller interacts with CCA Realms. Would it be possible to make individual peripherals (MMIO regions, specifically) only accessible from a Realm VM?
In Arm TrustZone, apparently it is possible to configure MMIO regions of individual peripheral to make it only accessible from the secure world, using the Secure Peripherals Controller. I wonder if similar things can be done for Realm VMs.
In TrustZone it is possible to configure some MMIO regions so that they are only accessible in Secure world. This however requires that SoC vendor includes completer side filters in their design, which can then be configured, typically at boot, to create this split. For RME the same kind fo architecture is possible, and the RME system architecture specification provides more details on how completer side filters would work.
This is really helpful, thanks!!