This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CCA in Armv9 - Making Peripherals Only Accessible from a Realm VM

Hi everyone!

I have a question about how the peripheral controller interacts with CCA Realms. Would it be possible to make individual peripherals (MMIO regions, specifically) only accessible from a Realm VM?

In Arm TrustZone, apparently it is possible to configure MMIO regions of individual peripheral to make it only accessible from the secure world, using the Secure Peripherals Controller. I wonder if similar things can be done for Realm VMs.

Thank you.

Parents
  • Hi 

    In TrustZone it is possible to configure some MMIO regions so that they are only accessible in Secure world. This however requires that SoC vendor includes completer side filters in their design, which can then be configured, typically at boot, to create this split. For RME the same kind fo architecture is possible, and the RME system architecture specification provides more details on how completer side filters would work.

    Regards

    Charles

Reply
  • Hi 

    In TrustZone it is possible to configure some MMIO regions so that they are only accessible in Secure world. This however requires that SoC vendor includes completer side filters in their design, which can then be configured, typically at boot, to create this split. For RME the same kind fo architecture is possible, and the RME system architecture specification provides more details on how completer side filters would work.

    Regards

    Charles

Children