For example, we define a region to be secure. If a non secure app is trying to acess that region, what protection mechanism exists in hardware which will prevent that?
A single physical core can execute code from both the
Normal world and the Secure world in a time-sliced fashion. The memory system is similarly
divided. An additional bit, indicating whether the access is Secure or Non-Secure (the NS bit)
is added to all memory system transactions, including cache tags and access to system memory
and peripherals. This can be considered as an additional address bit, giving a 32-bit physical
address space for the Secure world and a completely separate 32-bit physical address space for
the Normal world.
If a non secure app access a secure region the slave would respond by issuing SLVERR on its response(RRESP for read & BRESP for write) channel.
Additionally, if an app needs to access a secure region it can do that by first going into the monitor mode and then writing to this register SCR NS bit.
The NS bit in the Secure Configuration Register (SCR) in CP15 indicates which world the core
is currently in. In Monitor mode, the core is always executing in the Secure world, regardless of
the value of the SCR NS-bit that is used to signal which world you were previously in.