Architectures and Processors forum Reason Behind EL2 in non-secured state ARMv8

State Accepted Answer
+1 person also asked this people also asked this
Locked Locked
Replies 1 reply
Subscribers 346 subscribers
Views 5398 views
Users 0 members are here

Options

Related

How was your experience today?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reason Behind EL2 in non-secured state ARMv8

techguyz over 9 years ago

Hi Experts,

What is the reason behind allowing EL2 only in non-secured state in ARMv8 ?

Regards,

Techguyz

Top replies

Matt Sealey over 9 years ago +1 verified

Hi techguyz, Simply put, it isn't a reasonable use of processor resources to virtualise the Secure state. The primary use case for the Secure state is to provide trusted services, and these services are...

Parents

+1 Matt Sealey over 9 years ago

Hi techguyz,
Simply put, it isn't a reasonable use of processor resources to virtualise the Secure state. The primary use case for the Secure state is to provide trusted services, and these services are usually quite small both for the purposes of security in general (less code means less bugs) and for auditing and certification (to assure there are no holes to your customers). There is already a privilege separation -- EL3, Secure EL1 and Secure EL0 -- which is more than enough to implement that and most other use cases.
While a Hypervisor itself may be quite small and easy to audit (depending on the implementation), the fact that it would probably be able to virtualise any number of arbitrary guest Operating Systems means that all bets are off. The functionality required for virtualisation -- 2nd stage translation regimes, trapping, virtual IRQ and FIQ and so on -- would make the Secure state more complicated and therefore more difficult to assure from a hardware perspective.
Ta,
Matt S.
Cancel
Up +1 Down

Cancel

Reply

+1 Matt Sealey over 9 years ago

Hi techguyz,
Simply put, it isn't a reasonable use of processor resources to virtualise the Secure state. The primary use case for the Secure state is to provide trusted services, and these services are usually quite small both for the purposes of security in general (less code means less bugs) and for auditing and certification (to assure there are no holes to your customers). There is already a privilege separation -- EL3, Secure EL1 and Secure EL0 -- which is more than enough to implement that and most other use cases.
While a Hypervisor itself may be quite small and easy to audit (depending on the implementation), the fact that it would probably be able to virtualise any number of arbitrary guest Operating Systems means that all bets are off. The functionality required for virtualisation -- 2nd stage translation regimes, trapping, virtual IRQ and FIQ and so on -- would make the Secure state more complicated and therefore more difficult to assure from a hardware perspective.
Ta,
Matt S.
Cancel
Up +1 Down

Cancel

Children

No data