I wonder how VA->PA translation is handled from non-secure world with Aarch64.
I see the HYP mode uses IPA so that the second stage translation may restrict the VM to certain memory.
But what about limiting access to secure memory? Is it only possible if the SOC support the NS-bit for peripherals and memory?
Or is there also a second-stage translation table for EL3?
Thanks Peters.
This is a bit sad. A similar method like the EL2/HYP mode would have made life (of TEE-developers) easier.
But it would have meant a 3rd stage ;-) (VA->IPA->NSPA->PA)
It's worth noting that the big value of TrustZone is that you are not just protecting the secure assets from accesses by the CPU software (if that were the case then a trusted hypervisor and tables would work fine), but also from every other non-secure bus master (display controllers, DSP, GPU, DMA engines, etc).
... and table walks are high enough latency already without adding yet another layer .
TEE developers get a totally parallel world to play in, so they can set up their own tables already so they are totally independent of the non-secure tables, and for development purposes you can point "secure" tables at "non-secure" memory resources (it's not secure, but it still works, so you can develop in that environment easily enough).
HTH, Pete