Hello,
I am using a quad-core Cortex-A7 (on Raspberry PI 2). I run a Linux on Core 0,1,2 and a baremetal application on Core 3. My goal is to protect the baremetal application from the rest (i.e., the linux side). Initially I thought that I can do this by using TrustZone. So, I configured the cores 0, 1, 2 to be in a normal world and core 3 to be in secure world. But it seems that TZPC is not available on their processor. So I can't set some memory regions to be secure.
Are there any other methods to partition the main memory and isolate some regions for Core 3?
Thank you.
In terms of physical security (e.g. stopping Linux driver doing something malicious) I can't think of anything - it's a unified physical memory space and the kernel is a trusted component so assumed to have access to everything the CPU can physically see.
Logical isolation (without any security protection) is easy enough - just set the mem=<xyz>M parameter when booting the kernel to set the amount of physical memory it is allowed to use, and anything above that will be untouched.
Cheers,
Pete
Thank you very much for your answer.
If we do the 'logical' isolation, how easy it is for someone to access the region above the boundary (by, for example, gaining root access)?
You need root, but other than that it would be trivial - any device driver could just map the physical address range.