• State Accepted Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 351 subscribers
  • Views 7115 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trustzone Address Space controller fault to secure monitor.

Vincent Siles

Hi,

I'm using a TZC380 (on an i.MX6 board from NXP) along with NXP CSU to protect some part of my DDR ram and some sensitive devices.

For the TZC configuration, I choose an action set to 3: "sets tzasc_int HIGH and issues a DECERR response".

My secure monitor is configured to route Non Secure External Abort to the secure monitor (SCR = 0xd)

I triggered an illegal access from Linux by trying to read a secure address, and I directly jump to the "Data Abort" entry of my secure monitor VBAR.

At this time, if I print the NS DFSR and DFAR, their content doesn't seem relevant to my error, and especially DFSR doesn't have the Ext bit set.

If I print the S DFSR, I get 0x18 -> Synchronous External Abort.

 

I would expect to jump to the NS VBAR Data Abort entry instead of the MBVAR, and in the latter case, I would expect the External Abort bit to be set in the DFSR

 

Is my understanding wrong ? Can someone clarify a bit the situation of what is happening in such a configuration ?

 

Best,

Vincent

  • 0
    I did a bunch of test with NXP's CSU too, and I get almost the same Secure DFSR: 0x1018 meaning the Ext bit is set. I don't know why I get this difference.
  • 0 Arm Employee Badge
    Hi Vincent,

    The SCR doesn't differentiate between S and NS aborts so SCR=0xd routes *all* EAs to the monitor mode. So rocking up at the MVBAR offset is expected.

    The DFSR value is weird. Bit12 is zero which can indicate DECERR on A9, which makes sense, but [3:0] indicate a permissions fault on a table walk.

    Have you put page tables in RAM behind the TZC maybe?
  • 0 in reply to Peter Rielly
    Linux's page tables are in a TZC region accessible in RW by everyone.
    Monitor & Secure OS's page tables are in a TZC region only accessible in RW by the Secure world. It seems that I have to read the DFSR/DFAR of the secure world, even if the fault (DECERR) happened in the normal world. Maybe it's because I want the fault to happen in the secure monitor, so only the Secure MMU registers are updated ?
  • +1 Arm Employee Badge in reply to Vincent Siles
    Yep. The DFSR/DFAR will get updated based on where you take the exception, not where the exception was caused.

    Most ext aborts are imprecise so there is often not a lot of useful information in the DFxRs anyway. Bus level security gates usually provide some registers that can be interrogated to provide additional info. TZC has Fail Status/Address registers.