This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trustzone Address Space controller fault to secure monitor.

Hi,

I'm using a TZC380 (on an i.MX6 board from NXP) along with NXP CSU to protect some part of my DDR ram and some sensitive devices.

For the TZC configuration, I choose an action set to 3: "sets tzasc_int HIGH and issues a DECERR response".

My secure monitor is configured to route Non Secure External Abort to the secure monitor (SCR = 0xd)

I triggered an illegal access from Linux by trying to read a secure address, and I directly jump to the "Data Abort" entry of my secure monitor VBAR.

At this time, if I print the NS DFSR and DFAR, their content doesn't seem relevant to my error, and especially DFSR doesn't have the Ext bit set.

If I print the S DFSR, I get 0x18 -> Synchronous External Abort.

I would expect to jump to the NS VBAR Data Abort entry instead of the MBVAR, and in the latter case, I would expect the External Abort bit to be set in the DFSR

Is my understanding wrong ? Can someone clarify a bit the situation of what is happening in such a configuration ?

Best,

Vincent

0 Vincent Siles over 7 years ago

I did a bunch of test with NXP's CSU too, and I get almost the same Secure DFSR: 0x1018 meaning the Ext bit is set. I don't know why I get this difference.
Cancel
Up 0 Down

Cancel
0 Peter Rielly over 7 years ago

Hi Vincent,

The SCR doesn't differentiate between S and NS aborts so SCR=0xd routes *all* EAs to the monitor mode. So rocking up at the MVBAR offset is expected.

The DFSR value is weird. Bit12 is zero which can indicate DECERR on A9, which makes sense, but [3:0] indicate a permissions fault on a table walk.

Have you put page tables in RAM behind the TZC maybe?
Cancel
Up 0 Down

Cancel
0 Vincent Siles over 7 years ago in reply to Peter Rielly

Linux's page tables are in a TZC region accessible in RW by everyone.
Monitor & Secure OS's page tables are in a TZC region only accessible in RW by the Secure world. It seems that I have to read the DFSR/DFAR of the secure world, even if the fault (DECERR) happened in the normal world. Maybe it's because I want the fault to happen in the secure monitor, so only the Secure MMU registers are updated ?
Cancel
Up 0 Down

Cancel
+1 Peter Rielly over 7 years ago in reply to Vincent Siles

Yep. The DFSR/DFAR will get updated based on where you take the exception, not where the exception was caused.

Most ext aborts are imprecise so there is often not a lot of useful information in the DFxRs anyway. Bus level security gates usually provide some registers that can be interrogated to provide additional info. TZC has Fail Status/Address registers.
Cancel
Up 0 Down

Cancel