• State Accepted Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 350 subscribers
  • Views 6915 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Initial page table walk for secure/nonsecure accesses

KamGators

I have a basic concept question.  From what I read in the ARMv8 docs... there is an NS and NSTable bit in the page table entries themselves for the 2nd level and higher page table lookups.  So these can be used to block access ... I.e. NS access is attempting to do access to secure memory.

One point I don't quite understand is how is the first level page table itself protected?  Meaning what determines whether secure/non secure can access the first level page table?  the first level page table being the very initial lookup.  I believe the address of the page table itself gets programmed in a TTBR register that is not banked on secure/non-secure.   So is it a common page table for both worlds if there is a single register and what protection prevents NS trying to change the page table itself?

 

Thanks

  • +1 Arm Employee Badge
    When in Secure state (EL3 or S.EL0/1), the first level of translation table must be in Secure memory. That is, the processor will treat the values in the TTBRs as being Secure physical addresses. It's only subsequent levels of tables that can be in Non-secure memory (controlled by NSTable).

    Note: The NS/NSTable bits are only used in Secure state. In Non-secure state you can only ever access Non-secure physical addresses.
  • 0
    Sort of a related question... what will prevent a nonsecure OS or hypervisor to change entries in the nonsecure page table to map a virtual address to same physical page that secure world happens to be using?

    thanks
  • 0 in reply to KamGators

    Nothing at all. To prevent the non-secure OS to access physical memory you consider "Secure Only", you have to use a TZASC (trustzone address space controller), that will use the NS bit of the virtual address to allow or deny access to the physical memory