• Locked Locked
  • Replies 4 replies
  • Subscribers 119 subscribers
  • Views 6475 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Trustzone] interrupt level fast world switch(NWD->SWD) solution?

ray mao
Note: This was originally posted on 11th October 2012 at http://forums.arm.com

Dear ARM Engineer,

I have a question about interrupt level fast word switch for trustzone enabled ecosystem.
For scenario - 1 core is running in one World, interrupt of the other World happen. How to switch the core to the other world quickly.

Solution-1
In the whitepaper prd29-genc-009492c_trustzone_security_whitepaper.pdf
one solution is already mentioned. - monitor route slolution.
but this solution need carefully deal with monitor, NWD OS, SWD OS interrupt related code.

Solution-2
I was checking another solution which one World OS actively do swtich directly while the other world interrupt happen.
From ARM GIC Spec, spurious interrupt ID 1022 & 1023 seems to be possible as the flag.
(Suppose NWD only use IRQ, SWD only use FIQ)
After test,
1022 can help SWD->NWD  for case cpu core in SWD and IRQ happened.
1023 can not help NWD->SWD for case cpu core in NWD and FIQ happened. (As 1023 will also happen in other case)

So is there any extra flag/way can help Solution-2 do NWD->SWD.
Or say Besides Monitro solution, is there any other way can help interrupt level fast word switch NWD->SWD while  FIQ happen.

Thanks!
Parents
  • Arm Employee Badge
    Note: This was originally posted on 11th October 2012 at http://forums.arm.com

    Whatever happens you need to go through the monitor - it's the gate keeper between the two worlds, and ensures no unintended data leakage from secure to non-secure.

    For A-profile cores the trustzone monitor overhead tends to be in the noise - the code is usually only a couple of hundred CPU cycles - most A-profile cores lose more time than that in the interrupt handler due to cache and tlb misses. So before you try to micro-optimize and throw your security in the bin, please check that you actually need the interrupt to go faster. In reality you probably don't.

    Iso
Reply
  • Arm Employee Badge
    Note: This was originally posted on 11th October 2012 at http://forums.arm.com

    Whatever happens you need to go through the monitor - it's the gate keeper between the two worlds, and ensures no unintended data leakage from secure to non-secure.

    For A-profile cores the trustzone monitor overhead tends to be in the noise - the code is usually only a couple of hundred CPU cycles - most A-profile cores lose more time than that in the interrupt handler due to cache and tlb misses. So before you try to micro-optimize and throw your security in the bin, please check that you actually need the interrupt to go faster. In reality you probably don't.

    Iso
Children
No data