• Locked Locked
  • Replies 11 replies
  • Subscribers 119 subscribers
  • Views 6683 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARM FastModels for TrustZone Development

Earlence Fernandes
Note: This was originally posted on 22nd August 2013 at http://forums.arm.com

I am trying to learn about TrustZone and I've downloaded the FastModels 8.1 simulator.
The license I can obtain is only for the Cortex A8 Eval Board, and The ref manual for FastModels implies that
no trust zone is built in.

Which fast model I can use to experiment with trust zone?
How do I get the required evaluation license? I am a student and have a .edu email address?
Anyone else with similar experience? My first step is to boot a linux kernel in secure world.

-Earlence
  • Note: This was originally posted on 22nd August 2013 at http://forums.arm.com

    I've been looking at other Models in FastModels and these seem to have trust zone related blocks

    Build_AEMv8A
    Build_Cortex-A9x1

    under FVP_VE.

    Is this correct?
    Where can I get their memory maps? Where secure memory is located? Where normal memory is located?

    Is there a way to dynamically configure sections of RAM as secure/normal? Is this information specific to the board/model?

    -Earlence
  • Note: This was originally posted on 23rd August 2013 at http://forums.arm.com

    I've looked at the LISA files for the ARM v8 EB under FVP_EB. They don't have any trust zone components.
  • Note: This was originally posted on 23rd August 2013 at http://forums.arm.com

    That makes sense.

    Are you aware of any of the Fast Models that include a TZC component that supports dynamic mapping of memory to secure/normal worlds?

    I've been looking at the Cortex A9x4 VE board, and it doesn't seem to have the TZPC (BP147) component as well. Does this mean that all secure RAM/normal RAM
    mappings are final and static and "written in hardware" ?


    -Earlence
  • Note: This was originally posted on 23rd August 2013 at http://forums.arm.com

    Ok, So I;ve been looking at the VE Cortex A9 LISA files for the daughterboard and I see the following lines:

    securitydecoder.pvbus_m_range[ 0x0000000000..0x0007FFFFFF ] => secure_region.pvbus_input   [ 0x0000000000..0x0007FFFFFF ];
            securitydecoder.pvbus_m_range[ 0x0008000000..0x007DFFFFFF ] => nonsecure_region.pvbus_input[ 0x0008000000..0x007DFFFFFF ];
            securitydecoder.pvbus_m_range[ 0x007E000000..0x007FFFFFFF ] => secure_region.pvbus_input   [ 0x007E000000..0x007FFFFFFF ];
            securitydecoder.pvbus_m_range[ 0x0080000000..0xFFFFFFFFFF ] => nonsecure_region.pvbus_input[ 0x0080000000..0xFFFFFFFFFF ];

    So there are 2 secure and 2 nonsecure regions?

    Also the following lines:
    securepvbusdecoder.pvbus_m_range[0x0004000000..0x000401FFFF] => secureSRAM.pvbus; // 128kB Secure SRAM
            securepvbusdecoder.pvbus_m_range[0x007E000000..0x007FFFFFFF] => secureDRAM.pvbus; //  32MB Secure DRAM

    So I'm guessing that these are the physical address ranges for secure static and secure dynamic RAM?

    How does it relate to the regions defined above?

    -Earlence
  • Note: This was originally posted on 27th August 2013 at http://forums.arm.com

    Are these the 2 secure ranges?

    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]0x0000000000..0x0007FFFFFF (128MB))[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]0x007E000000..0x007FFFFFFF (32MB)[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]I'm wondering why did they split it up like this?[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]Also, lower down in the lisa file, it seems that if a secure access is made on a non-secure region, then an abort occurs.[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]This means that the normal and secure worlds are completely isolated? Even secure cannot see all memory?[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]-Earlence[/size][/font][/color]
    [color=#222222][font=Arial, Helvetica, sans-serif][size=2]
    [/size][/font][/color]
  • Arm Employee Badge
    Note: This was originally posted on 27th August 2013 at http://forums.arm.com


    Are these the 2 secure ranges?

    0x0000000000..0x0007FFFFFF (128MB))
    0x007E000000..0x007FFFFFFF (32MB)

    I'm wondering why did they split it up like this?


    Also, lower down in the lisa file, it seems that if a secure access is made on a non-secure region, then an abort occurs.
    This means that the normal and secure worlds are completely isolated? Even secure cannot see all memory?

    -Earlence



    At a quick look, those 2 regions are configured to allow secure accesses and deny NS access. Assuming you have set the secure_memory parameter to TRUE.

    For this configuration, yes the TZSwitch does appear to deny S access to a NS region. That is just a configuration of VE - it is easily changed to let you have all memory accessible to S and only some accessible to NS access.

    As to why this configuration was chosen for the VE platform, I would have to ask the designer.

    Chris


  • Arm Employee Badge
    Note: This was originally posted on 23rd August 2013 at http://forums.arm.com


    I am trying to learn about TrustZone and I've downloaded the FastModels 8.1 simulator.
    The license I can obtain is only for the Cortex A8 Eval Board, and The ref manual for FastModels implies that
    no trust zone is built in.

    Which fast model I can use to experiment with trust zone?
    How do I get the required evaluation license? I am a student and have a .edu email address?
    Anyone else with similar experience? My first step is to boot a linux kernel in secure world.

    -Earlence


    Earlence,

    Can you point out where the Fast Models manual implies that the A8 model in Fast Models has no TrustZone support?

    The Cortex A8 has TrustZone and as such, the Fast Model supports the use of Programmer Visible features.

    Chris

  • Arm Employee Badge
    Note: This was originally posted on 23rd August 2013 at http://forums.arm.com


    I've been looking at other Models in FastModels and these seem to have trust zone related blocks

    Build_AEMv8A
    Build_Cortex-A9x1

    under FVP_VE.

    Is this correct?
    Where can I get their memory maps? Where secure memory is located? Where normal memory is located?

    Is there a way to dynamically configure sections of RAM as secure/normal? Is this information specific to the board/model?

    -Earlence


    The memory map is specific for the board type. In the case you mention - Versatile Express - the VE board the memory map is held in 2 files:


    VEMotherBoard.lisa
    and
    VEDaughterBoard.lisa


    Here you can see how secure and non-secure components are mapped.

    It is possible to dynamically map sections of memory, but you would have to write the mapping component yourself - using LISA - and have license to use System Generator.

    regards

    Chris
  • Arm Employee Badge
    Note: This was originally posted on 23rd August 2013 at http://forums.arm.com


    I've looked at the LISA files for the ARM v8 EB under FVP_EB. They don't have any trust zone components.


    The model of the EB platform is a model of a real, existing, Evaluation Baseboard. EB did not have any native TrustZone support on the motherboard. As a result, the delivered Evaluation Baseboard model has no TrustZone components on it - otherwise it would not be an EB.
    The A8 core will still be able to run TrustZone aware code. You will also be able to adapt the EB implementation (looking at the VE platform model implementation for direction) to add TrustZone aware components, but the thing you create will not be an Evaluation Baseboard - it will be "A TrustZone Aware Platform Inspired by the Evaluation Baseboard".


    Chris
  • Arm Employee Badge
    Note: This was originally posted on 23rd August 2013 at http://forums.arm.com


    That makes sense.

    Are you aware of any of the Fast Models that include a TZC component that supports dynamic mapping of memory to secure/normal worlds?

    I've been looking at the Cortex A9x4 VE board, and it doesn't seem to have the TZPC (BP147) component as well. Does this mean that all secure RAM/normal RAM
    mappings are final and static and "written in hardware" ?


    -Earlence


    Earlence,

    That platform

    You may wish to look into
    TZSwitch.lisa - that supports switching access between 2 ports based on external signal. This is part of all VE daughter board and will be part of the A9 VE Model.
    TZC_400 - that supports more complex mapping and switching with registers - I suspect this is the one you are looking for.

    If neither of these do what is needed, you will have to write your own.

    regards and best wishes

    Chris
  • Arm Employee Badge
    Note: This was originally posted on 27th August 2013 at http://forums.arm.com


    Ok, So I;ve been looking at the VE Cortex A9 LISA files for the daughterboard and I see the following lines:

    securitydecoder.pvbus_m_range[ 0x0000000000..0x0007FFFFFF ] => secure_region.pvbus_input   [ 0x0000000000..0x0007FFFFFF ];
            securitydecoder.pvbus_m_range[ 0x0008000000..0x007DFFFFFF ] => nonsecure_region.pvbus_input[ 0x0008000000..0x007DFFFFFF ];
            securitydecoder.pvbus_m_range[ 0x007E000000..0x007FFFFFFF ] => secure_region.pvbus_input   [ 0x007E000000..0x007FFFFFFF ];
            securitydecoder.pvbus_m_range[ 0x0080000000..0xFFFFFFFFFF ] => nonsecure_region.pvbus_input[ 0x0080000000..0xFFFFFFFFFF ];

    So there are 2 secure and 2 nonsecure regions?

    Also the following lines:
    securepvbusdecoder.pvbus_m_range[0x0004000000..0x000401FFFF] => secureSRAM.pvbus; // 128kB Secure SRAM
            securepvbusdecoder.pvbus_m_range[0x007E000000..0x007FFFFFFF] => secureDRAM.pvbus; //  32MB Secure DRAM

    So I'm guessing that these are the physical address ranges for secure static and secure dynamic RAM?

    How does it relate to the regions defined above?

    -Earlence


    You have to understand that these are part of a decode chain.

    The CPU PVBus feeds into the securitydecoder (which is just a  PVBus decoder) which splits accesses into 2 pairs of ranges - each pair of secure/nonsecure ranges handled by a TZSwitch.
    The two TZSwitches (called nonsecure_region and secure_region) then pass on - in partial crossover wiring - to two ordinary PVBus decoders (one secure and one non-secure) that handle a whole set of ranges for the secure and  non secure mem and peripherals.

    This arrangement is to emulate the actual specified wiring in a Versatile Express.

    The PVBus Decoder is just a static address mapping component.

    And yes - all addresses are Physical Addresses.

    Does this clarify matters?

    Chris