• Locked Locked
  • Replies 5 replies
  • Subscribers 119 subscribers
  • Views 4500 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

secure & non-secure address space in Cotex-A9

jianhui li
Note: This was originally posted on 11th May 2011 at http://forums.arm.com

Dear professor,
I would like to know how is it implemented the separate address space between secure state and non-secure state in Cotex-A9?
" When implemented, the Security Extensions provide two physical address spaces, a Secure physical address space and a Non-secure physical address space."
this is described in the datasheet of ARMv7.
And I understand that secure and non-secure state has separete translation table according to different TTB registers copy.
but i am confused how do they have separe physical address space?

Parents
  • Arm Employee Badge
    Note: This was originally posted on 11th May 2011 at http://forums.arm.com

    So far your understanding is correct - the Cortex-A9 sees two physical address spaces: Secure (S) and Non-Secure(NS). This means that when looking at physical address:

    S:0x8000 != NS:0x8000

    The Security Extensions (TrustZone) defines the processor supports two worlds, effectively you have two virtual processors.  Again these are the Secure world and Non-Secure (Normal) world.  The Normal world can only access the Non-Secure physical address space.  The Secure world can access both the Secure and Non-Secure physical address spaces.  

    Each world has its own set of page table.  So when in the Secure world you will _always_ use the Secure page tables.  And when in the Normal world you will _always_ use the Non-Secure page tables.  The page table format for the Secure world includes an extra bit - the NS bit.  This bit tells the processor whether to translate that block of virtual address space to Secure PA or the Non-Secure PA.  That's how the Secure world can access both.

    How this looks on the bus?
    Well, AXI includes a signal to define whether the address being accessed is Secure or Non-Secure.  This is the AxPROT[1] signal.  This will get set appropriately by the processor based on the world that generated the requested access, and the page tables.

    Now, exactly how the memory system uses this bit is up to the designers.  You _could_ use it as an extra address bit.  So S:0x8000 goes to a different peripheral to NS:0x8000.  More commonly it is just used to gate access.  Say you have a memory for "secure" data.  Then the memory system simply aborts any non-secure access to that  address range.
Reply
  • Arm Employee Badge
    Note: This was originally posted on 11th May 2011 at http://forums.arm.com

    So far your understanding is correct - the Cortex-A9 sees two physical address spaces: Secure (S) and Non-Secure(NS). This means that when looking at physical address:

    S:0x8000 != NS:0x8000

    The Security Extensions (TrustZone) defines the processor supports two worlds, effectively you have two virtual processors.  Again these are the Secure world and Non-Secure (Normal) world.  The Normal world can only access the Non-Secure physical address space.  The Secure world can access both the Secure and Non-Secure physical address spaces.  

    Each world has its own set of page table.  So when in the Secure world you will _always_ use the Secure page tables.  And when in the Normal world you will _always_ use the Non-Secure page tables.  The page table format for the Secure world includes an extra bit - the NS bit.  This bit tells the processor whether to translate that block of virtual address space to Secure PA or the Non-Secure PA.  That's how the Secure world can access both.

    How this looks on the bus?
    Well, AXI includes a signal to define whether the address being accessed is Secure or Non-Secure.  This is the AxPROT[1] signal.  This will get set appropriately by the processor based on the world that generated the requested access, and the page tables.

    Now, exactly how the memory system uses this bit is up to the designers.  You _could_ use it as an extra address bit.  So S:0x8000 goes to a different peripheral to NS:0x8000.  More commonly it is just used to gate access.  Say you have a memory for "secure" data.  Then the memory system simply aborts any non-secure access to that  address range.
Children
No data