• Locked Locked
  • Replies 5 replies
  • Subscribers 119 subscribers
  • Views 4498 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

secure & non-secure address space in Cotex-A9

jianhui li
Note: This was originally posted on 11th May 2011 at http://forums.arm.com

Dear professor,
I would like to know how is it implemented the separate address space between secure state and non-secure state in Cotex-A9?
" When implemented, the Security Extensions provide two physical address spaces, a Secure physical address space and a Non-secure physical address space."
this is described in the datasheet of ARMv7.
And I understand that secure and non-secure state has separete translation table according to different TTB registers copy.
but i am confused how do they have separe physical address space?

Parents
  • Arm Employee Badge
    Note: This was originally posted on 11th May 2011 at http://forums.arm.com

    The layout of the physical address space is system specific.

    Typically a system designed to use TrustZone will have a small amount of memory/peripheral space fixed as being Secure only.  With part/most of the rest of the system configurable as Secure or Non-Secure.  For the configurable regions, the thing that controls Secure/Non-Secure will be something like a TrustZone Protection Controller or TrustZone Address Space Controller.  Basically a peripheral with registers you write to in order to toggle a given peripheral or address range between Secure and Non-Secure accessible.  You would have to configure this at boot.

    Basically - check the documentation for the board/chip you are using. 

    NOTE - Many systems have TrustZone capable processors - but not TrustZone aware memory systems.  That is the chip designer didn't think the secure stuff was necessary for their intended use case, and therefore didn't include the necessary system support.  You'll still be able to use the TrustZone features in the processor, but you won't have the memory system protection.
Reply
  • Arm Employee Badge
    Note: This was originally posted on 11th May 2011 at http://forums.arm.com

    The layout of the physical address space is system specific.

    Typically a system designed to use TrustZone will have a small amount of memory/peripheral space fixed as being Secure only.  With part/most of the rest of the system configurable as Secure or Non-Secure.  For the configurable regions, the thing that controls Secure/Non-Secure will be something like a TrustZone Protection Controller or TrustZone Address Space Controller.  Basically a peripheral with registers you write to in order to toggle a given peripheral or address range between Secure and Non-Secure accessible.  You would have to configure this at boot.

    Basically - check the documentation for the board/chip you are using. 

    NOTE - Many systems have TrustZone capable processors - but not TrustZone aware memory systems.  That is the chip designer didn't think the secure stuff was necessary for their intended use case, and therefore didn't include the necessary system support.  You'll still be able to use the TrustZone features in the processor, but you won't have the memory system protection.
Children
No data