• Locked Locked
  • Replies 9 replies
  • Subscribers 119 subscribers
  • Views 8096 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Control MMU for TrustZone

thiet pv
Note: This was originally posted on 20th July 2011 at http://forums.arm.com

Dear all,
I am a new bie about TrustZone. I arm learning the effect of TrustZone to MMU. I have some problems about the mechanism to manage secure/non-secure region by MMU.
Please help me to understand about them.
My dubious point described as below:
   When translation virtual address to physical address, system will use TLB table. I know that, when have a miss occur on TLB, it will find physical page from page table.
From table index of virtual address and table base address, will have first-level descriptor, the first-level descriptor will be input for page table to get physical page table from page table
then fill it to TLB table.
If page table miss, it will find physical page form external memory (RAM) and fill it to page table with it's attribute.
So when cpu stay in secure world, and access to secure physical memory
     How to know the address that cpu access include secure physical memory region or no-secure physical memory region?
     How to partition the physical memory into secure and non-secure regions?
and if know secure attribute of secure region then
     How to fill secure attribute to page table?
Please help me.
Thank you very much,
Parents
  • Note: This was originally posted on 22nd July 2011 at http://forums.arm.com

    > When the secure world makes a table walk that walk is always made as secure. When the normal world makes a table walk it is always made as non-secure.
       I think when the secure world makes a table walk that walk can be secure or non-secure, it depends on the physical page on page table mapped secure or non-secure.
       I know that for some TrustZone systems implemented TZASC, TZMA to partition secure and non-secure memory regions. So when have a miss on page table,
    it must find this page from main memory (DRAM) and determine whether it is secure or non-secure memory region (by check signal on TZASC for the memory region that it access to)
    then fill it to page table with the status of this page on memory region.
       My understand is correct or incorrect? Can you explain for me?

    > NSTID = currently world of the processor.
    > NS = the NS bit from the L1 descriptor if in secure-world, zero otherwise.
    Will NS bit from the L1 descriptor specify by attribute on page table?
    The mean that when find physical page from page table then NS bit on descriptor will be updated by an secure attribute on page table but I don't know the attribute.
    It my understand correct. Can you indicate what is the secure attribute on page table?
Reply
  • Note: This was originally posted on 22nd July 2011 at http://forums.arm.com

    > When the secure world makes a table walk that walk is always made as secure. When the normal world makes a table walk it is always made as non-secure.
       I think when the secure world makes a table walk that walk can be secure or non-secure, it depends on the physical page on page table mapped secure or non-secure.
       I know that for some TrustZone systems implemented TZASC, TZMA to partition secure and non-secure memory regions. So when have a miss on page table,
    it must find this page from main memory (DRAM) and determine whether it is secure or non-secure memory region (by check signal on TZASC for the memory region that it access to)
    then fill it to page table with the status of this page on memory region.
       My understand is correct or incorrect? Can you explain for me?

    > NSTID = currently world of the processor.
    > NS = the NS bit from the L1 descriptor if in secure-world, zero otherwise.
    Will NS bit from the L1 descriptor specify by attribute on page table?
    The mean that when find physical page from page table then NS bit on descriptor will be updated by an secure attribute on page table but I don't know the attribute.
    It my understand correct. Can you indicate what is the secure attribute on page table?
Children
No data