This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

trustzone translation table

Note: This was originally posted on 15th November 2011 at http://forums.arm.com

After reading the documents in the website, i am quite puzzled about the trustzone feature.
1. Can i disable trustzone extension?
2. Each world has its own virtual processor, virtual mmu and translation table. How to make sure that the normal world can't access the secure world memory? The normal world can't see the physical address of the secure world? Or it can translate the virtual address to the physical address of the secure world, but it can't access that region of memory?
3. Normal world ignores the NS bit in the translation table. So it can access all the physical memory in normal world?
I have read the book: ARM Security Technology: Building a Secure System Using TrustZone Technology, ARM Architecure Reference Manual and ARM Cortex-A programming guide. Did i miss the important part? Can anyone advise me some books regarding the arm cortex-a architecture? I am a beginner at ARM. Thanks.
Parents
  • Note: This was originally posted on 15th November 2011 at http://forums.arm.com

    Thanks for your answer, ttfn.
    I am still puzzled at the translation table.
    1. Does the two world have different translation tables?
    2. Can the normal world translate the virtual address to the physical address, while this physical address is secure according to the translation table in the secure world? If so, the normal world can modify that region of memory.
    3. In the manual ARM Architecture Reference Manual ARMv7-A and ARMv7-R Edition, there is one section B3.5 Secure and Non-secure address spaces, i am confused by the following words.


    The Non-secure translation table entries can only translate a virtual address to a physical address in the Non-secure physical address space. Secure translation table entries can translate a virtual address to a physical addresses in either the Secure or the Non-secure address space. Selection of which physical address space to use is managed by the NS field in the first-level descriptors, see First-level descriptors on page B3-8:

    while constructing the translation table, there is no first-level descriptors, how come it can divides the physical memory according to the  NS bit in the first-level?

    Thanks.
Reply
  • Note: This was originally posted on 15th November 2011 at http://forums.arm.com

    Thanks for your answer, ttfn.
    I am still puzzled at the translation table.
    1. Does the two world have different translation tables?
    2. Can the normal world translate the virtual address to the physical address, while this physical address is secure according to the translation table in the secure world? If so, the normal world can modify that region of memory.
    3. In the manual ARM Architecture Reference Manual ARMv7-A and ARMv7-R Edition, there is one section B3.5 Secure and Non-secure address spaces, i am confused by the following words.


    The Non-secure translation table entries can only translate a virtual address to a physical address in the Non-secure physical address space. Secure translation table entries can translate a virtual address to a physical addresses in either the Secure or the Non-secure address space. Selection of which physical address space to use is managed by the NS field in the first-level descriptors, see First-level descriptors on page B3-8:

    while constructing the translation table, there is no first-level descriptors, how come it can divides the physical memory according to the  NS bit in the first-level?

    Thanks.
Children
No data