This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

trustzone translation table

Note: This was originally posted on 15th November 2011 at http://forums.arm.com

After reading the documents in the website, i am quite puzzled about the trustzone feature.
1. Can i disable trustzone extension?
2. Each world has its own virtual processor, virtual mmu and translation table. How to make sure that the normal world can't access the secure world memory? The normal world can't see the physical address of the secure world? Or it can translate the virtual address to the physical address of the secure world, but it can't access that region of memory?
3. Normal world ignores the NS bit in the translation table. So it can access all the physical memory in normal world?
I have read the book: ARM Security Technology: Building a Secure System Using TrustZone Technology, ARM Architecure Reference Manual and ARM Cortex-A programming guide. Did i miss the important part? Can anyone advise me some books regarding the arm cortex-a architecture? I am a beginner at ARM. Thanks.
Parents
  • Note: This was originally posted on 15th November 2011 at http://forums.arm.com

    1) Not exactly.  The Security Extensions will either be present in a processor - or they won;t be.  In the case of the Cortex-A processors, they all have it.  That said, you don't have to use it.  If your not interested in TrustZone, after a couple of steps you can switch into the Normal world and ignore the Secure world from then on.

    3) TrustZone provides the concept of secure memory and non-secure memory.  In the Secure world the NS bit in the translation tables define whether to access secure or non-secure memory.  In the Normal world the NS bit is ignored BECAUSE ALL ACCESSES WILL BE NON-SECURE.

    2) It kind of depends on what you mean by secure memory.  The processor will generate a "secure" or "non-secure" access on the bus.  If your interested, its the AxPROT signal that reflects the access type.  Its up to the memory system what to do with this information.  Typically the memory system would just abort a non-secure access to secure memory.
Reply
  • Note: This was originally posted on 15th November 2011 at http://forums.arm.com

    1) Not exactly.  The Security Extensions will either be present in a processor - or they won;t be.  In the case of the Cortex-A processors, they all have it.  That said, you don't have to use it.  If your not interested in TrustZone, after a couple of steps you can switch into the Normal world and ignore the Secure world from then on.

    3) TrustZone provides the concept of secure memory and non-secure memory.  In the Secure world the NS bit in the translation tables define whether to access secure or non-secure memory.  In the Normal world the NS bit is ignored BECAUSE ALL ACCESSES WILL BE NON-SECURE.

    2) It kind of depends on what you mean by secure memory.  The processor will generate a "secure" or "non-secure" access on the bus.  If your interested, its the AxPROT signal that reflects the access type.  Its up to the memory system what to do with this information.  Typically the memory system would just abort a non-secure access to secure memory.
Children
No data