Hello,
I am new to the TZC-400 ARM component. I know there are 8 memory regions possible. I want to ask a basic question. If I want to create a memory region in non-secure memory which the secure OS (NS=0 , e.g. TEE) can access while is not accessible from the non-secure OS (referred to as rich OS), then how would I go about doing that ?
The confusion I have is that the access control for non-secure memory regions being done by TZC-400 is based on NSAID. If I understand it correctly, the application processor (AP) will be assigned a NSAID. Also, TEE (secure OS mode with TrustZone) is just the application processor context switched into the secure world. Then how is TZC-400 able to tell whether an access to a non-secure memory region is allowed from secure OS but not from non-secure OS (rich OS), when its the same NSAID (the NSAID of the AP) ?
Thanks
Hi,
I recommend taking a look at how Trusted Firmware TF-A does this:
https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/arm/board/juno/juno_security.c
Or you may find it easier to digest this older version of the code, specifically for region 3 which is marked as a Secure-only region of Non-secure DRAM:
https://github.com/ARM-software/arm-trusted-firmware/blob/v1.1-Juno-0.1/plat/juno/plat_security.c#L63
Basically you'll want to configure the REGION_ATTRIBUTES_<n> register (where <n> is the region number that you're configuring) to be 0xC000_0000 i.e.:
Hope that helps,Ash.