Preventing a CPU core from accessing peripheral registers

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Preventing a CPU core from accessing peripheral registers

Jump to solution
918 Views
andreasgoergner
Contributor I

Dear Vybrid Experts!

Is it possible to prevent a specific CPU (the Cortex-M4 for instance) from accessing peripheral registers? I'm aware that there is hardware supported semaphore engine integrated in Vybrid, but if a software is not using the semaphore programming model / the semaphore engine, it looks to me that it is not possible to prevent a CPU from accessing GPIOs or other peripherals (in a case of a software accident / wrong pointers for instance) by hardware.

Could you please confirm?

Thanks!

- Andreas

0 Kudos
1 Solution
471 Views
billpringlemeir
Contributor V

This is possible with the CSU functionality.  Note that this is an ALL or nothing for the entire GPIO logic (all ports!).  The cortex-M4 is M0 and M1 on the NIC bus with the CSU protecting a S1 partition including the GPIO functionality.  The M4 and all it's controlled DMA peripherals (bus masters) should be marked as 'non-secure' or normal.  The CSU will then prevent any access to the GPIOs.

It is unfortunate that the Vybrid designers grouped all of the GPIO ports together in the same address space.  It would be very convenient to have some banks as critical and others as non-critical.  For instance PORT-A never modified by A5 and PORT-D never modified by the M4.  They have tried to make the GPIO interface possible to use in the AMP design, but they did not protect against malicious software (whether intentional or not).  The CSU has bits that will lock a setup and prevent any software from changing the permission.  For the other AIPS peripherals, they all have separate 4k register sections and can be individually protected.

For example, if you allow the M4 to access the USB0, then in theory you can program the USB0 to DMA memory from the GPIO register bank.  So you would make the USB and M4 bus master ports both 'normal' or non-secure.  Similarly, the TZASC can carve up memory to ensure that the M4 never steps on A5 critical memory (and vice-versa).  TZASC is to partition/protect memory and the CSU is to protect peripherals.

Note: The CSU and TZASC is documented in the security manual.  Although you can also get some TZASC documents from ARM.

View solution in original post

0 Kudos
3 Replies
472 Views
billpringlemeir
Contributor V

This is possible with the CSU functionality.  Note that this is an ALL or nothing for the entire GPIO logic (all ports!).  The cortex-M4 is M0 and M1 on the NIC bus with the CSU protecting a S1 partition including the GPIO functionality.  The M4 and all it's controlled DMA peripherals (bus masters) should be marked as 'non-secure' or normal.  The CSU will then prevent any access to the GPIOs.

It is unfortunate that the Vybrid designers grouped all of the GPIO ports together in the same address space.  It would be very convenient to have some banks as critical and others as non-critical.  For instance PORT-A never modified by A5 and PORT-D never modified by the M4.  They have tried to make the GPIO interface possible to use in the AMP design, but they did not protect against malicious software (whether intentional or not).  The CSU has bits that will lock a setup and prevent any software from changing the permission.  For the other AIPS peripherals, they all have separate 4k register sections and can be individually protected.

For example, if you allow the M4 to access the USB0, then in theory you can program the USB0 to DMA memory from the GPIO register bank.  So you would make the USB and M4 bus master ports both 'normal' or non-secure.  Similarly, the TZASC can carve up memory to ensure that the M4 never steps on A5 critical memory (and vice-versa).  TZASC is to partition/protect memory and the CSU is to protect peripherals.

Note: The CSU and TZASC is documented in the security manual.  Although you can also get some TZASC documents from ARM.

0 Kudos
471 Views
andreasgoergner
Contributor I

Thanks Bill,

Good information!

- Andreas

0 Kudos
471 Views
kef2
Senior Contributor IV

I didn't touch M4 core yet, but A5 MMU allows disabling and/or remapping accesses to specific blocks of addresses. Minimum block size is 4kB.

0 Kudos