- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
Dear Vybrid Experts!
Is it possible to prevent a specific CPU (the Cortex-M4 for instance) from accessing peripheral registers? I'm aware that there is hardware supported semaphore engine integrated in Vybrid, but if a software is not using the semaphore programming model / the semaphore engine, it looks to me that it is not possible to prevent a CPU from accessing GPIOs or other peripherals (in a case of a software accident / wrong pointers for instance) by hardware.
Could you please confirm?
Thanks!
- Andreas
已解决! 转到解答。
This is possible with the CSU functionality. Note that this is an ALL or nothing for the entire GPIO logic (all ports!). The cortex-M4 is M0 and M1 on the NIC bus with the CSU protecting a S1 partition including the GPIO functionality. The M4 and all it's controlled DMA peripherals (bus masters) should be marked as 'non-secure' or normal. The CSU will then prevent any access to the GPIOs.
It is unfortunate that the Vybrid designers grouped all of the GPIO ports together in the same address space. It would be very convenient to have some banks as critical and others as non-critical. For instance PORT-A never modified by A5 and PORT-D never modified by the M4. They have tried to make the GPIO interface possible to use in the AMP design, but they did not protect against malicious software (whether intentional or not). The CSU has bits that will lock a setup and prevent any software from changing the permission. For the other AIPS peripherals, they all have separate 4k register sections and can be individually protected.
For example, if you allow the M4 to access the USB0, then in theory you can program the USB0 to DMA memory from the GPIO register bank. So you would make the USB and M4 bus master ports both 'normal' or non-secure. Similarly, the TZASC can carve up memory to ensure that the M4 never steps on A5 critical memory (and vice-versa). TZASC is to partition/protect memory and the CSU is to protect peripherals.
Note: The CSU and TZASC is documented in the security manual. Although you can also get some TZASC documents from ARM.
This is possible with the CSU functionality. Note that this is an ALL or nothing for the entire GPIO logic (all ports!). The cortex-M4 is M0 and M1 on the NIC bus with the CSU protecting a S1 partition including the GPIO functionality. The M4 and all it's controlled DMA peripherals (bus masters) should be marked as 'non-secure' or normal. The CSU will then prevent any access to the GPIOs.
It is unfortunate that the Vybrid designers grouped all of the GPIO ports together in the same address space. It would be very convenient to have some banks as critical and others as non-critical. For instance PORT-A never modified by A5 and PORT-D never modified by the M4. They have tried to make the GPIO interface possible to use in the AMP design, but they did not protect against malicious software (whether intentional or not). The CSU has bits that will lock a setup and prevent any software from changing the permission. For the other AIPS peripherals, they all have separate 4k register sections and can be individually protected.
For example, if you allow the M4 to access the USB0, then in theory you can program the USB0 to DMA memory from the GPIO register bank. So you would make the USB and M4 bus master ports both 'normal' or non-secure. Similarly, the TZASC can carve up memory to ensure that the M4 never steps on A5 critical memory (and vice-versa). TZASC is to partition/protect memory and the CSU is to protect peripherals.
Note: The CSU and TZASC is documented in the security manual. Although you can also get some TZASC documents from ARM.
