FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure and Non-secure address spaces

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure and Non-secure address spaces

‎07-20-2015 05:11 AM
927 Views
moha
Contributor I

Hi,

I use the SABRE SD board (with iMX6Q cpu).

I run a bare metal application with one part running on the secure world and one in the normal world.

My goal is to define a secure memory region in the external RAM that cannot be accessed by the normal world.

For that I use the NS-bit in the translation table descriptor to define separate Secure and Non-secure address spaces.

When the secure memory region is made of 7 sections of 1 MB each the behavior is correct :

There are two separate address spaces.

When the normal world accesses (read/write) the same physical addresses as the secure memory region the normal world does not access the secure memory region data.

But if I add an additional 250 MB space to the secure memory region it seems there is then only one address space :

The normal world access (read and modify) the secure memory region data !!

Is this the expected behavior ?

Is there a limit for size of the secure memory ? how to retrieve this limit ? is it configurable ?

Thanks in advance for your help.

Moha

Labels (1)
Labels
0 Kudos
Reply
3 Replies

‎07-28-2015 03:52 AM
639 Views
moha
Contributor I

Hi,

Thanks for the answer.

I know that CSU should be used to protect peripheral accesses and TZASC enables external RAM permission access management.

But my concern is more relative to address spaces and NS bit in the translation table descriptor.

From my examples it seems secure and normal address spaces may be different or identical depending on the size of the secure space.

Is this correct? if yes how to retrieve this limit ? is it configurable ?

Regards,

Moha

0 Kudos
Reply

‎07-28-2015 01:41 AM
639 Views
Yuri
NXP Employee
NXP Employee

  First, please refer to ARM base example :

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15417.html

Also, please take into account, the CSU should be used to manage the system security

policy for peripheral access on the i.MX6. Please refer to Chapter 3 [Central Security Unit
(CSU)] of the Security Reference Manual for i.MX6.

http://www.freescale.com/webapp/sps/download/mod_download.jsp?colCode=IMX6DQ6SDLSRM&appType=moderate...


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎07-24-2015 02:24 AM
639 Views
moha
Contributor I

Hi,

Actualy even when there are two address spaces, it seems both Secure and Non-secure address spaces initialy contain same data enabling then the normal world to read constant secure data ?!

Is this right and expected behavior  or did I missed something with my configuration ?

Moha

0 Kudos
Reply