帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure and Non-secure address spaces

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Secure and Non-secure address spaces

‎07-20-2015 05:11 AM
940 次查看
moha
Contributor I

Hi,

I use the SABRE SD board (with iMX6Q cpu).

I run a bare metal application with one part running on the secure world and one in the normal world.

My goal is to define a secure memory region in the external RAM that cannot be accessed by the normal world.

For that I use the NS-bit in the translation table descriptor to define separate Secure and Non-secure address spaces.

When the secure memory region is made of 7 sections of 1 MB each the behavior is correct :

There are two separate address spaces.

When the normal world accesses (read/write) the same physical addresses as the secure memory region the normal world does not access the secure memory region data.

But if I add an additional 250 MB space to the secure memory region it seems there is then only one address space :

The normal world access (read and modify) the secure memory region data !!

Is this the expected behavior ?

Is there a limit for size of the secure memory ? how to retrieve this limit ? is it configurable ?

Thanks in advance for your help.

Moha

标签 (1)
标签
标记 (3)
0 项奖励
回复
3 回复数

‎07-28-2015 03:52 AM
652 次查看
moha
Contributor I

Hi,

Thanks for the answer.

I know that CSU should be used to protect peripheral accesses and TZASC enables external RAM permission access management.

But my concern is more relative to address spaces and NS bit in the translation table descriptor.

From my examples it seems secure and normal address spaces may be different or identical depending on the size of the secure space.

Is this correct? if yes how to retrieve this limit ? is it configurable ?

Regards,

Moha

0 项奖励
回复

‎07-28-2015 01:41 AM
652 次查看
Yuri
NXP Employee
NXP Employee

  First, please refer to ARM base example :

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15417.html

Also, please take into account, the CSU should be used to manage the system security

policy for peripheral access on the i.MX6. Please refer to Chapter 3 [Central Security Unit
(CSU)] of the Security Reference Manual for i.MX6.

http://www.freescale.com/webapp/sps/download/mod_download.jsp?colCode=IMX6DQ6SDLSRM&appType=moderate...


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

‎07-24-2015 02:24 AM
652 次查看
moha
Contributor I

Hi,

Actualy even when there are two address spaces, it seems both Secure and Non-secure address spaces initialy contain same data enabling then the normal world to read constant secure data ?!

Is this right and expected behavior  or did I missed something with my configuration ?

Moha

0 项奖励
回复