trust-zone | 易学教程

TrustZone versus Hypervisor

阅读更多关于 TrustZone versus Hypervisor

I am just reading this document from ARM on TrustZone and some things are unclear to me. The fact that a Hypervisor offers a special CPU mode and that for the TrustZone , the processor comes with an extra 33rd bit : Isn't mode also a particular bit setting? How is then an extra bit making all that difference in terms of security. I do understand that the extra bit makes way for two separate 32 bit address spacing, but apart from that I am unable to put two and two together. Can someone clearly explain why TrustZone is more secure than a Hypervisor?? A typical Hypervisor is limited to the CPU

ARM TrustZone - Behaviour of the scheduler in Secure and Non-Secure OS

阅读更多关于 ARM TrustZone - Behaviour of the scheduler in Secure and Non-Secure OS

问题 Can some one please explain to me that after the CPU is taken to secured mode, (Monitor program sets the NS = 0 ), how does the secure OS gets scheduled? Is it that now that the CPU is in secured mode, the timer tick interrupt would be handled by the Secured OS and not the Non-Secured world? 回答1: The monitor mode setting NS=0 will set CP15 registers visible from monitor mode. See: monitor mode IFAR/IFSR.... When the monitor mode switches to another mode and NS=0 , then the mode is the secure

Develop programs for Arm trust zone

阅读更多关于 Develop programs for Arm trust zone

问题 How can I develop applications that use Arm's trust zone? Specifically, I want to develop a program that can save sensitive data in the secure world. Should this program run in the normal world or the secure world? I know there are trustlets in the secure world, do I need to develop trustlets? Are there SDK or API that I can use to directly interact with an existing secure world os or do I need to compile and install my own secure os? Any advice will be greatly appreciated. Thank you! 回答1:

TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR

阅读更多关于 TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR

The ARM TrustZone monitor mode can trap aborts in monitor mode. The monitor mode always executes in the secure world or context. How can we know what address and reason caused a fault in the normal world when it traps to the monitor mode instruction abort and data fault vectors? The IFSR , IFAR , DFSR and DFAR are banked CP15 registers. unixsmurf It is worth noting that only external aborts can be configured to be taken in monitor mode, so MMU access faults will not be trapped. As for the main question: the state of all Secure/Non-secure banked registers while in monitor mode is controlled by

What is partition checker in ARM Secure Mode

阅读更多关于 What is partition checker in ARM Secure Mode

问题 As per this link http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0333h/Chdfjdgi.html under System boot sequence ... Program the partition checker to allocate physical memory available to the Non-secure OS. What is the partition checker? Is it a subsystem which has registers, what is its programming model ? 回答1: What is the partition checker? It is outside of the TrustZone specification for the CPU. However, in a nut shell it partitions or divided memory spaces into different

TrustZone versus Hypervisor

阅读更多关于 TrustZone versus Hypervisor

问题 I am just reading this document from ARM on TrustZone and some things are unclear to me. The fact that a Hypervisor offers a special CPU mode and that for the TrustZone , the processor comes with an extra 33rd bit : Isn't mode also a particular bit setting? How is then an extra bit making all that difference in terms of security. I do understand that the extra bit makes way for two separate 32 bit address spacing, but apart from that I am unable to put two and two together. Can someone

TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR

阅读更多关于 TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR

问题 The ARM TrustZone monitor mode can trap aborts in monitor mode. The monitor mode always executes in the secure world or context. How can we know what address and reason caused a fault in the normal world when it traps to the monitor mode instruction abort and data fault vectors? The IFSR, IFAR, DFSR and DFAR are banked CP15 registers. 回答1: It is worth noting that only external aborts can be configured to be taken in monitor mode, so MMU access faults will not be trapped. As for the main

Handling ARM TrustZones

阅读更多关于 Handling ARM TrustZones

问题 ARM has something called TrustZone. As per ARM documentation , it gives that a process can run in Secure / Non-Secure World. What does the Secure / Non-Secure World means. Is it related to Processor executing modes or it is related to setting the permissions of memory regions or something else. Is there any relationship between the 7 operating modes of ARM and the Secure / Non-Secure Worlds. How to enable the TrustZone in ARM. From Which version of ARM is this introduced. Is it mandatory to