安全模式如何访问安全/非安全内存? [英] Secure mode can access secure / non secure memory how?
问题描述
根据 CortexA 编程指南
As per CortexA prog Guide
TrustZone 硬件还有效地提供了两个虚拟 MMU,每个虚拟处理器一个.这使每个世界都有一组本地转换表,安全世界映射隐藏并受到正常世界的保护.
TrustZone hardware also effectively provides two virtual MMUs, one for each virtual processor. This enables each world to have a local set of translation tables, with the Secure world mappings hidden and protected from the Normal world.
页表描述包含一个 NS 位,用于确定是访问安全物理地址空间还是非安全物理地址空间.
The page table descriptions include a NS bit, which is used to determine whether accesses are made to the secure or non-secure physical address space.
虽然页表入口位仍然存在,但普通虚拟处理器硬件不使用该字段,并且内存访问总是在 NS = 1 的情况下进行.因此安全虚拟处理器可以访问安全或普通内存.缓存和 TLB 硬件允许正常和安全条目共存.
Although the page table entry bit is still present, the Normal virtual processor hardware does not use this field, and memory accesses are always made with NS = 1. The Secure virtual processor can therefore access either Secure or Normal memory. Cache and TLB hardware permits Normal and Secure entries to co-exist.
因此,如果要写入代码(以安全模式运行)来访问地址 0xA0000000 [NS] 和 0xA0000000[S],它将如何编码?
So If a code (running in secure mode) is to be written to access say address 0xA0000000 [NS] and 0xA0000000[S] how would it be coded?
推荐答案
因此,如果要写入代码(以安全模式运行)来访问地址 0xA0000000 [NS] 和 0xA0000000[S],它将如何编码?
So If a code (running in secure mode) is to be written to access say address 0xA0000000 [NS] and 0xA0000000[S] how would it be coded?
您可能在这里遇到了概念上的问题.没有物理地址0xA0000000 [NS]和0xA0000000[S],只有物理地址0xA0000000.NS 位由总线控制器使用,如HPROT(用户/主管)访问以检查访问权限;之后,只有一个物理内存地址存储结果.通过这种方式,SDRAM 设备不需要知道TrustZone,而只需要知道总线控制器.
It is possible you have a conceptual issue here. There is no physical address 0xA0000000 [NS] and 0xA0000000[S], there is only the physical address 0xA0000000. The NS bit is used by a bus controller, like the HPROT (user/supervisor) access to check permissions on the access; afterwards, only one physical memory address stores the result. In this way, the SDRAM device does not need to be TrustZone aware, but just the bus controllers.
您需要设置分区检查器有一个全球共享映射.这在两个世界中都是读/写访问.然后 scott 给出的信息适用.如果两个操作系统都有一个 MMU,则创建两个具有相同物理地址的映射.L1 缓存和 TLB 中可能存在内存和 MMU 条目的两个副本.重复的 TLB 没有问题.写入此内存后,L1 可能需要刷新.将有两行都具有相同的数据,但其中一行带有 NS 标记,而另一行没有.
You need the to setup the partition checker to have a world shareable mapping. That is read/write access in both worlds. Then the information as scott gives applies. If both OSes, have an MMU, then create two mappings with the same physical address. Two copies of the memory and MMU entries may exist in the L1-cache and TLB. There is no issue with the duplicate TLB. The L1 may need flushing after writing to this memory. There will be two lines both with the same data, but one tagged with NS and one without.
为了乐趣和利润而使用超线程在这种情况下可能是一篇有趣的论文.
Hyperthreading for fun and profit may be an interesting paper in this context.
这篇关于安全模式如何访问安全/非安全内存?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
