Hi Amit, 1. The NS bit based protection is enforced by the TZASC. EL3 and Secure world need to access both secure and Non Secure memory and the Secure/NS mapping in MMU allows to make this access with the right NS bit setting. If the NS bit matches the TZASC configuration, then the access will not fault. 2. By default, some peripherals and Trusted SRAM are Secure world access only and the protection is enforced by using peripheral side filter.
Best Regards Soby Mathew
-----Original Message----- From: Nagal, Amit amit.nagal@amd.com Sent: Thursday, April 11, 2024 9:15 PM To: Soby Mathew Soby.Mathew@arm.com; tf-a@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: RE: el3 secure memory access from lower exception levels.
Hi Soby,
Thanks for reply. I am using armv8.2 based platform .
what is the significance of NS bit then ? actually , I was thinking this will be ensured by NS-bit .
Referring https://developer.arm.com/documentation/den0024/a/Security/TrustZone- hardware-architecture , it says: "The memory system is divided by means of an additional bit that accompanies the address of peripherals and memory. This bit, called the NS-bit, indicates whether the access is Secure or Non-secure. Software running in the Normal World can only make Non-secure accesses to memory, because the core always sets the NS bit to 1 in any memory transaction generated by the Normal World."
It further says : Trying to perform a Non-secure access to external memory marked as Secure causes the memory system to disallow the request and the slave device returns an error response. so does this mean , to return error , the memory system mandatorily needs TZASC ?
Can you please share an example for " peripheral side access filters must be present to protect the memory"
Regards Amit.
-----Original Message----- From: Soby Mathew Soby.Mathew@arm.com Sent: Thursday, April 11, 2024 9:50 PM To: Nagal, Amit amit.nagal@amd.com; tf-a@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: RE: el3 secure memory access from lower exception levels.
Hi Amit, Stage 1 MMU only affects the software executing the same exception level. Hence Stage 1 MMU at EL3 cannot protect against access by EL2. To protect Secure memory from NS world, either there must be additional IP like Trustzone controller which must be configured appropriately, or peripheral side access filters must be present to protect the memory. If FEAT_RME (from Arm v9.2 onwards) is present, then each world isolation can be achieved using GPF mechanism.
Best Regards Soby Mathew
-----Original Message----- From: Nagal, Amit via TF-A tf-a@lists.trustedfirmware.org Sent: Thursday, April 11, 2024 5:09 PM To: tf-a@lists.trustedfirmware.org Subject: [TF-A] el3 secure memory access from lower exception levels.
Hi ,
As I understand , there are separate page tables in MMU for EL2 and EL3 . If a memory region is mapped as secure memory (MT_SECURE ,
MT_MEMORY,
MT_RW) in bl31 code which runs in EL3 , and the same memory region is mapped again with same attributes (MT_SECURE , MT_MEMORY, MT_RW )
in
EL2 , will EL2 be able to read and write to EL3 secure memory region ?
Regards Amit -- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org