问题描述
根据这个链接http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0333h/Chdfjdgi.html
下
系统启动顺序...
对分区检查器进行编程以分配可用于非安全操作系统的物理内存.
什么是分区检查器?它是一个有寄存器的子系统,它的编程模型是什么?
它超出了 CPU 的 TrustZone 规范.然而,简而言之,它将内存空间划分或划分为不同的允许访问.如果不允许访问,则会引发external BUS error.
它是一个有寄存器的子系统,它的编程模型是什么?
通常,它是一堆寄存器.它可能是多个注册文件.例如,一个 APB(外围总线)、AHB(旧 ARM 总线)和一个新的 AXI(TrustZone 感知总线)可能都存在于一个系统中.甚至可能有多个 APB 总线等.
来自同一页面,
TrustZone 内存管理的原理是将物理内存划分为 Secure 和 Non-secure 区域.
应该补充一点,partition masters 作为 secure 和 non-secure 也很重要.分区超出了 ARM CPU TrustZone 规范;它是 BUS 架构的一部分.由总线控制器/结构来实现这一点.总线控制器同时连接了 masters(CPU、DMA 外设等)和 slave(内存设备、寄存器接口等).
分区 在 ARM TrustZone 文档的上下文中有点模糊,因为它取决于每个 SOC 和总线控制器(和层次结构)来实现细节.如上所述,它将内存空间划分或划分为不同的允许访问.这就像使用传统 ARM (AMABA) AHB 总线的主管与用户访问.AXI接口增加了一个NS
位.
以下是总线控制器支持的可能组合.
|阅读 |写-------------+--------+--------普通用户 |是/否 |是/否普通超级 |是/否 |是/否安全用户 |是/否 |是/否安全超级 |是/否 |是/否
SCR
NS
位将动态确定是否在总线访问时设置了NS"位.这是 TrustZone 的区别.对于 super 和 user,有一个传统的 HPROT
位.同样,每个 master 都会断言一个 WRITE/~READ 信号(可能极性不同,但我们是软件而不是硬件).
DMA 主机(以太网、USB 等)也可以向 BUS 发送请求.通常,这些是在引导时设置和锁定的.如果您的安全世界使用以太网,那么它可能是访问安全内存的安全 DMA 主机.以太网芯片通常还有一个 slave 寄存器接口.它必须被标记(或分区)为安全.如果 normal 世界访问 ethernet 寄存器文件,则会引发 BUS 错误.供应商还可以根据命令结构制造动态设置 NS
位的 DMA 外设.CAAM是一个 crypto 驱动程序,可以设置作业描述来处理 正常 和 secure 访问,作为 DMA 主控器的示例,它可以同时处理这两种访问.
CPU(比如 Cortex-M4 或 Cortex-R)也可以是全局安全或正常.只有具有完整 TrustZone 的 Cortex-A 系列(和 ARMv6)才会动态切换 NS 位,从而使 CPU 既 安全 又 正常,取决于上下文.
从属外围设备可能已分区.例如,前 10MB 的 SDRAM 可能对于inter-world 通信来说既是正常的又是安全的读写.然后是下一个 54MB,对于普通世界来说可能只是普通的读/写.然后是安全世界的最后 64MB 读/写安全.通常,外围设备的注册接口是all or none设置.
这些都超出了 MMU 的范围,只处理物理地址.如果 SOC 在启动后锁定它们,任何人都无法更改映射.如果安全世界代码是只读的,那么设计漏洞利用可能会更加困难.
通常,所有 APB 总线都分层在 AHB 总线上,该总线像树一样连接到 AXI 主总线.AXI 总线是 Cortex-A 的默认设置.每个 BUS 都会有一个从属和主控列表,并支持各种 yes 和 no 配置,这可能是上面列表的一个子集;即,它可能不关心 read/write 或 super/user 或其他一些排列.每个 ARM 系统都会有所不同.在某些情况下,供应商甚至可能不支持它.在这种情况下,使系统安全甚至使用 TrustZone 可能会更加困难.请参阅:处理 ARM TrustZones ,其中涉及一些总线问题的细节较少.p>
请参阅:TrustZone 与 Hypervisor,其中提供了更多详细信息.
As per this linkhttp://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0333h/Chdfjdgi.html
under
System boot sequence...
Program the partition checker to allocate physical memory available to the Non-secure OS.
What is the partition checker? Is it a subsystem which has registers, what is its programming model ?
It is outside of the TrustZone specification for the CPU. However, in a nut shell it partitions or divided memory spaces into different permitted accesses. If the access is not permitted, it throws an external BUS error.
Typically, it is a bunch of registers. It maybe multiple register files. For instance, an APB (peripheral bus), AHB (older ARM bus) and a new AXI (TrustZone aware bus) may all be present in one system. There may even be multiple APB buses, etc.
From the same page,
It should be added that partitioning the masters as secure and non-secure is also important. The partitioning is outside the ARM CPU TrustZone specification; it is part of the BUS architecture. It is up to a bus controller/structure to implement this. The bus controller has both masters (CPUs, DMA peripherals, etc) and slaves (memory devices, register interfaces, etc) connected.
Partitioning in the context of the ARM TrustZone document is a little nebulous as it is up to each SOC and the bus controllers (and hierarchy) to implement the details. As above, it partitions or divided memory spaces into different permitted accesses. This is just like supervisor versus user access with traditional ARM (AMABA) AHB buses. The AXI interface adds an NS
bit.
Here are possible combinations for a bus controller to support.
| Read | Write
-------------+--------+-------
Normal User | yes/no | yes/no
Normal Super | yes/no | yes/no
Secure User | yes/no | yes/no
Secure Super | yes/no | yes/no
The SCR
NS
bit will dynamically determine whether the 'NS' bit is set on bus accesses. This is a TrustZone difference. For the super and user, there is a traditional HPROT
bit. As well, each master will assert a WRITE/~READ signal (maybe the polarity is different, but we are software not hardware).
A DMA master (Ethernet, USB, etc) may also send out requests to a BUS. Typically, these are setup and locked at boot time. If your secure world uses the Ethernet, then it is probably a secure DMA master to access secure memory. The Ethernet chip also typically has a slave register interface. It must be marked (or partitioned) as secure. If the normal world accesses the ethernet register file, then an BUS error is thrown. A vendor may also make DMA peripherals that dynamically set the NS
bit depending on the command structure. The CAAM is a crypto driver that can setup job descriptions to handle both normal and secure access, as an example of a DMA master which does both.
A CPU (say Cortex-M4 or Cortex-R) may also be globally secure or normal. Only the Cortex-A series (and ARMv6) with full TrustZone will dynamically toggle the NS bit allowing the CPU to be both secure and normal, depending on context.
Slave peripherals maybe partitioned. For example, the first 10MB of SDRAM maybe both normal and secure read and write for inter-world communication. Then next 54MB, maybe normal only read/write for the normal world. Then a final 64MB of read/write secure for the secure world. Typically, register interfaces for peripherals are an all or none setup.
These are all outside of the scope of an MMU and deal only with physical addresses. If the SOC locks them after boot, it is impossible for anyone to change the mapping. If the secure world code is read-only, it maybe more difficult to engineer an exploit.
Typically, all APB buses are layered on an AHB bus, which connects to an AXI main bus like a tree. The AXI bus is the default for a Cortex-A. Each BUS will have a list of slaves and masters and will support various yes and no configurations, which maybe a subset of the list above; Ie, it may not care about read/write or super/user or some other permutations. It will be different for each ARM system. In some cases, a vendor may not even support it. In this case, it maybe more difficult to make the system secure or even use TrustZone. See: Handling ARM TrustZones, where some of the bus issues are touched on in less details.
See: TrustZone versus Hypervisor which gives some more details.
这篇关于什么是 ARM 安全模式下的分区检查器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!