TrustZone (security extension)

TrustZone Overview
Configuring TrustZone

TrustZone Overview

TrustZone is an extension of the Cortex-A series and introduces the normal world, where large operating systems and applications operate, and the secure world, where security-related activities operate, and allows separation of the normal world memory space (the memory space where the normal world operates) and secure world memory space (the memory space where the secure world operates).

Registers that cannot be changed in the privileged mode of the normal world are set up in the privileged mode of the secure world, and when a reset exception occurs, operation is started in the privileged mode of the secure world, so it is necessary to understand the normal world and the secure world. When switching between the normal world and the secure world, the secure monitor mode is used.

Switch between normal and secure world

The normal world and secure world are set by the NS bit of the SCR (secure configuration register). Switching between worlds can be set up in secure monitor mode using the SMC (secure monitor call) instruction or IRQ, FIQ or external abort. It is not recommended to switch to the normal world by rewriting the NS bit of the SCR in the secure world.

Separation of address space

The normal and secure world memory spaces can be separated using the AxPROT signal and the Trust Zone Protection Controller (TZPC) output from the Arm processor core. The size of the normal and secure world memory space is 4 Gbytes each. Address 0x8000 of the Secure World memory space and 0x8000 of the Normal World memory space are treated as separate address spaces. The secure world can access the secure world memory space and the normal world memory space, but the normal world can only access the normal world memory space.

Configuring TrustZone

How to set up the memory space

The configuration of the secure and normal world memory space is set by the NS bit of the first level descriptor of the MMU (referring to Part 12) by the NS bit of the first level descriptor of the MMU. It is set with 3 bits for page tables and 19 bits for sections and supersections. “NS=1” means normal world memory space and “NS=0” means secure world memory space.

Setting up the MMU

The automatic switching of registers is called banking. Some registers are automatically switched depending on the state of the NS bit of the SCR. For example, the SCTLR (system control register) and the MMU setting registers (TTBR0/TTBR1/TTBCR/DACR) are banked, so the MMU must be set for each world.

【MMU-related registers】
No	register name	Feature Summary
1	SCTLR	Instruction and data caches, MMU, etc.
2	TTBR0 (Conversion table base register 0)	Set the	conversion table 0 address.
3	TTBR1 (Conversion table base register 1)	Set the	conversion table 1 address.
4	TTBCR (conversion table base register)	The base address for the conversion table walk is TTBR0/TTBR1.
5	DACR (Domain Access Control Register)	Define permissions for 16 memory domains.

Setting up the cache

The NS attribute has been added to the line of cache to distinguish between normal and secure world memory space, and in the case of the Cortex-A9, the cache is set to be disabled by software at reset so that the normal and secure world memory space It needs to be disabled.

Setting Exceptions

The GIC (general purpose interrupt controller) has an 8-bit priority field, the secure world has a 32-level priority interrupt priority, and the normal world has a 16-level priority. The higher priority, higher 16-level priority setting is not available for the normal world. Exception handling calls are invoked in the secure world by default settings. For each interrupt ID, set the world for exception handling in the CDISRn (Interrupt Security Register). The interrupt priority is applied to all relevant priority registers.

ICDIPRn (priority level register)
ICCPMR (priority mask register)
ICCBPR (Binary Point Register)

If TrustZone is used, exception handling in the event of an exception will behave differently depending on the SCR settings.

【Secure Behavior Settings】
Exception factors	SCR			Operation mode	CPSR.F (FIQ interrupt)
Exception factors	EA	IRQ	FIQ	Operation mode	CPSR.F (FIQ interrupt)
Reset Exceptions	×	×	×	Supervisor	Prohibited
Undefined Order Exception	×	×	×	Undefined	No change
SVC (Supervisor Call)	×	×	×	Supervisor	No change
SMC	×	×	×	Monitors	Prohibited
All External Aborts	0	×	×	Abort	No change
All External Aborts	1	×	×	Monitors	Prohibited
All Internal Aborts	×	×	×	Abort	No change
IRQ interrupt	×	0	×	IRQ	No change
IRQ interrupt	×	1	×	Monitors	Prohibited
FIQ interrupt	×	×	0	FIQ	Prohibited
FIQ interrupt	×	×	1	Monitors	Prohibited

[Non-secure Operation Settings]
Exception factors	SCR					Operation mode	CPSR.F
Exception factors	EA	IRQ	FIQ	AW	FW	Operation mode	CPSR.F
Reset Exceptions	×	×	×	×	×	Supervisor	Prohibited
Undefined instruction exceptions	×	×	×	×	×	Undefined	No change
SVC	×	×	×	×	×	Supervisor	No change
SMC	×	×	×	×	×	Monitors	Prohibited
All External Aborts	0	×	×	0	×	Abort	No change
	0	×	×	1	×	Abort	No change
	1	×	×	×	×	Monitors	Prohibited

When a FIQ interrupt occurs, the system switches to FIQ mode.

【Overview of SCR register settings】
Name	Settings	Content
AW	0	CPSR.A bit changed only in the secure state.
AW	1	CPSR.A bit changed in any security state.
FW	0	CPSR.F bit changed only in the secure state.
FW	1	CPSR.F bit changed in any security state.
EA	0	Handle external aborts in abort mode.
EA	1	Handle external aborts in monitor mode.
FIQ	0
FIQ	1
When a FIQ interrupt occurs, the device switches to monitor mode.
IRQ	0	When an IRQ interrupt occurs, the device transitions to FIQ mode.
IRQ	1	When an IRQ interrupt occurs, switches to monitor mode.

投稿者

APS

毎月約50,000人のエンジニアが利用する「APS-WEB」の運営、エンジニア限定セミナー「APS SUMMIT」の主催、最新事例をまとめた「APSマガジン」の発行、広い知識と高い技術力を習得できる「APSワークショップ」の開催など、半導体専門技術コンテンツ・メディアとして日々新しい技術ノウハウを発信しています。