ARM Security Technology Building a Secure System using ...

More documents

Recommendations

Info

TrustZone Hardware Architecture These multiprocessor systems may implement the ARM Security Extensions, giving each processor in the cluster the programmer’s model features described earlier in this chapter. The ARM processor which currently implements both the multiprocessor features and the security features is the Cortex-A9 MPCore processor Note Multiprocessor systems often include an Accelerator Coherency Port which allows an external bus master to access the same physical memory view as the processor cluster. See page 3-10 for further details. Two worlds per processor Each of the processors within the multiprocessor cluster has a Normal world and a Secure world. This gives a four processor cluster a total of eight virtual processors, each with independent control over their MMU configuration. Normal world CPU0 CPU1 CPU2 CPU3 Monitor Secure world Normal world Monitor Figure 3-4 ARM multiprocessor cluster 3-14 Copyright © 2005-2009 ARM Limited. All rights reserved. PRD29-GENC-009492C Non-Confidential Unrestricted Access Secure world Normal world Monitor Secure world Normal world Monitor Secure world L1 D L1 I L1 D L1 I L1 D L1 I L1 D L1 I Snoop Control Unit ACP Main AXI External Coherent Masters L2 Cache Multiprocessor cluster Integrated Peripherals Integrated Interrupt Controller + Distributor nIRQ[0-3] nFIQ[0-3] Peripheral Interrupt Lines
TrustZone Hardware Architecture Any number of the processors in the cluster may be in the Secure world at any point in time, and the processors can transition between the worlds independently of other processors in the cluster. A specific software implementation may choose to restrict the concurrent execution of Secure world software to reduce the security risks associated with complex software designs. Note The potential impact of multiprocessing on Secure world software design is discussed in Secure software and multiprocessor systems on page 5-13. As described in Caches section on page 3-8, each of the cache lines in the cluster stores the security state of the data it contains as part of its tag. This enables the concurrent storage of Secure and Non-secure data within the L1 processor data caches when the processors within the cluster are executing in SMP mode. The coherency hardware uses the whole cache tag when performing coherency operations, allowing it to keep both Secure and Non-secure data coherent simultaneously. Snoop Control Unit configuration The SCU includes a number of configuration registers which determine the configuration of the SCU itself, the configuration of each of the ARM processors in the cluster, and the accessibility of the processor-local timers to Non-secure memory transactions. The SCU Access Control Register determines which processors in the cluster can reprogram the SCU’s configuration registers. The SCU Secure Access Control Register determines if Non-secure accesses can reprogram the SCU configuration registers or access the processor-local timers. Interrupt handling The Cortex A-profile multiprocessor systems include an integrated interrupt controller based on the same technology as the PrimeCell Generic Interrupt Controller (PL390), described on page 4-6. This interrupt controller provides a flexible interrupt model which is capable of distributing prioritized interrupts across the multiprocessor cluster, interrupting lower priority interrupt handlers which are already executing if a higher priority interrupt is received. In a multiprocessor system which also implements the Security Extensions this interrupt controller is TrustZone-aware. This allows it to manage Secure and Non-secure interrupts and prevent Non-secure memory accesses from reading or modifying the configuration of a Secure interrupt. PRD29-GENC-009492C Copyright © 2005-2009 ARM Limited. All rights reserved. 3-15 Unrestricted Access Non-Confidential
Page 1 and 2: ARM Security Technology Building a
Page 3 and 4: Product Status This document is an
Page 5 and 6: Contents ARM Security Technology Pr
Page 7 and 8: Preface This preface introduces the
Page 9 and 10: Using this document This document i
Page 11 and 12: Feedback Feedback on this document
Page 13 and 14: Chapter 1 Introduction The chapter
Page 15 and 16: 1.1.2 Limitations of security solut
Page 17 and 18: Introduction ARM TrustZone technolo
Page 19 and 20: Introduction Security requirements
Page 21 and 22: 1.3.3 How are devices attacked? Int
Page 23 and 24: Remote attacker Introduction The cl
Page 25 and 26: Chapter 2 System Security The chapt
Page 27 and 28: 2.1.1 External hardware security mo
Page 29 and 30: 2.1.3 Software virtualization Syste
Page 31 and 32: 2.2 TrustZone hardware security 2.2
Page 33 and 34: Chapter 3 TrustZone Hardware Archit
Page 35 and 36: TrustZone Hardware Architecture Whe
Page 37 and 38: 3.2.3 Memory aliasing TrustZone Har
Page 39 and 40: TrustZone Hardware Architecture The
Page 41 and 42: Example TrustZone Hardware Architec
Page 43 and 44: 3.3.3 Secure interrupts TrustZone H
Page 45: 3.3.4 Secure processor configuratio
Page 49 and 50: 3.4 Debug architecture 3.4.1 Proces
Page 51 and 52: TrustZone Hardware Architecture If
Page 53 and 54: Chapter 4 TrustZone Hardware Librar
Page 55 and 56: TrustZone Hardware Library These br
Page 57 and 58: 4.1.3 PrimeCell DMA Controller - PL
Page 59 and 60: TrustZone Hardware Library general
Page 61 and 62: Interesting features related to Tru
Page 63 and 64: 4.3 Reuse of AMBA2 AHB IP 4.3.1 Reu
Page 65 and 66: Chapter 5 TrustZone Software Archit
Page 67 and 68: Secure operating system TrustZone S
Page 69 and 70: 5.2 Booting a secure system 5.2.1 B
Page 71 and 72: Chain of trust TrustZone Software A
Page 73 and 74: 5.3 Monitor mode software 5.3.1 Con
Page 75 and 76: 5.3.3 Interrupt latency impact Trus
Page 77 and 78: 5.4 Secure software and multiproces
Page 79 and 80: TrustZone Software Architecture Not
Page 81 and 82: 5.5.1 API availability TrustZone So
Page 83 and 84: Chapter 6 TrustZone System Design T
Page 85 and 86: 6.2 Example use cases 6.2.1 Content
Page 87 and 88: 6.2.2 Mobile Payment TrustZone Syst
Page 89 and 90: Assets TrustZone System Design The
Page 91 and 92: 6.3 Gadget2008 specification 6.3.1
Page 93 and 94: TrustZone System Design is a return
Page 95 and 96: Memory requirements 6.3.3 Mobile pa
Page 97 and 98:
Modem Cortex-R4 DMA (PL330) TZASC (
Page 99 and 100:
Chapter 7 Design Checklists The cha
Page 101 and 102:
7.2 Hardware design checklist Desig
Page 103 and 104:
7.3 Software design checklist 7.3.1
Page 105 and 106:
Glossary The items in this glossary
Page 107 and 108:
(2) The trusted virtual processor i
show all

ARM Security Technology Building a Secure System using ...

Create successful ePaper yourself

Delete template?

Save as template?