Cortex-A8 R2P2.pdf - ARM Information Center

Programmer’s Model2.5 Security Extensions architectureThe processor implements the TrustZone Security Extensions architecture to facilitatethe development of secure applications.Security Extensions are based on these fundamental principles:• The extensions define a class of core operation that you can switch betweenSecure and Nonsecure state. Most code runs in Nonsecure state. Only trusted coderuns in Secure state.• The extensions define some memory as secure memory. When the core is inSecure state, it can access secure memory.• Entry into Secure state is strictly controlled.• Exit from Secure state can only occur at programmed points.• Debug is strictly controlled.• The processor enters Secure state on reset.Exceptions are generally handled in a similar way to other ARM architectures. Supportis available for some exceptions handled only by code running in Secure state.See the ARM Architecture Reference Manual for information on the SecurityExtensions.2.5.1 Security Extensions modelThe basis of the Security Extensions model is that the computing environment splitsinto two isolated states, the Secure state and the Nonsecure state, with no leakage ofsecure data to the Nonsecure state. Software Secure Monitor code, running in theMonitor mode, links the two states and acts as a gatekeeper to manage program flow.The system can have both secure and nonsecure peripherals that is suitable to secure andnonsecure device drivers control. Figure 2-7 on page 2-14 shows the relationshipbetween the Secure and Nonsecure states. The Operating System (OS) splits into thesecure OS, that includes the secure kernel, and the nonsecure OS, that includes thenonsecure kernel. For details on modes of operation, see Operating modes onpage 2-22.ARM DDI 0344E Copyright © 2006-2008 ARM Limited. All rights reserved. 2-13