TZPC(TrustZone Protection Controller)

Features

  1. it has protection bits to enable you to program up to 24 areas of memory as secure
    or non-secure (可以設(shè)置最多24個(gè)區(qū)域的內(nèi)存為secure或non-secure)
  2. it has secure region bits to enable you to split an area of internal RAM into both
    secure and non-secure regions(可以將內(nèi)部的ram劃分為secure和non-secure)
  3. it has an AMBA APB system interface(擁有AMBA APB的系統(tǒng)接口)
  4. it does not generate any APB wait states or a slave error response and is therefore
    compatible with the AMBA 2 APB protocol.(不會(huì)產(chǎn)生任何APB等待狀態(tài),或者外設(shè)的錯(cuò)誤回應(yīng),因此兼容于AMBA 2 APB協(xié)議)

Block diagram

tzpc-block=diagram.PNG

功能介紹:

TZPC提供了將內(nèi)存區(qū)域劃分為secure和non-secure的軟件接口,有兩種辦法可以做到。

  1. Programmable protection bits that can be allocated to areas of memory as
    determined by an external decoder.
    設(shè)置地址解碼器所指定的內(nèi)存區(qū)域的保護(hù)位(通過(guò)TZPCDECPROT)
  2. Programmable region size value for use by an AXI TrustZone Memory Adapter
    (TZMA). You can use this to split the RAM into two regions:
    — one secure
    — one non-secure.
    設(shè)置TZMA所使用的內(nèi)存區(qū)大小,可以分割RAM為兩個(gè)區(qū)域:一個(gè)secure,一個(gè)non-secure (通過(guò)TZPCR0SIZE)

TZPC typical configuration

tzpc-typical-configuration.PNG

從上圖,TZPC是通過(guò)APB總線訪問(wèn),設(shè)置好寄存器之后,有TZMA去阻止內(nèi)存的訪問(wèn)操作。

程序員視圖

  1. tzpc寄存器應(yīng)該放置于secure的內(nèi)存區(qū)域
  2. tzpc寄存器的基地址是可以配置的,但是寄存器的相對(duì)偏移不能改變
  3. 不能訪問(wèn)保留,以及未使用的地址,如果訪問(wèn),將會(huì)導(dǎo)致不可預(yù)料的結(jié)果。
  4. 對(duì)于保留以及未使用的寄存器位,必須寫成0,讀取時(shí)需要忽略,除非在相關(guān)文檔上有對(duì)應(yīng)的說(shuō)明
  5. 所有的寄存器在上電時(shí)都會(huì)重置為0,除非在相關(guān)文檔有說(shuō)明
  6. 所有的寄存器都是可以讀寫的。
  7. 訪問(wèn)所有寄存器都不會(huì)出現(xiàn)等待狀態(tài)。

寄存器

  1. TZPCR0SIZE(Secure RAM Region Size Register RW default:0x00000200)

[31:10] - Read undefined. Write as zero.
[9:0] R0SIZE Secure RAM region size in 4KB steps:
0x00000000 = no secure region
0x00000001 = 4KB secure region
0x00000002 = 8KB secure region

0x000001FF = 2044KB secure region.
0x00000200 or above sets the entire RAM to secure regardless of size

  1. TZPCDECPROT[0-2]Stat (Decode Protection 0-2 Status Registers RO default: 0x0)
  2. TZPCDECPROT[0-2]Set (Decode Protection 0-2 Set Registers RO default: 0x0)
  3. TZPCDECPROT[0-2]Clr (Decode Protection 0-2 Clear Registers RO default: 0x0)
    [31:8] - Read undefined.
    [7:0] DECPROTxStat Shows the status of the decode protection output:
    0 = decode region corresponding to the bit is secure
    1 = decode region corresponding to the bit is non-secure.
    There is one bit of the register for each protection output, eight outputs are implemented as standard.
    TZPCDECPROT寄存器用來(lái)設(shè)置內(nèi)存區(qū)域?yàn)閟ecure 或者non-secure,總共可以控制3*8 = 24個(gè)區(qū)域
  4. TZPCPERIPHID[0-3] (Peripheral Identification Register 0-3)
  5. TZPCPCELLID0[0-3] (TZPC Identification Register 0-3)
    TZPCPERIPHID和TZPCPCELLID0都是存放的只讀ID

TZPC功能總結(jié):

tzpc-typical-usage.png
  1. TZPCDECPROT有三組寄存器[0-2]每組有8個(gè)bit來(lái)控制secure 或non secure,所以一共可以控制3*8 = 24個(gè)外設(shè)地址空間為secure 或non secure
  2. TZPCR0SIZE可以通過(guò)TZMA來(lái)將內(nèi)部RAM劃分為secure 內(nèi)存.

The TZMA allows a single static memory of up to 2MB to be partitioned into two regions where the lower part is Secure, and the upper part Non-secure.

Refs:
ARM Security Technology
PrimeCell? Infrastructure AMBA? 3 TrustZone?Protection Controller
PrimeCell? Infrastructure AMBA? 3 AXI? TrustZone?Memory Adapter

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容