Features
- it has protection bits to enable you to program up to 24 areas of memory as secure
or non-secure (可以设置最多24个区域的内存为secure或non-secure) - it has secure region bits to enable you to split an area of internal RAM into both
secure and non-secure regions(可以将内部的ram划分为secure和non-secure) - it has an AMBA APB system interface(拥有AMBA APB的系统接口)
- it does not generate any APB wait states or a slave error response and is therefore
compatible with the AMBA 2 APB protocol.(不会产生任何APB等待状态,或者外设的错误回应,因此兼容于AMBA 2 APB协议)
Block diagram
tzpc-block=diagram.PNG功能介绍:
TZPC提供了将内存区域划分为secure和non-secure的软件接口,有两种办法可以做到。
- Programmable protection bits that can be allocated to areas of memory as
determined by an external decoder.
设置地址解码器所指定的内存区域的保护位(通过TZPCDECPROT) - Programmable region size value for use by an AXI TrustZone Memory Adapter
(TZMA). You can use this to split the RAM into two regions:
— one secure
— one non-secure.
设置TZMA所使用的内存区大小,可以分割RAM为两个区域:一个secure,一个non-secure (通过TZPCR0SIZE)
TZPC typical configuration
tzpc-typical-configuration.PNG从上图,TZPC是通过APB总线访问,设置好寄存器之后,有TZMA去阻止内存的访问操作。
程序员视图
- tzpc寄存器应该放置于secure的内存区域
- tzpc寄存器的基地址是可以配置的,但是寄存器的相对偏移不能改变
- 不能访问保留,以及未使用的地址,如果访问,将会导致不可预料的结果。
- 对于保留以及未使用的寄存器位,必须写成0,读取时需要忽略,除非在相关文档上有对应的说明
- 所有的寄存器在上电时都会重置为0,除非在相关文档有说明
- 所有的寄存器都是可以读写的。
- 访问所有寄存器都不会出现等待状态。
寄存器
- TZPCR0SIZE(Secure RAM Region Size Register RW default:0x00000200)
[31:10] - Read undefined. Write as zero.
[9:0] R0SIZE Secure RAM region size in 4KB steps:
0x00000000 = no secure region
0x00000001 = 4KB secure region
0x00000002 = 8KB secure region
…
0x000001FF = 2044KB secure region.
0x00000200 or above sets the entire RAM to secure regardless of size
- TZPCDECPROT[0-2]Stat (Decode Protection 0-2 Status Registers RO default: 0x0)
- TZPCDECPROT[0-2]Set (Decode Protection 0-2 Set Registers RO default: 0x0)
- TZPCDECPROT[0-2]Clr (Decode Protection 0-2 Clear Registers RO default: 0x0)
[31:8] - Read undefined.
[7:0] DECPROTxStat Shows the status of the decode protection output:
0 = decode region corresponding to the bit is secure
1 = decode region corresponding to the bit is non-secure.
There is one bit of the register for each protection output, eight outputs are implemented as standard.
TZPCDECPROT寄存器用来设置内存区域为secure 或者non-secure,总共可以控制3*8 = 24个区域 - TZPCPERIPHID[0-3] (Peripheral Identification Register 0-3)
- TZPCPCELLID0[0-3] (TZPC Identification Register 0-3)
TZPCPERIPHID和TZPCPCELLID0都是存放的只读ID
TZPC功能总结:
tzpc-typical-usage.png- TZPCDECPROT有三组寄存器[0-2]每组有8个bit来控制secure 或non secure,所以一共可以控制3*8 = 24个外设地址空间为secure 或non secure
- TZPCR0SIZE可以通过TZMA来将内部RAM划分为secure 内存.
The TZMA allows a single static memory of up to 2MB to be partitioned into two regions where the lower part is Secure, and the upper part Non-secure.
Refs:
ARM Security Technology
PrimeCell® Infrastructure AMBA™ 3 TrustZone™Protection Controller
PrimeCell® Infrastructure AMBA™ 3 AXI™ TrustZone™Memory Adapter
网友评论