Reputation: 11
ARM Trustzone memory aliasing
I am trying to understand the ARM Trustzone implementation and came across the memory aliasing wherein the same memory is interpreted as secure and non-secure based on the 33rd bit of that address. I am not able to understand the concept of memory aliasing and its use. Can you please explain in detail with some good example.
Upvotes: 1
Views: 411
Answers (1)
Reputation: 22430
The answer is an attempt to,
- enumerate the overloaded uses of the term 'alias'.
- Demonstrate what it means in the context of the cited document.
A literal attempt to answer the question is difficult and probably not what the OP intends.
Fundamentally, 'memory alias' means that two addresses refer to the same memory chunk. The cited article is meant more for chip designers on how to resolve issues with TrustZone systems and developing an SOC peripheral/bus in such a system.
We can have aliases in straight 'C' code through pointers.
void test(void)
{
char buffer[16];
char *p1 = &buffer[0], *p2 = p1 + 3.
strcpy(p1, "This is a test\n");
// confusion as pointers are referring to same memory chunk.
memcpy(p1,p2,strlen(p2)+1);
}
The memcpy() can be optimized to perform word moves. It might copy in a forward or reverse manner. When the pointers are aliased, the order and size of transferring memory matters.
For a cache, you have additional complication that the cache value and the 'backing store' (actual memory cell) may not be consistent. There are cache protocols to handle this. The protocols are dependant on the cache type.
- VIVT - virtually indexed, virtually tagged
- PIPT - physically indexed, physically tagged
- VIPT - virtually indexed, physically tagged.
Trustzone deals with physical addresses and it adds an extra bit. For an SOC vendor, you can have a peripheral that uses two memory addresses to refer to the same cell. This is also 'aliasing'. So two pointers actually have the same memory behind. This can be convenient to not deal with TrustZone in the SOC module, but just provide an alias in the bus connection. So the peripheral will respond to two different address ranges. This is implicit in the TrustZone mechanics. A secure address clears 'NS' (address bit 33) and a normal access sets 'NS' (address bit 33).
Caches need to deal with physical addresses and this can cause issues in the cache protocols. An easy fix is to not allow the duplicated address to be cached. The address in 'C' are the same pointer value; but get amended by the CPU world.
Can you please explain in detail with some good example.
Not really example code. I would have to present some Verilog code and bus connection to an SOC peripheral and master and a cache with a protocol. I think the explanations above are sufficient without an 'example'.
Another topic to help/search might be 'full address decoding'. Non-full address decode is sometimes done with memory devices by hardware. This is also an aliasing which is much the same as the article is trying to elucidate.
Upvotes: 1
Related Questions
- Why is memory aliasing needed?
- Use ARM TrustZone to prevent access to memory region from Non-Secure world
- How is working the process of direct access to memory in non-SecureOS and SecureOS in trustzone systems
- Develop programs for Arm trust zone
- Where is ARM TrustZone api?
- ARM TrustZone development
- TrustZone Memory Partitioning
- Handling ARM TrustZones
- Secure mode can access secure / non secure memory how?
- ARM TrustZone - Behaviour of the scheduler in Secure and Non-Secure OS