Patrick,
Memory security is enforced on hardware level. There are reference ARM implementation named ARM TZC-400. But I haven't seen SoC that use that controller. I had experience with TI chips. They use special extension to theirs L3 Interconnect bus, Renesas also have hardware extensions for DRAM controller and also some extension for AXI bus. So, as you can see, this is device-specific. Thus, secure regions are configured in platform code or earlier, in bootloaders/ROM-code.
Because secure regions in DRAM are enforced by hardware, Normal World (Linux kernel) have no means to access this regions in any way.
If you want to know more about how it is works on hardware level - take a look at ARM AXI specs. Idea is to carry NS bit with memory read/write transaction to slave device, where slave device can examine this bit and decide what to do with transaction.
TrustZone is very complex thing. There are Security Extensions not only in computing cores, but also in MMU, interrupt controller, data bus, etc.
On 24 November 2016 at 15:25, Patrick Doyle wpdster@gmail.com wrote:
Thanks for the answers.
What about memory management? I have been reading through the ARM documentation about TrustZone (it's a pretty slow read for me, so this may take some time), but some of what I've seen with op-tee indicates that it runs out of off-chip DRAM, which seems pretty insecure to me, especially if a (root) user space application can gain access to /dev/mem or /dev/kmem, or if a (malicious) kernel module started poking around where it shouldn't.
How is access to secure RAM managed with op-tee? I am starting to understand a little bit about the NS bit in the ARM Secure Configuration Register, and the (effective) 33 bit address space that provides, but I don't understand how a TrustZone based TEE would protect access to its memory resources. Where could/should I look to learn more?
--wpd