ARM TrustZone TZASC Vs TZPC

Fri May 9 20:46:32 CEST 2014

Hi Mohamed,

On 05/09/2014 04:23 PM, mohamed sabt wrote:
> 
> 
> Hello,
> 
> I'm reading the article "An Exploration of ARM TrustZone Technology" and
> a question was raised into my head when I reached the subsection "TZPC
> and TZASC". It is mentioned that by experimenting with the Versatile
> Express platform some insights were discovered. Namely, TZASC secures
> physical addresses via SMC (Static Memory Controller), while TZPC
> secures physical addresses via DMC (Dynamic MC). In summary, TZASC
> secures on-chip RAM, namely SRAM; and TZPC secures off-chip RAM, namely
> DRAM.

Well, that is only half correct, let me cite from the article:

"In principal, it should be possible to secure another memory controller
by a TZASC too, but on the platform, it is restricted to the SMC. These
physical address regions correspond to the I/O resources of peripheral
devices, some SRAM, and flash memory. Most of these components are
placed on the motherboard."

So with respect to the "Coretile Express A9x4" test SoC from ARM, the
TZASC protects off-chip peripherals of the motherboard. The TZASC
however is not limited to such a use case, as mentioned too.

With respect to the TZPC: it protects several on-SoC devices including
the DMC which connects to the off-SoC DRAM of the daughterboard.
Thereby, the DRAM can only be assigned as a whole to either the secure,
or unsecure world.

>  
> I don't know if you're familiar with ARM TrustZone documentation, but in
> this white paper of ARM
> http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf,
> it is mentioned in the sections 4.1.4 and 4.1.7 the opposite of what was
> mentioned by your article.

>From my understanding our article, and the mentioned whitepaper doesn't
contradict at all. The ARM paper describes that the main reason to use a
TZASC: "is to partition a single AXI slave, such as an off-SoC
DRAM, into multiple security domains". The AXI slave in case of the
Coretile SoC is the SMC, which controls amongst others the motherboard's
SRAM.
Regarding the TZPC the ARM paper states that: "the TrustZone Protection
Controller (TZPC) is a configurable signal control block which can be
placed on the APB bus to supply control signals to other components on
the SoC". In our article we claim: "The TZPC is used to protect on-chip
peripherals (e.g., the TZPC and TZASC themselves) as well as bus
accesses to external subsystems." With external bus accesses we mean the
access control of the TZPC with regard to the DMC.

> 
> I look forward to your answer about this. I am studying the TrustZone
> architecture and reading this has just bugged me. I don't if I miss
> something here.

I hope that clarifies your question.

Regards
Stefan

> 
> Thank you in advance,
> Mohamed Sabt
> 
> 
> ------------------------------------------------------------------------------
> Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
> • 3 signs your SCM is hindering your productivity
> • Requirements for releasing software faster
> • Expert tips and advice for migrating your SCM now
> http://p.sf.net/sfu/perforce
> 
> 
> 
> _______________________________________________
> Genode-main mailing list
> Genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

http://www.genode-labs.com/ · http://genode.org/