TrustZone: Access in Normal world

Stefan Kalkowski stefan.kalkowski at ...1...
Tue Apr 7 11:34:51 CEST 2015

Hi Chirag,

On 04/01/2015 04:00 PM, chirag garg wrote:
> Hi all
> I am running Genode 15.02 over the I.MX6 board. I tried to run tz_vmm
> script to run another Genode kernel image in normal world which running
> successfully. Also, I am able to switch from Normal world to the secure
> world and vice-versa.
> Now I want to access some secure resources from the Normal world to see
> TrustZone enable features. So i write a small application "switch" with
> the help of IO_mem_connection and mmio class which access the secure RAM
> region used by the secure world but nothing happens there it is
> executing normally in Normal world.
> What kind of behavior is expected from the Normal world on this access?

Well that depends on the TrustZone-specific memory protection mechanisms
of this SoC, and how they are initializes respectively you have
configured them. As you already know the peripherals of the i.MX5 and
i.MX6 series are not completely the same, which includes the TrustZone
aware devices, and by now we only used the i.MX53 in practice. So it is
hard to answer your question without just
speculating. I assume the TZASC to be responsible for the memory
protection. If it is not configured correctly to prevent normal world
access that nothing happens if your "switch component" accesses "secure
memory", which is then obviously not secure.

> I am using UART-2 in both the world to print the messages. On the other
> hand, when i make UART-2 secure in csu.h then normal world doesn't
> execute at all and DATA ABORT exception occurred.

This is what I would expect from it. If the CSU is somehow the same or a
similar device like in the i.MX53 SoC, it is used to protect memory
mapped I/O registers from different peripherals when accessed by the
CPU, as well as to protect other buses (like memory bus) from DMA
accesses of those peripherals. So if you configure UART-2 to be secure,
a non-secure access naturally leads to a data-abort.

> I guess, I have to do some thing with CSU(csu.h) and TZASC (tsc_380.h)
> to see the TrustZone enable expected behavior.
> Please, Let me know where i could be wrong or what i can do to proceed
> further in this direction ?

There is nothing to add to your own observations.


> Thanks in advance.  
> Regards
> Chirag Garg
> IIT Madras , Rise Lab
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the 
> conversation now.
> _______________________________________________
> genode-main mailing list
> genode-main at

Stefan Kalkowski
Genode Labs ยท

More information about the users mailing list