To build a system based on the Secure and Non-secure capabilities that ARM TrustZone® technology provides, you must consider the following security issues.
Security status of the internal programmers view
You can configure the programmers view of the CCI-550 for access by Secure or Non-secure requests.
With the exception of the PMU registers, the programmers view defaults to
Secure access only, as follows:
- Non-secure reads of Secure registers receive zeroed data.
- Non-secure writes to Secure registers are Write-Ignored (WI).
There is no error response in either of these cases.
You can change the security model by writing to the Secure Access Register.
This enables Non-secure access to all registers except the Control Override Register and the
Secure Access Register. You can also make the PMU registers accessible to Secure requests
Making a non-TrustZone aware master Secure
For a master that is not TrustZone-aware, you can tie the ARPROT and AWPROT input signals LOW to place it permanently in the Secure domain. This means that the master can access Secure data in the caches of the ACE masters and Secure registers in the CCI-550, so the resulting system might not be secure under all circumstances.
Security of master interfaces
Transactions from the CCI-550 master interfaces always retain the security setting of the originating transactions.
The security settings of the originating transactions apply to:
- Non-shareable transactions.
- Shareable transactions that miss in the snoop filter or receive a snoop
- Writes generated by the CCI-550.
Security considerations for the PMU
You can configure the PMU to count only Non-secure events or both Secure and Non-secure events, depending on the SPNIDEN, SPIDEN and DBGEN input signals.
If you configure the PMU to count both Secure and Non-secure events, then
there is a potential security risk because Non-secure software can observe Secure activity
through the performance counters. ARM recommends that you consider the security to be breached
for devices placed in this state and take appropriate action.
If the PMU changes from counting all events to counting only Non-secure
events, the counters can contain information relating to Secure transactions. Therefore, ARM
recommends that the software sets the event counters to zero after changing the configuration
to avoid a potential security risk.
Note Unlike ARM processors, the CCI-550 makes no distinction between
events from user or privileged transactions.
Support for TrustZone Media Protection
In systems that require hardware protection of media data, you can configure the CCI-550 to support ARM TZMP1.
To differentiate between Protected and Non-Trusted entities, ARM defines 16
states that mark all processes within hardware and software. These states are defined
using the Non-secure Access ID (NSAID), and each initiating device in the
SoC has one or more NSAID values assigned in hardware. The NSAID enables other
components to identify the initiating device for a particular transaction, and to
identify whether the device is treated as Non-protected and therefore permitted to read
data from other Non-protected masters.