Programmer’s Model
ARM DDI 0301H
Copyright © 2004-2009 ARM Limited. All rights reserved.
2-6
ID012310
Non-Confidential, Unrestricted Access
•
in the MMU, Secure and Non-secure descriptors can coexist and they are differentiated
by the NSTID.
In the descriptors the NS attribute indicates whether the corresponding physical memory is
Secure or Non-secure.
For Non-secure descriptors, marked with NSTID=Non-secure, NS attribute is forced to
Non-secure value. The Non-secure world can only target Non-secure memory.
For Secure descriptor, marked with NSTID=Secure, NS attribute indicates if the physical
memory targets Secure or Non-secure memory:
In the caches, instruction and data, each line is tagged as Secure or Non-secure, so that Secure
and Non-secure data can coexist in the cache. Each time a cache line fill is performed, the NS
tag is updated appropriately.
For external accesses,
AxPROT[1]
indicates whether the access is Secure or Non-secure.
The TrustZone security extensions are completely compatible with existing software. This
means that existing applications and operating systems access memory without change. Where
a system employs Secure functionality the Non-secure world is effectively blind to Secure
memory. This means that Secure and Non-secure memory can co-exist with no affect on
Non-secure code.
Figure 2-2 shows the basic connection of the Secure and Non-secure memory.
Figure 2-2 Memory in the Secure and Non-secure worlds
Core
MMU
AXI interface
External
memory
Secure
slave
Non-
secure
slave
Arbiter
Master
peripheral
Decoder
NSTID
Core world
state
Address
Abort
Cache
Line (n) S
Line(n-1) NS
Line 2 NS
Line 1 S
TCM
Line(n-1)
Line 1
Line(n)
Line 2
NS access bit
Data
Data
Data
Page
table
walk
Address
Control
Data
S prot
Abort
AxPROT[1]
Abort
AxPROT[1]
S prot
Abort
AxPROT[1]
NS attribute
NS
S
S
NS
NS
S
NS
NS
Descriptor (n-1)
Descriptor 1
Descriptor 2
Descriptor (n)