|
|
|
|
|
|
|
|
|
|
|
| _2024_11_14_12_47_30_ | 2024_11_14 12_47_30 | | | 原文链接失效了?试试备份 | | TAGs:处理器 risc-v 安全 | | saved date: Thu Nov 14 2024 12:47:30 GMT+0800 (中国标准时间) | |
|
|
|
|
|
|
| _2025-04-09_11:38:32_ | 2025-04-09 11:38:32 | | SMMU跟TrustZone啥关系? - 极术社区 - 连接开发者与智能计算生态 | | 原文链接失效了?试试备份 | | TAGs:处理器 安全 | | Summary: This text discusses the relationship between SMMU (System Memory Management Unit) and TrustZone in the context of securing access to memory for various masters in a system. TrustZone is a security mechanism that partitions system resources into secure and non-secure parts, and SMMU is a System IP that allows other masters to use memory with a similar structure to the CPU's MMU. By adding SMMU, other masters can have MMU functionality, which includes address translation, memory protection, and isolation. This allows for more secure access to memory and better control over what each master can access. The text also mentions that SMMUv1, SMMUv2, and SMMUv3 have different architectures, programming methods, and hardware implementations but serve similar purposes.本文讨论了 SMMU (System Memory Management Unit) 和 TrustZone 在保护系统中各种主控对内存的访问的上下文中的关系。TrustZone 是一种安全机制,将系统资源划分为安全和不安全部分,而 SMMU 是一个系统 IP,允许其他主控使用结构与 CPU 的 MMU 类似的内存。通过添加 SMMU,其他主控可以具有 MMU 功能,包括地址转换、内存保护和隔离。这允许更安全地访问内存,并更好地控制每个主控可以访问的内容。正文还提到 SMMUv1、SMMUv2 和 SMMUv3 具有不同的体系结构、编程方法和硬件实现,但用途相似。 | |
|
| _2025-04-09_11:38:10_ | 2025-04-09 11:38:10 | | TrustZone是如何支持安全中断的? - 极术社区 - 连接开发者与智能计算生态 | | 原文链接失效了?试试备份 | | TAGs:处理器 安全 | | Summary: TrustZone is a system-level security solution that can be implemented in SoC chips using a CPU that supports TrustZone and specific features such as secure address space filtering, secure timers, secure clocks, secure interrupts, key management, secure ROM code, secure debug, and secure SRAM. TrustZone allows easy management of peripherals, including access permissions, master control for secure and non-secure access, and secure interrupt generation and CPU response. This text discusses how to generate secure interrupts in TrustZone, involving secure peripherals, GIC, and the CPU. While GIC is often overlooked, understanding how TrustZone supports secure interrupts is crucial for resolving related issues. The CPU supports secure interrupts by checking if they are masked and determining where to process them. The processing of the interrupt depends on the EL level and exception handler. GIC supports secure interrupts by grouping them and securing related registers, allowing the CPU to configure them only when in a secure state. In GICv3, three groups are used: Group 0 for EL3, Secure Group 1 for S-EL1, and non-secure Group 1 for EL1. The CPU interface determines which interrupt to send based on the EL level and security status. However, FIQ does not represent a secure interrupt and is used differently depending on the group and CPU state. Peripherals can support secure interrupts as SGI, PPI, or SPI, with LPI only supporting non-secure interrupts.TrustZone 是一种系统级安全解决方案,可以使用支持 TrustZone 和特定功能(如安全地址空间过滤、安全定时器、安全时钟、安全中断、密钥管理、安全 ROM 代码、安全调试和安全 SRAM)的 CPU 在 SoC 芯片中实现。TrustZone 允许轻松管理外围设备,包括访问权限、用于安全和非安全访问的主控制以及安全中断生成和 CPU 响应。本文讨论了如何在 TrustZone 中生成安全中断,涉及安全外设、GIC 和 CPU。虽然 GIC 经常被忽视,但了解 TrustZone 如何支持安全中断对于解决相关问题至关重要。CPU 通过检查安全中断是否被屏蔽并确定处理它们的位置来支持安全中断。中断的处理取决于 EL 级别和异常处理程序。GIC 通过对安全中断进行分组并保护相关 registers 来支持安全中断,允许 CPU 仅在处于安全状态时对其进行配置。在 GICv3 中,使用了三个组:组 0 用于 EL3,安全组 1 用于 S-EL1,非安全组 1 用于 EL1。CPU 接口根据 EL 级别和安全状态确定要发送的中断。但是,FIQ 不代表安全中断,并且根据组和 CPU 状态的不同而有不同的使用方式。外设可以支持 SGI、PPI 或 SPI 等安全中断,而 LPI 仅支持非安全中断。 | |
|
|
| _2024_7_25_14_00_12_ | 2024_7_25 14_00_12 | | | 原文链接失效了?试试备份 | | TAGs:处理器 安全 | | saved date: Thu Jul 25 2024 14:00:12 GMT+0800 (中国标准时间) | |
|
|
| _2024_11_26_14:12:58_ | 2024_11_26 14:12:58 | | 从AWS的视角看机密计算 | | 原文链接失效了?试试备份 | | TAGs:虚拟化&容器 安全 | | saved date: Tue Nov 26 2024 14:12:58 GMT+0800 (中国标准时间) | |