Worlds
Isolation is achieved by exploring the same CPU in two different worlds (or states).
Normal world -> for running the Rich OS.
Secure world -> for running the Secure OS.
A CPU flag bit defines the current world.
NS bit of the SCR (Secure Configuration Register)
0 - Secure state
1 - Non-secure state
Protected hardware resources
ARM (v8) exception levels
Similar to run levels.
TrustZone introduces one EL more.
Secure monitor (EL3).
Combination of exception levels and states.
Access to the Secure world
Calls from the Rich OS.
SMC (Secure Monitor Call).
Typically implemented by Rich OS drivers.
Interrupts from the Secure hardware.
Must be handled by the Secure OS.
Both enter first in EL3.
They are then dispatched to the Secure world.
Last updated
