Hi this is more a discussion then a question:
What is the benefit of TrustZone (Secure/Non-Secure) vs. hyp (EL2) mode?
As to my knowledge, both need support on the SoC for the separation. Either direct the NS-signal to the peripheral (including all kinds of memory) or the need for a System MMU (SMMU) in case of the Hyp-mode (if DMA is involved).
So my question is, can TrustZone provide a stronger separation then Hyp mode?
Or is the only benefit, that the TrustZone separation can be done with less effort and with less code?
If secure booting is no goal but separation of - for example - a functional safe RTOS from a non-safe GPOS like Linux, then IMHO, Hyp mode is as good as TZ, even better as data aborts are precise and need no modification of the guest (whereas data aborts due to TZ viollation are imprecise).
Any thought? |