Software security aspects and how they integrate the hardware’s available features
From the processor perspective, the 32-bit physical address space (4 GB) is the same, but it has a 33rd bit that permits qualifying the address space accessed as Secure or NS. Also, the processor hardware is implemented as a dual virtual core, one of which is Secure; the other is NS. The hardware also implements a context-switching mechanism between the two virtual cores. This mechanism is known as Monitor mode. The NS bit set on the processor bus interface is a direct reflection of the actual virtual core performing the transaction. The NS virtual processor can only access NS peripherals, whereas the Secure one can view the full system resources. The following diagram shows the logical transition path between the Normal software execution mode and the Secure software execution mode, otherwise known as Normal world and Secure world, respectively:
Figure 11.5 –...
