



The hypervisor EL2 and Secure monitor EL3 have their own level 1 tables, which map directly from virtual to physical address space. The table base address is specified in TTBR0_EL2 and TTBR0_EL3 respectively, enabling a single contiguous address space of variable size at the bottom of memory. The TG field specifies the granule size and the SL0 field controls the first level of table lookup. Any access outside the defined address range causes a translation fault.

The Secure monitor EL3 also has its own dedicated translation tables. The table base address is specified in TTBR0_EL3 and configured via TCR_EL3. Translation tables are capable of accessing both Secure and Non-secure physical addresses. TTBR0_EL3 is used only in Secure monitor EL3 mode, not by the trusted kernel itself.

When the transition to Secure world has completed, the trusted kernel uses the EL1 translations, that is, the translation tables pointed to by TTBR0_EL1 and TTBR1_EL1. As these registers are not banked in AArch64, Secure monitor code must configure new tables for the Secure world and save and restore copies of TTBR0_EL1 or TTBR1_EL1.

The EL1 translation regime behaves differently in Secure state, compared to its normal operation in Non-secure state. The second stage of translation is disabled and the EL1 translation regime now points to both Secure and Non-secure physical addresses. There is no virtualization in the Secure world, so the IPA is always the same as the final PA.

Entries in the TLB are tagged as Secure or Non-secure, so that no TLB maintenance is ever required when moving between Secure and Normal worlds.





差點被這一句“Only Non-secure EL1 and EL0 stage 2 translations are cached.”嚇尿的我,終於安心了,可以安心地在EL2中繼續寫點代碼了。

還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.