Open tarek-bochkati opened 5 days ago
Update: In Open-CMSIS-Pack meeting we discussed the potential usage of TZ-disabled
.
We noted the following:
Dsecure |
TZ-disabled |
Secure |
Non-secure |
---|---|---|---|
FLASH addr | 0x08000000 |
0x0C000000 |
0x08000000 |
For the Full-secure
proposal, we need to use secure mapping (0x0C000000
) which is different from TZ-disabled
mapping (0x08000000
)
Conclusion: using TZ-disabled
do not satisfy this use-case
During the meeting we have also discussed whether there should be a separate attribute indicating that the Secure
project will not be combined with one or more related Non-secure
projects. Which means there is no need for resource partitioning and there must not be a cmse-lib.o created.
I think adding another attribute may make things more complicated than necessary. I prefer the term:
Secure-only
Current situation
Dsecure
accepts 3 possible valuesNon-secure
,Secure
andTZ-disabled
.The problem
We generally use
Non-secure
andSecure
conditions to provide Startup component files that serves co-existing secure and non-secure applications.To enrich Startup with files serves only a secure application that uses the full memory space, we need to enrich the
Dsecure
with a value that checks for such condition.Proposal
We propose to add
Full-secure
(or equivalent) to permit selecting a set of files to satisfy the use-case where all memory resources are reserved for a single secure application (no jump to non-secure)