Bureaucrats, dave_user, Administrators
4,650
edits
Changes
→Limitations of traditional configurations
The following list recaps the typical requirements that such systems must meet. This list has been compiled on the base of real world use cases (specifically medical, transportation, automation and telecom applications):
* ''real-time and non real-time tasks integration'': on the same physical component it is required that non real-time and real-time world coexist; this allows overall design simplification, BOM reduction and better integration
* the non real-time world - denoted as W2 in the rest of the document - is based on a well-known operating system such as linux
* the real-time world - denoted as W1 in the rest of the document - is based on a RTOS or a bare metal executable
* ''inter-world communication and data sharing'': the two worlds must have the capability to:
*# communicate via asynchronous mechanisms
*# share data
* ''integrity'': W1 must guarantee a high reliability level, no matter how the other world behaves; in other words, W1 can not be altered by any kind of actions taken by the code executed in W2.
The traditional AMP<ref name="AN-BELK-001"></ref> configuration satisfies all of these requirements except the last one. For example an application with ''root'' privileges or code executed in kernel space can access memory regions that are supposed to be exclusively accessed by code executed in W1. This may lead to unpredictable behaviors and potentially to catastrophic consequences. This is where TrustZone technology comes to help: it creates a sort of barrier between the two worlds and prevents W2 code from unauthorized accesses to certain regions in the processor's addressing space.