Semi News
CCA
TrustZone
the Confidential Compute Architecture
the Realm Management Extension (RME
TrustZones
OS
Realms
Linux
Monitor
IoT
the Granule Protection Table
GPT
MMU
Granule Protection Check
the Normal, Secure, Root
the Arm CCA
Realm Management Monitor
RMM
Realm Management Interface
RMI
Intel
Generation Xeon Scalable
IPC
LLC
diagram).As
Granules
No matching tags
Realms”
Ice Lake
No matching tags
No matching tags
No matching tags
Software developers will be able to check for CCA support by checking if the Realm Management Extension (RME) feature is present on the CPU (more on this later).Previously, a high-trust environment was only accessible to silicon vendors and OEMs through things such as TrustZones. With the new Realm Management Extension, pages can now transition from the non-secure world to the secure world and back again. As a side note, when RME is being used exclusively for the enhancement of TrustZone (i.e., no Realms) with dynamic memory capabilities, this specific feature is now being called “Arm Dynamic TrustZone Technology.”Under the current architecture (Armv8.4-SecEL2), there are two worlds: Secure and Non-Secure (Normal). Software running within the secure world is able to access both secure and normal world memory.Under the new RME, two new security states have been added: Root and Realm. The new Root address space is protected from all other address spaces even the secure world.The new Realm Management Extension provides the ability to dynamically transition pages of memory between these physical address spaces. Note that any memory assigned to the Normal, Secure, Root, and Realm world is encrypted by the hardware prior to written to DRAM.As part of the Arm CCA, a new firmware/software architecture is also defined.
As said here by