[A-29]ARMv8/v9-GIC-中断子系统的安全架构设计(Security/FIQ/IRQ)

ver0.1

前言

打开这篇文章的时候，我们已经为每一个中断信号规划一条路径，在外设和PE-Core之间建立了消息通道，外设有紧急的情况下可以给SOC中的大哥打报告了。下面就把接力棒就交到了CPU手里了，但是PE-Core要交给那个Exception Level以及Security下运行的软件处理呢？本文就要探讨这个课题，也就是吧中断子系统在ARM的安全框架下的工作机制和大家讨论清楚。同样本文也需要一些基础，这里面推荐一些文章，建议大家先读一读，找找感觉，都已经进行了口语化处理了，希望小伙伴们能多点击，多指教：
(1) [V-02] 虚拟化基础-CPU架构(基于AArch64)
(2) [V-05] 虚拟化基础-异常模型(Exception)(AArch64) .
(3) [A-25]ARMv8/v9-GIC的系统架构(中断的硬件基础)
(4) [A-26]ARMv8/v9-GIC的中断类型
(5) [A-27]ARMv8/v9-GIC的核心组件(中断编程的基础组件)
(6) [A-28]ARMv8/v9-GIC中断信号的路由机制与策略

正文

1.1 Security State

我们这里花费一个小结的篇幅简要的介绍一下ARM的安全状态，如图1-1所示，如果对ARM的安全架构非常了解的小伙伴可以直接跳过本节。

我们先来看一下手册中对ARM安全架构的介绍：

The Normal world runs a rich software stack. This software stack typically includes a large application set, a complex operating system like Linux, and possibly a hypervisor. Such software stacks are large and complex. While efforts can be made to secure them, the size of the attack surface means that they are more vulnerable to attack.
The Trusted world runs a smaller and simpler software stack, which is referred to as a Trusted Execution Environment (TEE). Typically, a TEE includes several Trusted services that are hosted by a lightweight kernel. The Trusted services provide functionality like key management. This software stack has a considerably smaller attack surface, which helps re