Introduction

SPE (Secure Processing Environment) technology isolates secure firmware and critical information from the rest of the application, reducing the possibility of attacks. The SPE of the Ameba series SoC adopts the Arm TrustZone security architecture. TrustZone technology divides the system and software/hardware into Secure World and Normal World, so that secure resources (including memory, encryption hardware, secure storage, etc.) cannot be directly accessed by normal mode without security privileges. Secure mode can access both secure and non-secure resources, while normal mode can only access non-secure resources.

Realtek Km4 core is based on Cortex-M architecture, while CA32 core is based on Cortex-A architecture. The Cortex-M cores in Ameba series SoCs include Km4 core and Km0 core. Km0 core is a Non-secure core; some Km4 cores have Security functionality. Multiple IPs such as GDMA, Crypto Engine, OTP can also be configured with security protection, restricting the security attributes of code accessing these IPs. For detailed introductions to these IPs, please refer to their respective chapters.

The image3 secure firmware running in TrustZone secure mode can be encrypted using RDP technology to prevent secure code leakage. For firmware encryption methods, please refer to the RDP chapter.

Note

For more detailed information about TrustZone, please refer to the official ARM documentation:

• ARM Cortex-M TrustZone Official Documentation

• ARM Cortex-A TrustZone Official Documentation