Why would one use non-secure memory regions

Question

Hi there, 
 According to our understanding, on CPU reset the entire core is set to the secure except for non-secure peripherals. Is this understanding correct? 
 We are trying to figure out why one would want to use non-secure regions at all, instead of just running the entire application as secure, which is the default at CPU reset above. Is it possible to provide is with some simple use cases just so that we can better understand this? 
 Kind regards, 
 Frikkie

Sigurd Hellesvik · Accepted Answer

Hi 
 Frikkie Badenhorst said: If a hacker gains access to your system and ALL firmware is running on the secure domain, he will still be able to control the elevator even though it is in the "secure domain"? Is this understanding correct? I can see where the confusion comes from. 
 Yes, from what you write it looks like you understand the example. To learn the technical details on the topic, I recommend that you have a look at the Arm Developer site for Platform Security . 
 Frikkie Badenhorst said: What other security features are there that we can use in order to prevent someone from accessing our firmware? For example most chips I know, has a lock bit which you can write, and when set, you can only connect with a debugger after erasing the chip. 
 I think what you are looking for here is the access port protection mechanism . For 52 Series, also see our recent blogpost: Working with the nRF52 Series' improved APPROTECT . 
 Regards, Sigurd Hellesvik

Why would one use non-secure memory regions

Top Replies