How does ARM11 respond to a non-secure interrupt in secure mode?

Note: This was originally posted on 19th March 2009 at http://forums.arm.com

Hi All,
Assuming that ARM11 is running a secure process and receives a non-secure IRQ or FIQ, how does ARM11 respond to a non-secure interrupt? What should hardware do? And, what should software do? How does ARM11 guarantee that data of secure world not expose to the non-secure interrupt? Can anybody clarify the above questions? Thanks.
  • Note: This was originally posted on 20th March 2009 at http://forums.arm.com

    The key point is that *all* non-secure software (including all non-secure interrupt handlers) must be executed in the non-secure state so that the all non-secure code has no access to secure code or data. Well-written secure software (including the secure monitor) can ensure that this is that case (using the techniques described by isogen74).

    One convenient policy is to dedicate IRQs to the nornal world, and to dedicate FIQs to the secure world. This allows the routing to be simple and efficient, going through the secure monitor only when necessary.
  • Note: This was originally posted on 19th March 2009 at http://forums.arm.com

    It depends on the configuration of the Secure Configuration Register set by the Secure World code, and the status of the I and F interrupt masks in the CPSR when running in the Secure World.

    > How does ARM11 guarantee that data of secure world not expose to the non-secure interrupt?

    The hardware enforces banking of critical CP14/15 registers - but the software is responsible for security of the general purpose registers (and VFP, etc). The hardware will just route the interrupt to monitor mode if that is how the SCR is configured - monitor mode software must ensure that no secure data in registers leaks across to the normal world.
  • Hi,

    Actually this type of interrupt can be routed to EL3, Secure-EL1, Non-secure EL1 or EL2 depending ... Interrupt is routed to the FEL when execution is in non-secure state. ..... This is defined as the asynchronous mode of handling interrupts. ..... Secure-EL1 interrupt handling or for resuming the preempted standard SMC in response ...

    visit: https://routerlogin.ink

More questions in this forum