Hello, experts:
My platform has a Cortex-A9 MPCore CPU, It supports the trustzone tech.
I tried to switch the non-secure world to secure world in Linux but It is hard to implement.
I have a question about the trustzone about Monitor Vector Base Address Register(MVBAR).
SMC(secure monitor call) exception can enter the secure world.
Monitor Vector Base Address Register(MVBAR) holds the exception base address for all exceptions that are taken to Monitor mode.
But MVBAR only accessible from Secure PL1 modes.
How can I access MVBAR initially in the secure world?
Anything to enter the secure world initially?
Thank you for reading my question.
Best wishes,
Once your are in normal world (aka non-secure) you can only switch to secure by a SMC. And you need to have a monitor running. Check out ARM TEE or ATF (search on github).
I'm always thank you for your reply.
I have an additional question about implementing SMC.
Following Cortex-A9 RFM,"The processor always boots in the privileged Supervisor mode in the Secure state, with the NS bit set to 0."
"The processor always boots in the privileged Supervisor mode" means bootloader like u-boot?
Or it means secure extension in Linux bootstrap?
Hi scribnote5,
Most probably your Cortex-A9 boots into your platform romcodes,
which loads and execute the next software component (e.g. u-boot or even directly Linux kernel).
You need to tell us a bit more about your platform I think.
On some platforms, romcode will first switch to non-secure world before booting (for example TI OMAP).
On some others, romcode will stay in secure world and boot, so that the next software component can decide what to do (for example NXP i.MX).
Best regards,
Vincent.
Thank you for your reply.
My platform is NXP i.mx6(sabre lite, cortex-a9).
When the sabre lite power on, romcode(u-boot) boots in the secure world.
Next, Linux will execute in non-secure world.
If I implement the secure extension, I must implement in u-boot.
Is it right for your reply?
I think a while ago on i.MX6 Linux would execute in secure world by default:
https://community.nxp.com/thread/394176
Did you do something in u-boot to switch to non-secure before booting Linux?
Not yet, I have been finding a method to enter the secure world.