Hi guys,
I found that when a secure function calls a non-secure function, before jumping to non-seucre state (either to thread or to handler), the registers r0-r12 (except for the reg passing argument) are cleared.
But in the case when non-secure callable function returns to non-secure function, only r0-r3 and r12 are cleared. So i think there is a risk of being exposed by r4-r11. So is this a threat to secure system?
And I want to know why don't the development tools clear all the registers in the second case?
Thanks a lot !
Wenchuan
Hi Wenchuan2018,
I'm sorry for jumping into the discussion.I think from r4 to r11 would be the callee saved registers.This means r4-r11 would not change in the secure world.Therefore, the observed values of r4-r11 by the function in the non-secure world after calling the secure world, would be the previous values before calling the secure world.
I hope this will help you.Best regards,Yasuhiko Koumoto.
Hi there,
Thanks for reply.
You mean that if necessary, the callee should push the r4-r11 and pop them at the end?
Best regards