I found that when a secure function calls a non-secure function, before jumping to non-seucre state (either to thread or to handler), the registers r0-r12 (except for the reg passing argument) are cleared.
But in the case when non-secure callable function returns to non-secure function, only r0-r3 and r12 are cleared. So i think there is a risk of being exposed by r4-r11. So is this a threat to secure system?
And I want to know why don't the development tools clear all the registers in the second case?
Thanks a lot !
View all questions in TrustZone for Armv8-M forum