• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 347 subscribers
  • Views 9288 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non-secure code calling secure code - Boot Loaders

Jotham Manoranjan

I have a few questions regarding the interaction of secure and non secure code:

1. It is clear to me that non-secure code can only call secure code that is marked non-secure callable, and through certain gateway instructions. However, it is unclear whether or not secure code can call non-secure code.  For instance, if I have two boot loaders, one an SOC boot loader, that runs first on startup and then a device boot loader that makes user specific configurations: can the SOC boot loader be secure and the device boot loader be non-secure? how can I branch from a secure region to a non-secure region?

2. Can secure code access non secure memory, through the MPC?

3. Can secure code access non-secure peripheral registers through the PPC?

  • 0
    1. On a typical system, firstly, the system boots up in Secure state and runs secure firmware.  In general, the secure firmware carries out some security checks, before performing various initialization tasks such as running C library startup code and SAU programming. Assuming that this system boot loader is your SOC boot loader, assuming that this is expected to be in secure state. Now, in order to jump from a secure code to a non-secure code, BXNS/BLXNS instruction should be used. A series of steps need to be carried out in secure state before calling a non-secure function call if a programmer is writing the code in assembly (like saving non-banked registers to secure memory, the LSB of branch target address should be set to 0, clear all non-banked registers). However ACLE defines CMSE function attribute __attribute__((cmse_nonsecure_call)) that creates a non-secure function pointer. This special function attribute can be used to force a CMSE compliant compiler to carry out the steps listed above.

     2 & 3 : Secure and Non-secure are the security attribute of address regions while MPC/PPC act as a gate-keeper to effectively change the address of the memory or peripheral appear in secure or non-secure addresses.

  • 0

    MPC and PPC decides the security attributes of the memory and peripheral regions.
    Which are accessed accordingly using the Secure and Non-secure alias addresses.

    1. Agree with previous comment from Uma
    2. Yes secure code can access Non-secure memory and non-secure peripheral register through Non-secure alias addresses.