How to read non-secure SP_EL1 in BL31?

I am using Linaro's Android release on Juno r1. While the Android OS is running, i switched into EL3 by smc instruction. Then, in the smc handler of BL31, i want to read the value of SP_EL1 register in the Android to verify the current process in the OS. However, when i try to use inline assembly to read the register in the smc handler of BL31, I failed.

I think we have only one SP_EL1 register for both normal world and secure world. So maybe the trust firmware has saved the old SP_EL1 while entering secure world, am i correct? Then how can i get the

SP_EL1 value of the normal OS? I need it to get the information about current running process of the normal OS, or is there any other way to know which process is running in the normal OS from EL3?

Thanks so much for any help!

Parents
  • Hello

    What do you mean when say you failed to read the register in the SMC handler? Do you mean you don't get the expected value, or that something else goes wrong?

    You're correct in that Trusted Firmware might save off the register state of the Rich OS (Android), including its stack pointer, and you can see this in common/aarch64/context.S:

    func el1_sysregs_context_save

        ...

        mrs x10, sp_el1

        mrs x11, esr_el1

        stp x10, x11, [x0, #CTX_SP_EL1]

        ...

    But, I don't think it would actually save off and then overwrite the value of SP_EL1 unless it was trying to context switch to the Trusted OS (e.g. the TSP or OP-TEE) running at Secure-EL1.

    Please can you clarify:

    • What you mean when you say you failed to read the SP_EL1 register
    • The value in the X0 register when you make the SMC call from Android (i.e. the requested function ID)
    • How you've modified Trusted Firmware's SMC handler to read the SP_EL1 register
      • Which file, which function, etc

    Cheers,

    Ash

Reply
  • Hello

    What do you mean when say you failed to read the register in the SMC handler? Do you mean you don't get the expected value, or that something else goes wrong?

    You're correct in that Trusted Firmware might save off the register state of the Rich OS (Android), including its stack pointer, and you can see this in common/aarch64/context.S:

    func el1_sysregs_context_save

        ...

        mrs x10, sp_el1

        mrs x11, esr_el1

        stp x10, x11, [x0, #CTX_SP_EL1]

        ...

    But, I don't think it would actually save off and then overwrite the value of SP_EL1 unless it was trying to context switch to the Trusted OS (e.g. the TSP or OP-TEE) running at Secure-EL1.

    Please can you clarify:

    • What you mean when you say you failed to read the SP_EL1 register
    • The value in the X0 register when you make the SMC call from Android (i.e. the requested function ID)
    • How you've modified Trusted Firmware's SMC handler to read the SP_EL1 register
      • Which file, which function, etc

    Cheers,

    Ash

Children
More questions in this forum