<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://community.arm.com/utility/feedstylesheets/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/"><channel><title>SMC instruction</title><link>https://community.arm.com/developer/tools-software/tools/f/armds-forum/1111/smc-instruction</link><description> Note: This was originally posted on 22nd January 2013 at http://forums.arm.com Good day. I have a question - where I can get the #immediate value (4bit) in Secure Monitor Exception Handler, when called SMC instruction with non zero parametr - #imm-4</description><dc:language>en-US</dc:language><generator>Telligent Community 10</generator><item><title>RE: SMC instruction</title><link>https://community.arm.com/thread/3449?ContentTypeID=1</link><pubDate>Wed, 11 Sep 2013 11:08:40 GMT</pubDate><guid isPermaLink="false">dd9e70c8-6d3c-4c71-b136-2456382a7b5c:17576375-9f09-4e82-8fce-01d83a01369c</guid><dc:creator>sandemuk 01</dc:creator><description>&lt;div&gt;&lt;i&gt;Note: This was originally posted on 22nd January 2013 at &lt;a href="http://forums.arm.com"&gt;http://forums.arm.com&lt;/a&gt;&lt;/i&gt;&lt;br /&gt;&lt;br /&gt;&lt;span&gt;The immediate value passed with the SMC instruction can be retrieved by reading back the SMC instruction opcode. The address of SMC instruction can known from the link register of monitor mode. Consider the following code sequence:&lt;/span&gt;&lt;br /&gt;&lt;span&gt; &lt;/span&gt;&lt;br /&gt;&lt;span&gt;IA&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; Instructions&lt;/span&gt;&lt;br /&gt;&lt;span&gt;------------------------------------------&lt;/span&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt; ...&amp;#160;&amp;#160;&amp;#160;&amp;#160; ...&lt;/i&gt;&lt;br /&gt;&lt;i&gt;0x840&amp;#160;&amp;#160;&amp;#160; i0&lt;/i&gt;&lt;br /&gt;&lt;i&gt;0x844&amp;#160;&amp;#160;&amp;#160; i1&lt;/i&gt;&lt;/strong&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt;0x848&amp;#160;&amp;#160;&amp;#160; SMC #10&lt;/i&gt;&lt;/strong&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt;0x84C&amp;#160;&amp;#160;&amp;#160; i3&lt;/i&gt;&lt;/strong&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt; ....&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; ...&lt;/i&gt;&lt;/strong&gt;&lt;br /&gt;&lt;span&gt; &lt;/span&gt;&lt;br /&gt;&lt;span&gt;where IA is the instruction address&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span&gt;When the SMC instruction is executed, a software exception is generated changing the CPU state with LR_mon/R14_mon getting updated with 0x84C (basically address of SMC instruction+4 irrespective of whether the SMC was executed in ARM or Thumb mode). So in the monitor exception handler, we can read back the SMC instruction opcode and extract the immediate value in the following way:&lt;/span&gt;&lt;br /&gt;&lt;span&gt; ... initial code for monitor handler....&lt;/span&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt;LDR r0, [r14, # - 4]&lt;/i&gt;&lt;/strong&gt;&lt;br /&gt;&lt;strong&gt;&lt;i&gt;AND r0, r0, #0xF&lt;/i&gt;&lt;/strong&gt;&lt;span&gt;&amp;#160;&amp;#160; (The immediate value is encoded in bits[3:0] of SMC instruction for both ARM and Thumb encoding)&lt;/span&gt;&lt;br /&gt;&lt;span&gt; &lt;/span&gt;&lt;br /&gt;&lt;span&gt;Hope this helps.&lt;/span&gt;&lt;/div&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: SMC instruction</title><link>https://community.arm.com/thread/3447?ContentTypeID=1</link><pubDate>Wed, 11 Sep 2013 11:08:39 GMT</pubDate><guid isPermaLink="false">dd9e70c8-6d3c-4c71-b136-2456382a7b5c:391dd352-4fe8-40ad-9fdd-af651b583621</guid><dc:creator>Peter Harris</dc:creator><description>&lt;div&gt;&lt;i&gt;Note: This was originally posted on 27th January 2013 at &lt;a href="http://forums.arm.com"&gt;http://forums.arm.com&lt;/a&gt;&lt;/i&gt;&lt;br /&gt;&lt;br /&gt;&lt;span&gt;Bear in mind that the SMC instruction is used to switch worlds, so you tend to get an address in the &amp;quot;other world&amp;#39;s&amp;quot; virtual address map in LR, which in many cases may not be the same as the currently running software. Direct access of the address in LR is therefore unlikely to do what you want - it may well page fault, or at least return utterly unrelated data.&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span&gt;This generally makes it very hard to use this feature of the SMC instruction; at least it makes it more hassle than it is worth - in most cases putting a constant in a register by hand as part of the cross-world smc call API is much easier.&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span&gt;HTH, &lt;/span&gt;&lt;br /&gt;&lt;span&gt;Iso&lt;/span&gt;&lt;/div&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>