Hi guys,
I found that when a secure function calls a non-secure function, before jumping to non-seucre state (either to thread or to handler), the registers r0-r12 (except for the reg passing argument) are cleared.
But in the case when non-secure callable function returns to non-secure function, only r0-r3 and r12 are cleared. So i think there is a risk of being exposed by r4-r11. So is this a threat to secure system?
And I want to know why don't the development tools clear all the registers in the second case?
Thanks a lot !
Wenchuan
Hi Diya,
Thanks for your answer. I will make my question more clear.
I found that in the case when non-secure callable function returns to non-secure function, only r0-r3 and r12 registers are cleared. While in the case when secure function calls a non-secure function, all registers r0-r12 are cleared.
I think in the second case, it is secure enough to protect the register not being observed. While in the first case, r4-r11 still have the risk of being exposed. So why don't the development tools clear all the registers in the first case?
Best regards,
Hi Wenchuan2018,
I'm sorry for jumping into the discussion.I think from r4 to r11 would be the callee saved registers.This means r4-r11 would not change in the secure world.Therefore, the observed values of r4-r11 by the function in the non-secure world after calling the secure world, would be the previous values before calling the secure world.
I hope this will help you.Best regards,Yasuhiko Koumoto.
Hi there,
Thanks for reply.
You mean that if necessary, the callee should push the r4-r11 and pop them at the end?
Best regards