• State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 351 subscribers
  • Views 14412 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Calling None-Secure method directly from Secure world

rising

Hi:

    If CPU is in secure state, and calling the none-secure world method. Dose this allowed or it will generat a security fault

  • 0

    Hello,

    If you are changing secure OS, you can do that. You might need to map the normal world functions to secure world.

    However, in general, this is not recommended because a malicious function can be executed with secure world privilege, which will compromise the secure world.

  • 0 in reply to Grent

    Hi Grent:

        Thanks for you reply.     

        One thing want to know is that, If calling NS world method directly (which is in none-secure memory setup by SAU), for example using BL not BLNS to branch to a none-secure method address, will this leading to secure fault.

  • 0 in reply to rising

    I didn’t realize that the question was about trustzone on v8-m. On v8-a, it is doable as long as the region is set as executable for both worlds by TZASC. 

  • 0 Arm Employee Badge

    For Armv8-M, Secure code can call Non-secure functions (using BLXNS instruction).

    When this happen, the return address is automatically pushed to Secure stack, the and LR (link register) is updated to a special value called FNC_RETURN (function return. When Non-secure function ended and return with FNC_RETURN, the real return address is extract from Secure stack.

    With this method, it is not possible for Non-secure world to modify the actual return address.

    regards,

    Joseph

  • 0 Arm Employee Badge

    In addition to Joseph's comments, please note that the Arm Compiler 6 has full support for developing with secure and non-secure world code, including the generation of the appropriate BLXNS instruction etc. Please see the below application note, written for MDK, though equally applies to the DS-5 tool if that is your preference (both toolkits include the Arm Compiler.

    www.keil.com/.../apnt_291.pdf

  • 0 in reply to Ronan Synnott

    Thank you guys for help.

    I just wandering about the protections about in secure state directly call to none-secure method through function pointers, not using BLXNS, just BLX. I found that it will causing fault exceptions on our testing platform.

  • 0 Arm Employee Badge in reply to rising

    Hi Rising,

    Other than the branch instructions which are dedicated to be executed for state transitions (like BLXNS, BXNS), the existing branch instructions like BLX, BX, BL <label> instructions when executed from secure state to a non-secure state address shall result in a secure-fault.

    However, if the existing branch instructions like BLX, BX, BL <label> is executed from non-secure state to a secure target address with the target state bit set to 0 shall result in usage fault.

    Hope this helps.

    Thanks,

    Uma