For a TrustZone enabled processor, what if a normal world application (e.g. 3rd party application) directly uses SMC instruction to request a secure world entry? In a typical case, it it a responsibility of monitor SW or Secure OS kernel to authenticate the request? Thanks!
The SMC instruction isn't available in User space (EL0 in ARMv8 terminology, PL0 in ARMv7). So the application would at least need to make a kernel call first. But you could ask them question about a third party kernel module.
In a typical case, it it a responsibility of monitor SW or Secure OS kernel to authenticate the request?
Basically correct. You can't stop malicious code from making, for example, a payment request call. Which is why the Secure world would be responsible for the authentication.
Hi Martin,
I am currently using a Cortex-A9 MCU (NXP i.MX6Solo).
Could you please tell me that how do I know if the system is in secure world or non-secure world(normal world) ?
How can I disable the trustzone? is this possible?
Thank you!
Rui
I don't know have any information on the specific part you are using, for that you'd have to go to NXP.
But the Cortex-A9 does implement the Security extensions, so both Security states will be present. That doesn't mean you'll necessarily have access to Secure state. Some manufactures use Secure state to house their device specific firmware.
How can I disable the trustzone?
Strictly - no. But that doesn't mean you have to use it. You could do the system initialization in Secure state, install a dummy Monitor vector table (one that always immediately returns), and then enter Normal world.
Whether you can do this, will depend on whether the part has it's own pre-baked Secure world code. Again, I'm afraid a question for NXP.
Assuming for the moment it does give you access, there are good reasons for putting things like low level power management firmware into Secure state. So it's something you might want to consider.
Thanks a lot Martin!
I checked the description from "Cortex-A9 Technical Reference Manual" Revision: r4p1, in page 4-6 (pdf page 55). I found the SCR register is short for "Secure Configuration Register", and its NS bit (0th bit, non-secure bit) is used to show whether the system is in the secure or the non-secure world. This SCR register belongs to CP15 C1 registers.
In the manual after the term of SCR, there are two superscript notes, one says, "No access in Non-secure state.", another says "SCR[6] is not implemented, RAZ/WI.".
However, in the "Cortex-A5 Technical Reference Manual" Revision: r0p1, in page 4-15 (pdf page 64), there is no such superscript note shows the SCR register is not implemented(indicating the SCR is implemented in Cortex-A5?).
Yesterday, with the Cortex-A9 MCU (i.MX6Solo), I tried to read out the value of SCR register in CP15 C1, and the value was 0x00000000. The NS bit (0th bit, non-secure bit) was 0, I am not sure whether the system was in the secure world or not.
Thanks a lot again!
In the manual after the term of SCR, there are two superscript notes, one says, "No access in Non-secure state.", another says "SCR[6] is not implemented, RAZ/WI.". However, in the "Cortex-A5 Technical Reference Manual" Revision: r0p1, in page 4-15 (pdf page 64), there is no such superscript note shows the SCR register is not implemented(indicating the SCR is implemented in Cortex-A5?).
The SCR will be present on all ARMv7-A processors that implement the Security extensions. This includes the Cortex-A5 and Cortex-A9.
The SCR is Secure access only. Attempting to read it from Non-secure state will result in an Undefined Instruction exception. So if you are able to read it successfully, you can infer you must be in Secure state.
Great! This is very helpful, Thank you Martin!