I am working on the trust zone extension on raspberry pi B+ which has the ARM1176JZF-S processor. According to given documentation on arm11, there will be 3 exception vector tables each for Secure world, Non-secure(NS) world and monitor mode resp. And c12 register will hold the base address of both secure and NS world exception vector table base addresses.
I added both these addresses to the c12 register in their corresponding worlds(Secure / NS). I tried SWI (svc) in both worlds. I found that it is working fine in secure world but in the NS world the control goes to the NS reset handler for a SWI instead of SWI handler. I used the following commands :
For secure world : LDR r0, =_start //_start - base address of secure vector table MCR p15, 0, r0, c12, c0, 0 For Non-secure World : LDR r0, =_ns_start //ns_start - base address of non-secure vector table MCR p15, 0, r0, c12, c0, 0
Here is my code: arm_bare_metal/trustzone-smc at master · avk7vk/arm_bare_metal · GitHub
Please let me know the issue here .
Shouldn't _ns_start have some alignment directive before it? Right now it's at offset 0x3c if I'm counting right.
Slightly off topic, you don't need a stack per mode anymore these days (v6 is recent enough to have srs/rfe).
Also, pretty cool that the RPi lets you play with TrustZone, maybe I might get one after all... I like TI's SoCs overall, but very irritatingly on their "GP" (general purpose) devices they make secure world permanently inaccessible*, instead of allowing it to be used freely. Given that TrustZone is essentially a kind of specialized virtualization with extremely fast context switching between the two "VMs", it would be very useful to run an RTOS in secure world in parallel to linux.
*well, thanks to the crappy secrom code I almost got access, except they've also got a piece of logic called the "Secure State Machine" sitting next to the CPU watching it for "suspicious" behavior and when I pulled my trick it got angry at me and hit the reset button. Oh well...
Yes, you were right , there should be ".align 5" directive before it. The last 5 bits of base vector address register are ignored so base vector address should be 32 byte aligned.