• State Accepted Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 349 subscribers
  • Views 16661 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cortex-A7 initialization code & TrustZone/ Secure Boot

Vincent Siles

Hi,

I just got a raspberry pi 2 and I'd like to play with Trustzone.

People on the Raspberry forum http://www.raspberrypi.org/forums/viewtopic.php?p=697474#p697474 explained me how to

get my hand on the boot of the 4 core A7 CPU, and I managed to boot my kernel (at 0x8000) in monitor mode, thus I can

do pretty much whatever I want (by replacing the 'movs pc, lr' by a 'bx lr' at the end of the secure_monitor, cf line 50 at http://pastebin.com/rgGgBuTN).

However, I'm trying to understand the code they gave me, and I noticed some really weird situation:

- If I replace the 'smc #0' instruction line 80 with a 'cps #MON_MODE' followed by the body of the _secure_monitor handler, the boot hangs (see http://pastebin.com/TngpAmt1)

I thought that 'smc' only updated cpsr, sprs and lr. Is an explicit 'smc' instruction is required to successfully initialize a cortex A7 ?

- In the _secure_monitor, if I do not set SCR.NS to 1, I expected to stay in secure mode, but the boot hangs

- However, once I reached my code (0x8000), I can change SCR.NS any way I want.

I'm really not familiar with CPU initialization and SMP context, any help to understand what is happening is welcome !

Best,

Vincent

Parents
  • 0 Arm Employee Badge
    In the _secure_monitor, if I do not set SCR.NS to 1, I expected to stay in secure mode, but the boot hangs

    Does the default board setup actually set up any secure resources?

    In "normal" operation the system is flipped over to non-secure during boot, so I would expect most of the memory and peripherals to also have been configured as non-secure so that Linux / Android / etc is able to use them. In your case you need some secure resources to be available to the software (or secure page tables configured to access non-secure memory areas - although this doesn't carry any security benefits).

    HTH,
    Pete

Reply
  • 0 Arm Employee Badge
    In the _secure_monitor, if I do not set SCR.NS to 1, I expected to stay in secure mode, but the boot hangs

    Does the default board setup actually set up any secure resources?

    In "normal" operation the system is flipped over to non-secure during boot, so I would expect most of the memory and peripherals to also have been configured as non-secure so that Linux / Android / etc is able to use them. In your case you need some secure resources to be available to the software (or secure page tables configured to access non-secure memory areas - although this doesn't carry any security benefits).

    HTH,
    Pete

Children