I am trying to do a proof-of-concept running the Apache NuttX RTOS on STMicroelectronic's ST32L562E-DK board as the non-secure application with TrustedFirmware-M (ST's port of TF-M provided with STM32CubeL5). The ARM core on STM32L5xx MCUs is a Cortex-M33.
I can build, sign and flash NuttX as the non-secure application and TF-M boots into the RTOS initialization code. However, once the RTOS initialization code issues the first SVC instruction (to request an initial context switch to the 'init' task) the corresponding exception handler is not called (I do see systick exception handler calls, so generally the vector table seems to be set up correctly).
What could be the reason that an SVC instruction does not trigger the corresponding exception handler (both the SVC and the handler being in non-secure code)?
Any help is highly appreciated.
I figured it out: The RTOS uses SVCs while interrupts are disabled, which causes HardFaults. It then detects this situation in the HardFault handler and actually forwards execution to the SVCall handler.
With standard settings the HardFault handler will switch to the Secure mode, though. Setting the BFHFNMINS bit in the SCB->AIRCR from the secure boot loader before starting the RTOS resolved the situation (it causes HardFaults to be presented in NonSecure state).
Thanks and bye,
The reason for SVC instruction does not trigger the exception might be related to the priority settings of SVC exception.
As I understand from your original post, the interrupts are disabled in your case. There is possibility that PRIMASK register is set to 1 masking out all configurable exceptions including SVC leading to your execution priority at 0x0. Assuming that SVC priority is 0x0 and when an SVC instruction is executed at same level of executing priority of 0x0, then it leads to Hardfault escalation. Ideally, it is recommended to fix the reason behind this Hardfault escalation.
Now, configuring this escalated secure Hardfault handler to non-secure Hardfault via AIRCR.BFHFNMINS could lead to UNPREDICTABLE results. (Refer: Armv8-M Architecture Reference Manual – Information statement -> I-QRDM).
Hence, instead of configuring AIRCR.BFHFNMINS bit to route escalated Hardfault to Non-secure domain, it will be good to understand the priority settings of SVC exception.
If in case you are using PRIMASK, then you could try to program BASEPRI register to watermark the list of interrupts/exceptions that you would like to disable.
Hope this helps
thanks for making me aware that setting AIRCR.BFHFNMINS is not a good idea. I will try to debug the PRIMASK settings.