Support forums

Architectures and Processors forum Problem switching from EL3 to non-secure EL1

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 350 subscribers
Views 5501 views
Users 0 members are here

Options

How was your experience today?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem switching from EL3 to non-secure EL1

zhak over 3 years ago

Cortex-A35 processor, AArch64 mode. Before setting up MMU and GIC, I'm trying to go from EL3 to non-secure EL1:

        msr VTTBR_EL2, xzr
        mov x0, SCR_EL3.RES1 or SCR_EL3.NS or SCR_EL3.RW or SCR_EL3.ST
        msr SCR_EL3, x0
        mov x1, SPSR.M.AArch64_EL1h or SPSR_EL3.A or SPSR_EL3.I or SPSR_EL3.F
        msr SPSR_EL3, x1
        adr x2, __el1
        msr ELR_EL3, x2
        ; all other system registers are set to their reset values. 
        ; SCTLR_EL1 = 0x00C50838
        ; HCR_EL2   = 0x0000000000000002

        eret

__el1:
        mov x10, 0xff220000  ; this simply turns on the LED on the board, 
        mov w11, 0x0020      ; for testing only
        str w11, [x10, 4]    ;
        str w11, [x10, 0]    ;
        b.al $

Switching to the secure EL1 (SCR_EL3.NS not set) works fine and the LED turns on.
However, it doesn't work when I try to go to non-secure EL1.

I also tried setting HCR_EL2.RW, but it didn't work:

        mov x0, HCR_EL2.RW
        msr HCR_EL2, x0

What am I missing?

0 42Bastian Schick over 3 years ago

Are you sure, that you can access the LED ports from NS mode?
Cancel
Up 0 Down

Cancel
0 zhak over 3 years ago in reply to 42Bastian Schick

I thought so at first, that maybe I just cannot access peripherals, but why such a restriction would ever apply? What could cause it? When MMU is disabled, I should be able to access all memory as Device_nGnRnE no matter if secure or not, as I understand it.

Is there any way to check this and make sure this is the issue?
Cancel
Up 0 Down

Cancel
0 42Bastian Schick over 3 years ago in reply to zhak

Depending on the SoC peripherals are by default secure. So you might have to program the peripheral to be NS before switching.
Cancel
Up 0 Down

Cancel
0 Zenon Xiu (修志龙） over 3 years ago

It is very possible that the GPIO controller of LED is secure device, which can only be programmed in secure state.
Cancel
Up 0 Down

Cancel
0 zhak over 3 years ago in reply to Zenon Xiu (修志龙）

From the TrustZone guide (https://developer.arm.com/documentation/102418/0100/TrustZone-in-the-processor) I learned that memory can be treated as secure. Probably this could be the case. Unfortunately, I don't have a debugger and all my debugging comes from output messages over UART or flashing LEDs. A scenario I can think of is: going NS.EL1, changing some variable, then going secure again and printing it over UART to confirm I enter EL1 and peripherals are in the secure addreess space. JFYI I'm working with the Rockchip RK3308-based board. Will post my further findings here.
Cancel
Up 0 Down

Cancel