We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
Cortex-A35 processor, AArch64 mode. Before setting up MMU and GIC, I'm trying to go from EL3 to non-secure EL1:
msr VTTBR_EL2, xzr mov x0, SCR_EL3.RES1 or SCR_EL3.NS or SCR_EL3.RW or SCR_EL3.ST msr SCR_EL3, x0 mov x1, SPSR.M.AArch64_EL1h or SPSR_EL3.A or SPSR_EL3.I or SPSR_EL3.F msr SPSR_EL3, x1 adr x2, __el1 msr ELR_EL3, x2 ; all other system registers are set to their reset values. ; SCTLR_EL1 = 0x00C50838 ; HCR_EL2 = 0x0000000000000002 eret __el1: mov x10, 0xff220000 ; this simply turns on the LED on the board, mov w11, 0x0020 ; for testing only str w11, [x10, 4] ; str w11, [x10, 0] ; b.al $
Switching to the secure EL1 (SCR_EL3.NS not set) works fine and the LED turns on. However, it doesn't work when I try to go to non-secure EL1.
I also tried setting HCR_EL2.RW, but it didn't work:
HCR_EL2.RW, but it didn't work
mov x0, HCR_EL2.RW msr HCR_EL2, x0
What am I missing?
From the TrustZone guide (https://developer.arm.com/documentation/102418/0100/TrustZone-in-the-processor) I learned that memory can be treated as secure. Probably this could be the case. Unfortunately, I don't have a debugger and all my debugging comes from output messages over UART or flashing LEDs. A scenario I can think of is: going NS.EL1, changing some variable, then going secure again and printing it over UART to confirm I enter EL1 and peripherals are in the secure addreess space. JFYI I'm working with the Rockchip RK3308-based board. Will post my further findings here.