This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non-secure call Secure used SG instruction cause Hard Fault

I tried to switch between secure and non-secure on M33. Based on the qemu mps2-an521 platform, with sau configured, the security can be switched to the non-secure state, and then I tried to switch to the secure state through the SG instruction, but it failed.

memory layout：

0x0200_0000 - 0x003F_FFFF (non-secure)

0x1000_0000 - 0x100F_FFFF (secure)

0x1010_0000 - 0x101F_FFFF (non-secure callable)

SAU config:

    SAU->RBAR = 0x10100000;
	SAU->RLAR = 0x101FFFE3;

NSC code:

	.thumb_func
	.section NSC,"aw"
	.globl   nsc_call
nsc_call:
	sg
	nop
	nop
	nop

secure ld：

    NSC (0x10100000):
    {
        *nsc*(.text*)
    } > RAM

non-secure caller code:

	ldr		r0, =0x10100001;
	bx 		r0

When the line of code 'bx r0' is executed, it will enter the secure world hard fault.

Any reason why this is occurring? I don’t know how to continue.

Thanks for any clues or suggestions.

Top replies

Thomas Coding over 4 years ago in reply to 42Bastian Schick +2 verified

Found the reason, IDAU not configure caused this problem MP2-AN521 IDAU some items are configurable. This memory not configured as NSC by default. Even if SAU is configured, it will not take effect....

0 42Bastian Schick over 4 years ago

Are you stepping? Did you try an endless loop in nsc_call and let the CPU just run?
Cancel
Vote up 0 Vote down

Cancel
0 Thomas Coding over 4 years ago in reply to 42Bastian Schick

Thanks for reply.

Yes, I used GDB stepping. After execute SG instruction, it jump to Hard Fault Handler.

as below:
Cancel
Vote up 0 Vote down

Cancel
0 42Bastian Schick over 4 years ago in reply to Thomas Coding

I do not think that you can "step" SG. Is it a JTAG debugger? I'd make an endless loop in nsc_call(), let run, then break.
Cancel
Vote up 0 Vote down

Cancel
0 Thomas Coding over 4 years ago in reply to 42Bastian Schick

It is run in QEMU mp2-an521 machine, and debugger is GDB

I make an endless loop in nsc_call, add break in two places, one is this loop and another is Hard_Fault_Handler, let it run, it break in Hard_Fault_Handler, so I think it don't enter nsc endless loop.

nsc code:

nsc_call:

sg

b .

run result:

BTW, Why SG instruction can't "step"?

Thanks.
Cancel
Vote up 0 Vote down

Cancel
0 42Bastian Schick over 4 years ago in reply to Thomas Coding

I misinterpreted "based on", thought some kind of program.
How sure can you be that QEMU is correct?
Cancel
Vote up 0 Vote down

Cancel
+1 Thomas Coding over 4 years ago in reply to 42Bastian Schick

Found the reason, IDAU not configure caused this problem

MP2-AN521 IDAU some items are configurable. This memory not configured as NSC by default. Even if SAU is configured, it will not take effect. After config IDAU NSCCFG register. It can work.

Arm doc:

corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0200_00_en.pdf

NSCCFG

The Non-secure Callable Configuration register allows software to define callable regions of memory. The register can do this if the Secure Code region is 0x1000_0000 to 0x1FFF_FFFF and the Secure RAM region is 0x3000_0000 to 0x3FFF_FFFF.

Thanks.
Cancel
Vote up +2 Vote down

Cancel