I tried to switch between secure and non-secure on M33. Based on the qemu mps2-an521 platform, with sau configured, the security can be switched to the non-secure state, and then I tried to switch to the secure state through the SG instruction, but it failed.
0x0200_0000 - 0x003F_FFFF (non-secure)
0x1000_0000 - 0x100F_FFFF (secure)
0x1010_0000 - 0x101F_FFFF (non-secure callable)
SAU->RBAR = 0x10100000;
SAU->RLAR = 0x101FFFE3;
} > RAM
non-secure caller code:
ldr r0, =0x10100001;
When the line of code 'bx r0' is executed, it will enter the secure world hard fault.
Any reason why this is occurring? I don’t know how to continue.
Thanks for any clues or suggestions.
Are you stepping? Did you try an endless loop in nsc_call and let the CPU just run?
Thanks for reply.
Yes, I used GDB stepping. After execute SG instruction, it jump to Hard Fault Handler.
I do not think that you can "step" SG. Is it a JTAG debugger? I'd make an endless loop in nsc_call(), let run, then break.
It is run in QEMU mp2-an521 machine, and debugger is GDB
I make an endless loop in nsc_call, add break in two places, one is this loop and another is Hard_Fault_Handler, let it run, it break in Hard_Fault_Handler, so I think it don't enter nsc endless loop.
BTW, Why SG instruction can't "step"?
I misinterpreted "based on", thought some kind of program. How sure can you be that QEMU is correct?
Found the reason, IDAU not configure caused this problem
MP2-AN521 IDAU some items are configurable. This memory not configured as NSC by default. Even if SAU is configured, it will not take effect. After config IDAU NSCCFG register. It can work.
The Non-secure Callable Configuration register allows software to define callable regions of memory. The register can do this if the Secure Code region is 0x1000_0000 to 0x1FFF_FFFF and the Secure RAM region is 0x3000_0000 to 0x3FFF_FFFF.