I am using CortexM23 with TrustZone enabled I wanted to write a secure program, but I failed. These are what I did:
By the way, I am using uvision Keil 5.
But things were not working as expected.
NSC APIs are fine, there are NSC entries in Veneer region defined by me.
Writing to SCB_NS->VTOR failed. I did not see any changes in that memory location from Keil. I cannot change the the the memory content of that location with debugger, either.
Then I checked the address of non-secure vector table with TT instruction, to see if it is really non-secure. And this is what I got:
I realize that memory partition also failed. So I checked my partition function. I found out that SAU registers are not changed, just like SCB_NS.
After this line of code " SAU->RLAR = (SAU_INIT_END1 & SAU_RLAR_LADDR_Msk);" SAU->RLAR should contain SAU_INIT_END1, but I did not see anything in that location.
I checked the disassembly code, and I did not find any error. it is just STR, the value and destination are also correct.
It seems that the CPU is not aware of the existence of TZ, and refuses all access to "unknown" address. But no Hardfault or any other exceptions are generated.
I have some confusions:
What CPU? You just mention the core, but not the SoC.
Thank you for the reply! It is a virtual prototype of a product under development... It is a microcontroller for motors, I don't know what CPU is used. But you mentioned CPU, so CPU will probably cause this?
I know of SoCs where TrustZone can be disabled. So maybe the virtual prototype does it as well.
Check ID_PFR1 register. Bits 7:4 should be 0b0001 if security is enabled.
As ID_PFR1 is not instantiated in m23 I checked its memory location directly using debugger memory window. And the debugger shows they are all zero.
If there is nothing wrong with the debugger, then I am sure security is disabled.
I guess it is done by virtual prototype. I will contact them are get their support. Thanks a lot!
I have fixed this issue. The virtual prototype is using M23 fast model, and when they generate the model, they did not enable TrustZone.
In the model there is a option like "SECEXT", not sure about the name. It is next to SAU options. Enable it and everything will be fine.