We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
Hi !
I'm currently designing a secure monitor for an ARMv7 chip (i.MX6 from NXP, cortex A9 inside) and I'm thinking on a secure way to deal with asynchronous external aborts.
As I explained in a previous question, I sometime face the following situation:
- normal world is executing some code that will generate an asynchronous external abort
- a world switch (non-secure to secure) happens _before_ the external abort is actually generated
- the external abort will trigger during the secure kernel or a secure application
My goal is to be sure that, when I exit the secure monitor back to the secure world, no external abort can happen because of the normal world.
Most of the time, a simple 'check the ISR register' is enough because the abort will be triggered during the execution of the secure monitor, but I also face situation where the external abort is only triggered _after_ the secure monitor has finished switching.
Now, I'm wondering if there is a way to be 100% sure that no asynchronous EA are pending, while I'm in the secure monitor. My current solution is the following is to issue a "dsb; isb" sequence before checking the ISR, but I'd like to be sure it is a valid solution to my problem.
Best regards,
Vincent