Hi !
I'm currently designing a secure monitor for an ARMv7 chip (i.MX6 from NXP, cortex A9 inside) and I'm thinking on a secure way to deal with asynchronous external aborts.
As I explained in a previous question, I sometime face the following situation:
- normal world is executing some code that will generate an asynchronous external abort
- a world switch (non-secure to secure) happens _before_ the external abort is actually generated
- the external abort will trigger during the secure kernel or a secure application
My goal is to be sure that, when I exit the secure monitor back to the secure world, no external abort can happen because of the normal world.
Most of the time, a simple 'check the ISR register' is enough because the abort will be triggered during the execution of the secure monitor, but I also face situation where the external abort is only triggered _after_ the secure monitor has finished switching.
Now, I'm wondering if there is a way to be 100% sure that no asynchronous EA are pending, while I'm in the secure monitor. My current solution is the following is to issue a "dsb; isb" sequence before checking the ISR, but I'd like to be sure it is a valid solution to my problem.
Best regards,
Vincent