cortex-m
cortex-m copied to clipboard
rust-embedded
Support Secure Mode for Armv8-m (e.g. Secture Interrupt Vector Table)
TrustZone in Armv8-m processors like the Cortex-M23 and Cortex-M33 supports a second 'secure' copy of registers like SysTick and VTOR. It also supports a second interrupt vector table.
I'd like to add support, but it should be behind a feature flag as not all Cortex-M23/33 implementations support Secure Mode.
References:
- https://community.arm.com/cfs-file/__key/telligent-evolution-components-attachments/01-2057-00-00-00-01-28-35/Cortex_2D00_M-for-Beginners-2D00-2017_5F00_EN_5F00_v2.pdf
- http://infocenter.arm.com/help/topic/com.arm.doc.ddi0550c/Cihjajhi.html
Any news on this topic? We try to integrate the TZ features for Rust on the nRF9160 sip.
Hi @tothero ! I am currently working (on the side) on enabling more and more TrustZone-M features in the Rust Embedded ecosystem. The two big ones right now are:
- support for the SAU which allows you to separate your memory space between Secure and Non-Secure
- support for the CMSE intrinsics which allows you to test if the Non-Secure side has rights to read/write a particular memory location
There is more to come and it's all slowly coming together 😃
Hi, good to know that there is some progress :-)
Beside your topics these would also be from interest:
- Automatic Import lib with veneer function entries creation during building the secure image.
- Special output linker section support for the veneers to be defined as NSC.
Some times ago i wrote an overview article how the needed things are handled in the gcc @ https://www.lobaro.com/using-the-armv8-m-trustzone-with-gcc/
Quick question - I see SAU support has been added for Cortex-M23/33 but I cant figure out a way to link non-secure and secure projects in Rust. My program flow is as follows -
- Upon boot, the processor defaults to its
secure state. - We configure SAU to split the entire memory map into one of NS, S, NSC memory regions.
- Add the compiler attribute (for now I'm only testing
cmse_nonsecure_entry) to a test secure function. - Build the secure project.
But after this, how do I tell my non-secure project where to find the veneer function that acts a gateway to the actual secure function.
I've done this by getting the address from an objdump, and casting a literal integer to a function reference type and calling that function.
But after this, how do I tell my non-secure project where to find the veneer function that acts a gateway to the actual secure function.
This step would normally be done by the linker. It would name the veneer with the same name as the secure function so that Non-Secure code can just call it normally. Internally, the actual Secure Function is renamed and called by the veneer after doing the necessary prerequisites.
I say "normally" here because the cmse_nonsecure_entry is not yet supported 😢 But I am working on this actively now and will try to have at least something started by the end of the month.
The cmse_nonsecure_entry attribute is now in and see rust-embedded/cortex-m-rt#297 as well!
I wrote an example to use Rust to write Secure and Non-Secure World applications with TrustZone: https://github.com/luojia65/trustzone-m-rs
