Introduction

Considering that non-secure world may need to access resources in secure world sometimes, secure world can provide some secure services which can be accessed by non-secure world.

In the Arm architecture, synchronous control is transferred between the normal non-secure state and the secure state through Secure Monitor Call (SMC) exceptions. SMC exceptions are generated by the SMC instruction, and handled by the Secure Monitor. The operation of the Secure Monitor is determined by the parameters that are passed in through registers.

So under FreeRTOS & ATF-SP_MIN environment, the system can enter the monitor mode by SMC, and A 32-bit integer that identifies which function is being invoked by this SMC will be passed in R0 into every SMC, service in secure world can be provided by different function IDs.

Refer to ARM’s documents for more information about SMC conventions.

AP Secure Service Demo

The AP secure service demo locates in {SDK}\component\example\peripheral\raw\CA32TrustZone\src\main.c.

Related files:

  • rtk_smc_handler: locates in {SDK}\component\soc\amebasmart\atf\plat\realtek\sheipa\service\rtk_svc_setup.c

  • Secure service code: locates in {SDK}\component\soc\amebasmart\atf\plat\realtek\sheipa\service\bsec_svc.c

  • Header files: locate in {SDK}\component\soc\amebasmart\atf\plat\realtek\sheipa\include

File

Description

rtk_svc_setup.c

Secure code, contains rtk_smc_handler

bsec_svc.c

Secure code, provides secure service which can be achieved by non-secure world

main.c

Non-secure code, shows how to achieve secure service by SMC

rtk_svc_setup.h

Provides smc_fid

This demo shows how to achieve secure service from non-secure code. Users can refer to the demo to add codes according to their requirements. Function ID 0x8200_0001 is used in the demo code which locates in SiP Services Calls (0x8200_0000 ~ 0x8200_FFFF).

To build this demo, follow these steps:

  1. Copy main.c to \amebasmart_gcc_project\project_ap\src and override the original one.

  2. Generate and download images.

  3. Reset the device.

When boot is successful, secure test here would be printed in the boot log.

Note

When the CPU enters monitor mode by SMC, all IRQs will be masked, and can be handled until back to non-secure world.