You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by je...@apache.org on 2021/11/02 05:55:28 UTC
[mynewt-core] branch master updated: mcu/nrf5340: Clear RAM before
switching to non-secure
This is an automated email from the ASF dual-hosted git repository.
jerzy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
The following commit(s) were added to refs/heads/master by this push:
new a5f994c mcu/nrf5340: Clear RAM before switching to non-secure
a5f994c is described below
commit a5f994ce192ef11c8cec877bcb44fa8b0498cb27
Author: Jerzy Kasenberg <je...@codecoup.pl>
AuthorDate: Thu Oct 28 15:48:01 2021 +0200
mcu/nrf5340: Clear RAM before switching to non-secure
To prevent information leak from ARM TrusZone secure to non-secure code,
on-secure RAM (whole as of now) is cleared before switching to non-secure mode.
---
hw/mcu/nordic/nrf5340/src/hal_system_start.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/hw/mcu/nordic/nrf5340/src/hal_system_start.c b/hw/mcu/nordic/nrf5340/src/hal_system_start.c
index fca96a4..4ab854e 100644
--- a/hw/mcu/nordic/nrf5340/src/hal_system_start.c
+++ b/hw/mcu/nordic/nrf5340/src/hal_system_start.c
@@ -21,6 +21,7 @@
#include <inttypes.h>
#include <mcu/cortex_m33.h>
#include <mcu/nrf5340_hal.h>
+#include <bsp/bsp.h>
#if MCUBOOT_MYNEWT
#include <bootutil/bootutil.h>
@@ -66,6 +67,8 @@ hal_system_start(void *img_start)
int bootloader_flash_regions;
__attribute__((cmse_nonsecure_call, noreturn)) void (* app_reset)(void);
+ __disable_irq();
+
/* Mark selected peripherals as unsecure */
for (i = 0; i < ARRAY_SIZE(ns_peripheral_ids); ++i) {
for (j = ns_peripheral_ids[i].first; j <= ns_peripheral_ids[i].last; ++j) {
@@ -103,6 +106,28 @@ hal_system_start(void *img_start)
NRF_SPU->GPIOPORT[0].PERM = 0;
NRF_SPU->GPIOPORT[1].PERM = 0;
+ /*
+ * For now whole RAM is marked as non-secure. To prevent data leak from secure to
+ * non-secure, whole RAM is cleared before starting application code.
+ * Interrupt VTOR for secure world that was previously put in RAM is moved to
+ * flash again.
+ */
+ SCB->VTOR = 0;
+ /*
+ * Normal loop here is inlined by GCC to call to memset hence asm version of
+ * memset that does not use stack (that just get erased).
+ */
+ asm volatile(" add %1, %1, %0 \n"
+ " mov r0, #0 \n"
+ "1: stmia %0!, {r0} \n"
+ " cmp %0, %1 \n"
+ " blt 1b \n"
+ :
+ : "r" (&_ram_start), "r" (RAM_SIZE)
+ : "r0");
+ /* Application startup code expects interrupts to be enabled */
+ __enable_irq();
+
img_data = img_start;
app_reset = (void *)(img_data[1]);
__TZ_set_MSP_NS(img_data[0]);