You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by je...@apache.org on 2021/10/26 17:04:20 UTC

[mynewt-core] 09/10: mcu/nrf5340: Add system start for non-secure application

This is an automated email from the ASF dual-hosted git repository.

jerzy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git

commit a8cd86b2fd5960a6a63ff4fd275cab4d45b2f816
Author: Jerzy Kasenberg <je...@codecoup.pl>
AuthorDate: Wed Oct 20 16:38:40 2021 +0200

    mcu/nrf5340: Add system start for non-secure application
    
    This modifies hal_system_start() to execute non-secure code.
    
    Bootloader that runs secure code changes peripheral/memory permissions
    to non-secure before jumping to application code.
    Interrupts are also marked as unsecure.
---
 hw/mcu/nordic/nrf5340/pkg.yml                |  2 +
 hw/mcu/nordic/nrf5340/src/hal_system_start.c | 91 ++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)

diff --git a/hw/mcu/nordic/nrf5340/pkg.yml b/hw/mcu/nordic/nrf5340/pkg.yml
index 4ffbaec..b1dd4c9 100644
--- a/hw/mcu/nordic/nrf5340/pkg.yml
+++ b/hw/mcu/nordic/nrf5340/pkg.yml
@@ -40,6 +40,8 @@ pkg.cflags.NFC_PINS_AS_GPIO:
 
 pkg.cflags.GPIO_AS_PIN_RESET:
     - '-DCONFIG_GPIO_AS_PINRESET=1'
+pkg.cflags:
+    - -mcmse
 
 pkg.deps.UART_0:
     - "@apache-mynewt-core/hw/drivers/uart/uart_hal"
diff --git a/hw/mcu/nordic/nrf5340/src/hal_system_start.c b/hw/mcu/nordic/nrf5340/src/hal_system_start.c
index 3a2066b..fca96a4 100644
--- a/hw/mcu/nordic/nrf5340/src/hal_system_start.c
+++ b/hw/mcu/nordic/nrf5340/src/hal_system_start.c
@@ -22,6 +22,95 @@
 #include <mcu/cortex_m33.h>
 #include <mcu/nrf5340_hal.h>
 
+#if MCUBOOT_MYNEWT
+#include <bootutil/bootutil.h>
+#endif
+#include <os/util.h>
+
+#if MYNEWT_VAL(BOOT_LOADER) && !MYNEWT_VAL(MCU_APP_SECURE)
+
+struct periph_id_range {
+    uint8_t first;
+    uint8_t last;
+};
+
+/* Array of peripheral ID ranges that will be set as unsecure before bootloader jumps to application code */
+static const struct periph_id_range ns_peripheral_ids[] = {
+    { 0, 0 },
+    { 4, 6 },
+    { 8, 12 },
+    { 14, 17 },
+    { 20, 21 },
+    { 23, 36 },
+    { 38, 38 },
+    { 40, 40 },
+    { 42, 43 },
+    { 45, 45 },
+    { 48, 48 },
+    { 51, 52 },
+    { 54, 55 },
+    { 57, 57 },
+    { 66, 66 },
+    { 128, 129 },
+};
+
+void
+hal_system_start(void *img_start)
+{
+    int i;
+    int j;
+    int range_count;
+    struct flash_sector_range sr;
+    uintptr_t *img_data;
+    /* Number of 16kB flash regions used by bootloader */
+    int bootloader_flash_regions;
+    __attribute__((cmse_nonsecure_call, noreturn)) void (* app_reset)(void);
+
+    /* Mark selected peripherals as unsecure */
+    for (i = 0; i < ARRAY_SIZE(ns_peripheral_ids); ++i) {
+        for (j = ns_peripheral_ids[i].first; j <= ns_peripheral_ids[i].last; ++j) {
+            if (((NRF_SPU->PERIPHID[j].PERM & SPU_PERIPHID_PERM_PRESENT_Msk) == 0) ||
+                ((NRF_SPU->PERIPHID[j].PERM & SPU_PERIPHID_PERM_SECUREMAPPING_Msk) < SPU_PERIPHID_PERM_SECUREMAPPING_UserSelectable)) {
+                continue;
+            }
+            NRF_SPU->PERIPHID[j].PERM &= ~SPU_PERIPHID_PERM_SECATTR_Msk;
+        }
+    }
+
+    /* Route exceptions to non-secure, allow software reset from non-secure */
+    SCB->AIRCR = 0x05FA0000 | (SCB->AIRCR & (~SCB_AIRCR_VECTKEY_Msk | SCB_AIRCR_SYSRESETREQS_Msk)) | SCB_AIRCR_BFHFNMINS_Msk;
+    for (i = 0; i < ARRAY_SIZE(NVIC->ITNS); ++i) {
+        NVIC->ITNS[i] = 0xFFFFFFFF;
+    }
+
+    /* Mark non-bootloader flash regions as non-secure */
+    flash_area_to_sector_ranges(FLASH_AREA_BOOTLOADER, &range_count, &sr);
+    bootloader_flash_regions = (sr.fsr_sector_count * sr.fsr_sector_size) / 0x4000;
+
+    for (i = bootloader_flash_regions; i < 64; ++i) {
+        NRF_SPU->FLASHREGION[i].PERM &= ~SPU_FLASHREGION_PERM_SECATTR_Msk;
+    }
+
+    /* Mark RAM as non-secure */
+    for (i = 0; i < 64; ++i) {
+        NRF_SPU->RAMREGION[i].PERM &= ~SPU_FLASHREGION_PERM_SECATTR_Msk;
+    }
+
+    /* Move DPPI to non-secure area */
+    NRF_SPU->DPPI->PERM = 0;
+
+    /* Move GPIO to non-secure area */
+    NRF_SPU->GPIOPORT[0].PERM = 0;
+    NRF_SPU->GPIOPORT[1].PERM = 0;
+
+    img_data = img_start;
+    app_reset = (void *)(img_data[1]);
+    __TZ_set_MSP_NS(img_data[0]);
+    app_reset();
+}
+
+#else
+
 /**
  * Boots the image described by the supplied image header.
  *
@@ -41,6 +130,8 @@ hal_system_start(void *img_start)
                   : "r" (img_data[0]), "r" (img_data[1]));
 }
 
+#endif
+
 /**
  * Boots the image described by the supplied image header.
  * This routine is used in split-app scenario when loader decides