You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2021/03/01 18:32:29 UTC

[GitHub] [incubator-nuttx] michi-jung opened a new pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

michi-jung opened a new pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944


   ## Summary
   
   With TrustZone support in armv8-m the bit-fields in EXC_RETURN have been
   extended.  Bit 6 ('S') now specifies whether the interrupted program was
   running in the Non-Secure (S=0) or Secure (S=1) security state.
   Furthermore, Bit 0 ('ES' - Exception Secure) specifies the
   security state athe exception is taken to (0: Non-Secure, 1: Secure).
   
   When NuttX is run together with TrustedFirmware-M as the application in
   the non-secure world both the S and the ES bits have to be set to '0'.
   For armv8-m those are also the correct values if TrustZone is not
   implemented on the respective MCU or if it is disabled.
   
   ## Impact
   
   Required change to run NuttX in the TrustZone non-secure security state.
   
   Should have no impact if NuttX is run with TrustZone disabled.
   
   I am not aware of any configuration that is running NuttX in the TrustZone secure security state. If there are any then this change will probably break them. In this case we should probably make this configurable.
   
   ## Testing
   
   Tested with TrustZone disabled and with running NuttX in the non-secure world of TrustedFirmware-M


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] xiaoxiang781216 commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
xiaoxiang781216 commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788775754


   Let wait @acassis feedback.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] xiaoxiang781216 edited a comment on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
xiaoxiang781216 edited a comment on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788641354


   We haven't run nuttx on secure side yet, so the change work well with our hardware. Since there maybe more work to run nuttx on the secure side, it's fine to unsupport the secure case now.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] acassis merged pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
acassis merged pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] acassis edited a comment on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
acassis edited a comment on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788181190


   Hi @michallenc I think it would be nice if you could create an Enable TrustZone option and keep this modification dependent on it. Probably Xiaomi or other company are using it internally. So, instead of just disabling it please keep it configurable (BTW the default could be disabled)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] acassis commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
acassis commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788802525


   thank you @michi-jung and @xiaoxiang781216 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] acassis commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
acassis commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788181190


   Hi @michallenc I think it should be nice if you could to create an Enable TrustZone option and keep this modification dependent on it. Probably Xiaomi or other company are using it internally. So, instead of just disabling it please keep it configurable (BTW the default could be disabled)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] xiaoxiang781216 commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
xiaoxiang781216 commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788641354


   We haven't run nuttx on secure side yet, so the change work well with our hardware.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
michi-jung commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788193696


   Hi @acassis, I think it is not necessary to make this configurable. I believe these are the correct values for both running with TrustZone disabled and enabled. The only setup that might make a configuration option necessary is if somebody is runnning NuttX in the secure state with TrustZone enabled (To my understanding this in conflict with the general idea of TrustZone: There should be some very restricted code running in secure state (such as TrustedFirmware-M) and the RTOS and application code should run in the non-secure state). It would be nice if @xiaoxiang781216 could have a look at this pull request.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung commented on pull request #2944: armv8-m: Fix EXC_RETURN for non-secure usage

Posted by GitBox <gi...@apache.org>.
michi-jung commented on pull request #2944:
URL: https://github.com/apache/incubator-nuttx/pull/2944#issuecomment-788749176


   Thanks for your feedback, @acassis and @xiaoxiang781216! Do I have to take any further steps to get this pull request merged?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org