FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cortex-M33/STM32U5 - unprivileged mode in secure not working?!

Go to solution
42Bastian Schick
Associate III

‎2023-09-15 03:41 AM

Ask this at arm.com, but maybe it is STM32U5 specific:

I try run an unprivileged application in secure mode and get a strange behavior:

STM32U5 has TZ enabled, all application runs in secure mode.

1) LR = 0xffff_fff9, CONTROL = 1 => BX LR increments the SP, but all registers become 0 (including PC and XPSR!)

2) When setting CONTROL = 1 and executing SVC, SP is decremented correctly, but nothing is stored on the stack?

I check all errata I could find, but no hint.

If TZ is disabled, the system behaves normal.

Labels:
0 Kudos
14 REPLIES 14
Go to solution
42Bastian Schick
Associate III

‎2023-09-28 07:21 AM - edited ‎2023-09-28 07:22 AM

Ok, it is getting complicated. Here more pictures.

Anyway, at HelloSciopta you have this:

42BastianSchick_0-1695909766576.png

In my test, I set a breakpoint 0xC0021E8, registers/stack:

42BastianSchick_1-1695910331397.png

Single step "svc" instruction, new registers:

42BastianSchick_2-1695910389756.png

As you see, R13 is reduced by 0x20, r0-r3 ... stored to the stack.

Now restart to breakpoint. Change CONTROL to 1 (via Debugger) and singlestep:

42BastianSchick_3-1695910497308.png

Again, r13 is reduced by 0x20, but the stack contents was not modified.

Regarding security settings: These are identical for both use cases and I cannot find a single hint, that would explain why there is no content written.

BTW:

Only privileged software can write to the CONTROL register to change the privilege level for software execution in Thread mode. Unprivileged software can use the SVC instruction to make a Supervisor Call to transfer control to privileged software. Here is the PM of the STM32 Cortex -M33 in case

 This is not the issue here.

0 Kudos
Go to solution
RBaur
Associate
In response to 42Bastian Schick

‎2023-10-10 02:23 AM - edited ‎2023-10-10 05:49 AM

I had exactly the same problem.
In my case it works now. The default settings in the SRAM3 GTZC1_MPCBB3_PRIVCFGRx configuration registers allow only privileged access (with enabled TrustZone). After setting these configuration registers to 0 it works.

0 Kudos
Go to solution
42Bastian Schick
Associate III

‎2023-10-10 05:14 AM

Unfortunately no news from ST. I had no time yet to check other CM33 controllers to verify if it is a STM or a CM33 problem.

According to the Cortex-M23/M33 book it should be possible w/o any special handling.

0 Kudos
Go to solution
RBaur
Associate
In response to 42Bastian Schick

‎2023-10-10 07:10 AM

I think this is STM32U5 specific. ST adds "Resource isolation improvements" on top of the ARMv8-M TrustZone. These improvements allow a block-based secure and privilege configuration for internal SRAM.

See page 8 on the STM32U5-Security-Overview (SECOVW) presentation.

Go to solution
42Bastian Schick
Associate III

‎2023-10-10 08:42 AM - edited ‎2023-10-10 08:43 AM

I guess that is it. From the STM32U5 manual

5.4.2

...

* llegal unprivileged access
Any unprivileged transaction trying to access a privileged resource is considered as
illegal. There is no illegal access event generated for illegal read and write access. The
addressed resource follows a silent-fail behavior, returning all zero data for read and
ignoring any write. No bus error is generated. A bus error is generated when any
unprivileged execute transaction tries to access a privileged memory.

Top