cancel
Showing results for 
Search instead for 
Did you mean: 

Cortex-M33/STM32U5 - unprivileged mode in secure not working?!

42Bastian Schick
Associate III

Ask this at arm.com, but maybe it is STM32U5 specific:

I try run an unprivileged application in secure mode and get a strange behavior:

STM32U5 has TZ enabled, all application runs in secure mode.

1) LR = 0xffff_fff9, CONTROL = 1 => BX LR increments the SP, but all registers become 0 (including PC and XPSR!)

2) When setting CONTROL = 1 and executing SVC, SP is decremented correctly, but nothing is stored on the stack?

I check all errata I could find, but no hint.

If TZ is disabled, the system behaves normal.

14 REPLIES 14
42Bastian Schick
Associate III

Ok, it is getting complicated. Here more pictures.

Anyway, at HelloSciopta you have this:

42BastianSchick_0-1695909766576.png

In my test, I set a breakpoint 0xC0021E8, registers/stack:

42BastianSchick_1-1695910331397.png

Single step "svc" instruction, new registers:

42BastianSchick_2-1695910389756.png

As you see, R13 is reduced by 0x20, r0-r3 ... stored to the stack.

Now restart to breakpoint. Change CONTROL to 1 (via Debugger) and singlestep:

42BastianSchick_3-1695910497308.png

Again, r13 is reduced by 0x20, but the stack contents was not modified.

Regarding security settings: These are identical for both use cases and I cannot find a single hint, that would explain why there is no content written.

BTW:

Only privileged software can write to the CONTROL register to change the privilege level for software execution in Thread mode. Unprivileged software can use the SVC instruction to make a Supervisor Call to transfer control to privileged software. Here is the PM of the STM32 Cortex -M33 in case

 This is not the issue here.

I had exactly the same problem.
In my case it works now. The default settings in the SRAM3 GTZC1_MPCBB3_PRIVCFGRx configuration registers allow only privileged access (with enabled TrustZone). After setting these configuration registers to 0 it works.

42Bastian Schick
Associate III

Unfortunately no news from ST. I had no time yet to check other CM33 controllers to verify if it is a STM or a CM33 problem.

According to the Cortex-M23/M33 book it should be possible w/o any special handling.

I think this is STM32U5 specific. ST adds "Resource isolation improvements" on top of the ARMv8-M TrustZone. These improvements allow a block-based secure and privilege configuration for internal SRAM.

See page 8 on the STM32U5-Security-Overview (SECOVW) presentation.

42Bastian Schick
Associate III

I guess that is it. From the STM32U5 manual

5.4.2

...

* llegal unprivileged access
Any unprivileged transaction trying to access a privileged resource is considered as
illegal. There is no illegal access event generated for illegal read and write access. The
addressed resource follows a silent-fail behavior, returning all zero data for read and
ignoring any write. No bus error is generated. A bus error is generated when any
unprivileged execute transaction tries to access a privileged memory.