2023-09-15 03:41 AM
Ask this at arm.com, but maybe it is STM32U5 specific:
I try run an unprivileged application in secure mode and get a strange behavior:
STM32U5 has TZ enabled, all application runs in secure mode.
1) LR = 0xffff_fff9, CONTROL = 1 => BX LR increments the SP, but all registers become 0 (including PC and XPSR!)
2) When setting CONTROL = 1 and executing SVC, SP is decremented correctly, but nothing is stored on the stack?
I check all errata I could find, but no hint.
If TZ is disabled, the system behaves normal.
Solved! Go to Solution.
2023-09-28 07:21 AM - edited 2023-09-28 07:22 AM
Ok, it is getting complicated. Here more pictures.
Anyway, at HelloSciopta you have this:
In my test, I set a breakpoint 0xC0021E8, registers/stack:
Single step "svc" instruction, new registers:
As you see, R13 is reduced by 0x20, r0-r3 ... stored to the stack.
Now restart to breakpoint. Change CONTROL to 1 (via Debugger) and singlestep:
Again, r13 is reduced by 0x20, but the stack contents was not modified.
Regarding security settings: These are identical for both use cases and I cannot find a single hint, that would explain why there is no content written.
BTW:
Only privileged software can write to the CONTROL register to change the privilege level for software execution in Thread mode. Unprivileged software can use the SVC instruction to make a Supervisor Call to transfer control to privileged software. Here is the PM of the STM32 Cortex -M33 in case
This is not the issue here.
2023-10-10 02:23 AM - edited 2023-10-10 05:49 AM
I had exactly the same problem.
In my case it works now. The default settings in the SRAM3 GTZC1_MPCBB3_PRIVCFGRx configuration registers allow only privileged access (with enabled TrustZone). After setting these configuration registers to 0 it works.
2023-10-10 05:14 AM
Unfortunately no news from ST. I had no time yet to check other CM33 controllers to verify if it is a STM or a CM33 problem.
According to the Cortex-M23/M33 book it should be possible w/o any special handling.
2023-10-10 07:10 AM
I think this is STM32U5 specific. ST adds "Resource isolation improvements" on top of the ARMv8-M TrustZone. These improvements allow a block-based secure and privilege configuration for internal SRAM.
See page 8 on the STM32U5-Security-Overview (SECOVW) presentation.
2023-10-10 08:42 AM - edited 2023-10-10 08:43 AM
I guess that is it. From the STM32U5 manual
5.4.2
...
* llegal unprivileged access
Any unprivileged transaction trying to access a privileged resource is considered as
illegal. There is no illegal access event generated for illegal read and write access. The
addressed resource follows a silent-fail behavior, returning all zero data for read and
ignoring any write. No bus error is generated. A bus error is generated when any
unprivileged execute transaction tries to access a privileged memory.