2023-06-07 11:47 PM
Hello supportTeam,
Have a good day.
we are working on the STM32U585ZIT6Q controller. I turned on the trust zone option in this controller.
I have a few questions about the priority of peripheral interrupts, which I explain below.
1. What happens if an ISR for a secure area peripheral interrupt execution is running while a non-secure region peripheral interrupt is occur?
2. What happens if an ISR for a non secure area peripheral interrupt execution is running while a secure region peripheral interrupt is occur?
3. If both(secure and non-secure) region receive peripheral interrupts at the same time, which secure/non-secure region has a higher priority in terms of peripheral interruptions?
4. According to our project, secure area peripherals should have a higher priority. How can I make this secure region peripheral have a higher priority?
It would be appreciated to share the possible solution so, we can do better development.
Thanks
Hiren R. Thumar
2023-06-08 09:09 AM - edited 2023-11-20 03:40 AM
Hello @HirenThumar2702 ,
This topic is more complex than that, I will try to explain it as clear as I can, please let me know if you need more information.
When an interrupt is taken while the current security state is non-secure and the interrupt source is non-secure, the sequence is the same as V7-M exception mechanism. The caller-saved registers are automatically saved when exception is taken and automatically restored upon execution of the exception return instruction. The Interrupt Service Routine is executed in non-secure state. When an interrupt is taken while the current security state is non-secure and the interrupt source is secure, the unique difference is that the Interrupt Service Routine is executed in secure state. Caller-saved registers are pushed and popped to / from the non-secure stack.
When an interrupt is taken while the current security state is secure and the interrupt source is secure, the sequence is the same as V7-M exception mechanism. The caller-saved registers are automatically saved when exception is taken and automatically restored upon execution of the exception return instruction. The Interrupt Service Routine (ISR) is executed in secure state. When an interrupt is taken while the current security state is secure and the interrupt source is non-secure, then a risk of register contents leak exists, because the general-purpose registers contain secure data. Therefore the microcode in charge of register stacking saves all registers into the secure stack and then writes zero to all of them, prior to starting the execution of the non-secure ISR. 21 clock cycles are needed to achieve this register stacking. Unstacking is performed from the secure stack and restores the contents of all general purpose registers.
This sequence details the tail-chaining from a secure interrupt service routine to a non-secure interrupt service routine. At the beginning, the processor runs in secure state, while a secure interrupt is requested. The microcode saves to the secure stack the caller-saved registers. Then a non-secure interrupt is requested. When the exception return instruction is executed at the end of the secure ISR, the microcode in charge of tail-chaining automatically saves to the secure stack all called-saved registers, so that all general purpose registers (GPR) have been saved. All GPRs are automatically cleared to zero prior to starting the execution of the non-secure interrupt service routine. At the end, when the exception return instruction is executed, the microcode restores all GPRs from the secure stack before resuming the execution of the secure application.
Please find all the information on our online Training about TrustZone .
Best regards,
Aime
2023-06-08 09:46 PM
Hi Amie,
Have a good day.
Thanks for providing this information. I clearly understand as per describe the topic.
Can you provide guidance on case no 4?
4. According to our project, secure area peripherals should have a higher priority. How can I make this secure region peripheral have a higher priority?
"The registers PRIMASK, FAULTMASK and BASEPRI are used for changing the peripheral interrupt priority level of the secure and non-secure region, am I right?"
Thanks
Hiren R. Thumar