1 ACCEPTED SOLUTION
Accepted Solutions
Hi,
Basically we started to develop the X-CUBE-SBSFU package for NUCLEO-L476RG.
Then, we generalized it.
1) Why SE_CoreBin?
On Nucleo-L476RG, the protected code runs in the Firewall enclave.
We must respect the following constraints:
- All required code must be contained in the firewall
- no instruction fetch outside the FWALL
Besides, the Secure Engine code requires some HAL functions (ex: CRC, FLASH) and HAL is also used by SBSFU.
To avoid code duplication/renaming and to have clear boundaries we have decided to instantiate Secure Engine as a separate binary: this is SECoreBin.
This is only a design choice.
Then, this concept is enforced regardless of the security mechanism used to isolate Secure Engine from the rest of the code.
2) Why a call gate with the MPU isolation ?
The call gate concept is kept for all platforms, even when no firewall is used, because it is a common way to have single entry and exit points for the privileged code.
Besides, the SE_CoreBin project is also kept to avoid differences in the examples.
So, this is only a way to limit the changes when porting X-CUBE-SBSFU from one platform to another.
This way, the "software architecture" remains the same, though the underlying hardware IPs used to implement the securities (like the isolation) are different.
In turn, the way to perform the isolation follows the same "philosophy" with a clear split between the 2 worlds and a single place to manage the transitions (and control the parameters...):
Hi,
Basically we started to develop the X-CUBE-SBSFU package for NUCLEO-L476RG.
Then, we generalized it.
1) Why SE_CoreBin?
On Nucleo-L476RG, the protected code runs in the Firewall enclave.
We must respect the following constraints:
- All required code must be contained in the firewall
- no instruction fetch outside the FWALL
Besides, the Secure Engine code requires some HAL functions (ex: CRC, FLASH) and HAL is also used by SBSFU.
To avoid code duplication/renaming and to have clear boundaries we have decided to instantiate Secure Engine as a separate binary: this is SECoreBin.
This is only a design choice.
Then, this concept is enforced regardless of the security mechanism used to isolate Secure Engine from the rest of the code.
2) Why a call gate with the MPU isolation ?
The call gate concept is kept for all platforms, even when no firewall is used, because it is a common way to have single entry and exit points for the privileged code.
Besides, the SE_CoreBin project is also kept to avoid differences in the examples.
So, this is only a way to limit the changes when porting X-CUBE-SBSFU from one platform to another.
This way, the "software architecture" remains the same, though the underlying hardware IPs used to implement the securities (like the isolation) are different.
In turn, the way to perform the isolation follows the same "philosophy" with a clear split between the 2 worlds and a single place to manage the transitions (and control the parameters...):
