1

I am running an Operating System that uses a ARM Cortex processor on a FPGA. To be able to access this region of memory on this board, I need to be running a secure world. I was told I need to use a Secure Monitor call to enter a secure world. If I am not in a secure world, the Arm Trusted Firmware blocks my Operating System, and gives me a Signal 2 Interrupt.

How can I use a SMC? Is there an example somewhere of implementing this?

Thanks

Chris
  • 361
  • 1
  • 4
  • 17
  • http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf – Michael Dorgan Dec 06 '19 at 17:58
  • and https://stackoverflow.com/questions/46820340/how-to-interpret-arms-smc-calls – Michael Dorgan Dec 06 '19 at 17:59
  • Does this answer your question? [How to interpret ARM's SMC calls?](https://stackoverflow.com/questions/46820340/how-to-interpret-arms-smc-calls) – Gaslan Dec 06 '19 at 19:28
  • Also look at the [trust-zone tag wiki](https://stackoverflow.com/tags/trust-zone/info). It is a fairly complex topic. It maybe possible to give the normal world access to the FPGA, but it depends on the bus topology and if the FPGA is a smart slave or is access brokered by some other peripheral like a TZASC, etc. – artless noise Dec 07 '19 at 19:53

1 Answers1

2

I understood your question as 'How can I implement an ARM Secure Monitor Call (SMC) so that I may access a specific region of my system from a software not running at EL3' - If you want to know how to use an existing SMC call, you were already answered in Michael Dorgan's first comment.

If not, you need to implement your own SMC call in the software running at EL3 that was executed at the time your system booted. In a typical Aarch64 system, the BL31 part of the Arm Trusted Firmware would be responsible for this, and ATF seems to be what your system is running.

An example for an implementation would be the SMC handlers for the ZynqMP IPI mailbox doorbell service located here.

Bottomline, you should:

  • retrieve the source code for the Arm Trusted Firmware your system is running,
  • implement your own set of SMC calls using, say, the IPI mailbox doorbell service example,
  • recompile Arm Trusted Firmware for your platform,
  • upgrade your system,
  • test.

Since your platform is using ATF, it may be supported by this code. Otherwise, your silicon/board vendor should provide its source code for your platform.

I hope this helps.

Frant
  • 5,382
  • 1
  • 16
  • 22
  • Thank you so much for this answer. Can you explain a little more about what the ZynqMP IPI mailbox does? Is there any reference material that will help me parse through this? I need something that runs on EL0, to access a region of memory that will only get access if I am in EL3. Does the SMC get called in EL0 or EL3? Thanks – Chris Dec 06 '19 at 21:40
  • 1
    I don't know exactly what the ZynqMP IPI mailbox is for, but you can refer to the ZyngMP reference manual. [Trusted Firmware Deep Dive](https://www.linaro.org/app/resources/Connect%20Events/Trusted_Firmware_Deep_Dive_v1.0_.pdf) is an excellent presentation. This along with the ZynqMP IPI mailbox code and the ZynqMP documentation should suffice.The SMC service will run at EL3 once called. Again, I suggest you read the Linaro presentation. What is the exact processor you are working with ? – Frant Dec 07 '19 at 17:25
  • I am using the ARM Cortex A53, and the board is the Xilinx MPSoc Ultrascale + ZCU102. The OS I'm running is VxWorks. If I'm running an application, and I want to access this region of memory, I use a SMC in my EL0 code, which then makes my application to EL3, and then I could access this region of memory correct? After I read/write, how does my application go back to EL0? Thanks again Frant, this is a big help. – Chris Dec 08 '19 at 18:27
  • The code has to run at least at EL1 in order to be able to use the [SMC](https://developer.arm.com/docs/ddi0596/e/base-instructions-alphabetic-order/smc-secure-monitor-call) instruction. I don't know which EL VxWorks is running at, but under Linux, you would write a driver (Linux is running at EL1) that would be able to use the SMC instruction to call your custom SMC handler. A user program (running at EL0) could use the driver's IOCTL for accessing the service through the driver. You should probably refer to your VxWorks documentation. – Frant Dec 09 '19 at 03:42
  • My code that's running at EL0, calls the driver(EL1), has to call the SMC handler that is defined in the ATF correct? I see a bunch of SMC handler's in the ATF source code. – Chris Dec 09 '19 at 23:51
  • Yes, this would be the plan when using Linux I guess: the EL0 code would call the driver running at EL1. The driver code could then call your custom service (implemented in your custom ATF) running at EL3 by using the SMC instruction. You should refer to the documention on the Aarch64 port of VxWorks. Please note that I don't have first hand experience of implementing this scheme. – Frant Dec 10 '19 at 18:37
  • Interesting. Thank you Frant! I'll see what i can do with that. – Chris Dec 15 '19 at 19:41