Skip to content
Permalink
Browse files

samples: add sample to show how ARC TEE works

* this is a simple sample to show how
 secure applicaiton and non-secure application work
 together. More details are in README.rst

Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
  • Loading branch information...
vonhust authored and ioannisg committed Aug 1, 2019
1 parent 1e2d422 commit 5a0acd51057dad7cf8c6514f5eae99def928e01f
@@ -0,0 +1,8 @@
# SPDX-License-Identifier: Apache-2.0

cmake_minimum_required(VERSION 3.8.2)

include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(arc_secure_services)

target_sources(app PRIVATE src/main.c)
@@ -0,0 +1,126 @@
.. _arc_secure_service:

ARC Secure Service
##################

Overview
********

This sample implements a simple secure service based on ARC SecureShield to
demonstrate how a secure zephyr application runs together with a normal
Zephyr application.

In this sample:

* Secure application will be in the secure memory space defined in
``arc_mpu_regions.c``. Half of RAM and ROM is allocated to secure world,
the other half is allocated to normal world.

* Memory not allocated to the secure application is allocated to
the normal application.

* By default, all the peripheral space is normal mode accessible, i.e.,
the peripherals are shared between normal mode and secure mode. If some
peripherals are required by secure world, it can be done by adding static
mpu entry in ``arc_mpu_regions.c``.

* The interrupts of two internal timers are configure as normal interrupts,
so the normal zephyr's kernel tick can work correctly.

* Secure interrupts priority > secure threads priority > normal interrupts
priority > normal threads priority.


Requirements
************

To use this sample, ARC processor should be equipped with ARC SecureShield. In
Zephyr, the following board configurations are supported:

* em_starterkit_em7d
* secure application: em_starterkit_em7d_secure
* normal application: em_starterkit_em7d_normal
* nsim_sem
* secure application: nsim_sem
* normal application: nsim_sem_normal

Building and Running
********************

Building
========

Secure application
^^^^^^^^^^^^^^^^^^

First, you should build the secure application.

.. zephyr-app-commands::
:zephyr-app: samples/boards/arc_secure_services
:board: em_starterkit_em7d_secure nsim_sem
:goals: build
:compact:

Normal application
^^^^^^^^^^^^^^^^^^

Currently, in normal application, MPU is not accessible, so no user space and
mpu-based stack checking.

Here,take :ref:'dining-philosophers-sample' as an example for normal
application.

.. zephyr-app-commands::
:zephyr-app: samples/philosophers
:board: em_starterkit_em7d_normal nsim_sem_normal
:goals: build
:compact:

Running
=======

* Run using the bootloader

The bootloader should load the secure and normal application into the correct place,
then jump to the entry of the secure application. The entry of normal application
is hardcoded in secure application. Secure application will boot normal application.

* Run using the debugger (recommended)

Use the gdb debugger to load and run the two applications.

For em starter kit, run the following commands

.. code-block:: console

# load secure application first
$ cd samples/boards/arc_secure_services/build
$ west debug
# load normal application
$ monitor load_image ../../../philosophers/build/zepher/zephyr.elf
$ c

For nsim sem, you need two consoles: one for application output, and one for
debugger.

In the console for output:

.. code-block:: console

# open debug server
$ cd samples/boards/arc_secure_services/build
$ west debugserver

In the console for debugger:

.. code-block:: console

# open debug server
$ cd samples/boards/arc_secure_services/build
$ arc-elf32-gdb zephyr/zephyr.elf
$ target remote :3333
# load normal application
$ load ../../../philosophers/build/zepher/zephyr.elf
# load secure application
$ load
$ c
No changes.
@@ -0,0 +1,8 @@
sample:
description: Sample application to verify the secure monitor for
Designware ARC SecureShiled.
name: Designware ARC Secure monitor
tests:
test:
platform_whitelist: nsim_sem em_starterkit_em7d_secure
tags: secure
@@ -0,0 +1,59 @@
/*
* Copyright (c) 2018 Synopsys.
*
* SPDX-License-Identifier: Apache-2.0
*/

#include <zephyr.h>
#include <misc/printk.h>
#include <soc.h>

#if defined(CONFIG_SOC_NSIM_SEM)
#define NORMAL_FIRMWARE_ENTRY 0x40000
#elif defined(CONFIG_SOC_EMSK)
#define NORMAL_FIRMWARE_ENTRY 0x20000
#endif


#define STACKSIZE 1024
#define PRIORITY 7
#define SLEEPTIME 1000


void threadA(void *dummy1, void *dummy2, void *dummy3)
{
ARG_UNUSED(dummy1);
ARG_UNUSED(dummy2);
ARG_UNUSED(dummy3);


printk("Go to normal application\n");

arc_go_to_normal(*((u32_t *)(NORMAL_FIRMWARE_ENTRY)));

printk("should not come here\n");

}

K_THREAD_DEFINE(thread_a, STACKSIZE, threadA, NULL, NULL, NULL,
PRIORITY, 0, K_NO_WAIT);


void main(void)
{
/* necessary configuration before go to normal */
s32_t i = 0;

/* allocate timer 0 and timer1 to normal mode */
z_arc_v2_irq_uinit_secure_set(IRQ_TIMER0, 0);
z_arc_v2_irq_uinit_secure_set(IRQ_TIMER1, 0);

/* disable the secure interrupts for debug purpose*/
/* _arc_v2_irq_unit_int_disable(IRQ_S_TIMER0); */

while (1) {
printk("I am the %s thread in secure world: %d\n",
__func__, i++);
k_sleep(SLEEPTIME);
}
}

0 comments on commit 5a0acd5

Please sign in to comment.
You can’t perform that action at this time.