Secure Monitor

From MILEDROPEDIA
Jump to: navigation, search

Description

Because implementing full-featured hardware MTM is too hard task, most vendors usually enable only software emulation of MTM. All OMAP chips have only software emulation of MTM, and not full.

This emulation usually provides by time-split system: few ticks - Non-Secure World, few ticks - Secure World.

In OMAP we can call Secure Monitor by SMC instruction, which call specific in-cpu interrupt, and CPU enter in Secure mode Also L2 cache in Secure mode dont used, really. So you need to be shure flush cache before enter Secure World

Provide a few Secure Services

Internal structure

ARM v7ar provide System Monitor CPU mode, and Secure Extensions for Control Coprocessor cp15 with c12 register.

See chapter B3.12.39 of ARM Architecture Reference Guide.

How To Use

Security Monitor can be called by these functions:

 __int32 __cdecl security_monitor_call(__int32 secure_service_id, __int32 proc_id, __int32 flags, void *params)
  1. ; =============== S U B R O U T I N E =======================================
  2.  
  3. security_monitor_call                                       ; CODE XREF: security_monitor_parse_flags_and_call+8
  4.                  STMFD           SP!, {R4-R12,LR}            ; Store Block to Memory
  5.                  MOV             R6, #0xFF                   ; Rd = Op2
  6.                  MOV             R12, #0                     ; Rd = Op2
  7.                  MCR             p15, 0, R0,c7,c5, 4         ; prefetch flush
  8.                  MCR             p15, 0, R0,c7,c10, 4        ; data synchronisation barrier
  9.                  SMC             1                           ; Secure Monitor Call
  10.                  B               service_end                 ; Branch
  11.  
  12. ; ---------------------------------------------------------------------------
  13.                  NOP                                         ; No Operation
  14.                  MOV             R12, #SMC_IRQ_END           ; Rd = Op2
  15.                  SMC             1                           ; Secure Monitor Call
  16.  
  17.  
  18.      service_end                                                 ; CODE XREF: security_monitor_call+18
  19.                  LDMFD           SP!, {R4-R12,LR}            ; Load Block from Memory
  20.                  BX              LR                          ; Branch to/from Thumb mode
  21.  
  22. ; End of function security_monitor_call

And here example of params parser function, which parse flags and params before calling secure service:

__int32 __fastcall security_monitor_parse_flags_and_call(__int32 ssid, __int32 proc_id, __int32 flag, __int32 params_count, void *params)
  1. ; =============== S U B R O U T I N E =======================================
  2.  
  3.      security_monitor_parse_flags_and_call                       ; CODE XREF: security_call_SSID_0x04+E
  4.                                                                  ; security_call_SSID_0x03+C ...
  5.  
  6.      caller_address  = -0x14
  7.      ssid            = -0x10
  8.      proc_id         = -0xC
  9.      flag            = -8
  10.      params_count    = -4
  11.      params          =  0
  12.  
  13.                  PUSH            {R0-R3}                     ; stack = [R0,R1,R2,R3,R4,LR] stack_head
  14.                  PUSH            {R4,LR}                     ; Push registers
  15.                  ADD             R3, SP, #0x18+params_count  ; params_addr
  16.                  LDR             R2, [SP,#0x18+flag]         ; flag
  17.                  BLX             security_monitor_call       ; Branch with Link and Exchange (immediate address)
  18.  
  19.                  POP             {R4}                        ; Pop registers
  20.                  LDR.W           PC, [SP+0x14+caller_address],#0x14 ; returning back to the caller function
  21.  
  22. ; End of function security_monitor_parse_flags_and_call
Personal tools
Namespaces
Variants
Actions
Navigation
see also
Toolbox