2024-07-02
GR5526 GUI专题(4) - Lvgl字体的位图数组合并转换为bin文件的说明
李孝超
1. Trust Zone(M) Introduction
1.1. Market overview
• Fingerprint Identification
• Face ID
• Mobile Payment
• DRM(Data Rights Management)
• Smart Home
•
…
1.2. AMBA BUS
ISOLATION !!!
• AMBA AXI/AHB5 provides access permissions signals that can be used to protect against illegal transactions.
1.3. Architecture
• SAU (Security Attribution Unit)
• IDAU (Implementation Defined Attribution Unit)
• MPU (Memory Protection Unit)
1.4. Memory Layout
• Secure(S): memory and peripherals only accessible by Secure software.
• Non-Secure(NS): memory and peripherals accessible by All software.
• Non-secure Callable(NSC): contain tables of small branch veneers( entry points). there is the Secure Gateway(SG) instruction .
1.5. Interrupt&Mode
• Security Handler: trigger, if call S region by NS core status.
• All IRQs can be configed to Secure or Non-Secure by NVIC_INTS (Interrupt Target Non-Secure).
1.6. Core Registers
• Backup core registers when switch from Secure state to Non-secure state.
•
Context switch more fast.
1.7. Secure Callable
• Instructions
1. SG (Secure Gateway) : switch from Non-secure to Secure state at the first instruction of Secure entry point.
2.
BXNS : Used by Secure software to branch or return to Non-secure
program.
3. *BLXNS* : Used by Secure software to call Non-secure functions.
1.8. Secure Boot flow
• Boot Flow:
• Switch to NS State
typedef int __attribute__((cmse_nonsecure_call)) nsfunc(void);
#define NS_START_ADDR 0x10000000
int nonsecure_init() {
SCB_NS->VTOR=NS_START_ADDR;
uint32_t *vtor = (uint32_t *) NS_START_ADDR;
__TZ_set_MSP_NS(vtor[0]);
nsfunc *ns_reset = (nsfunc*)(vtor[1]);
ns_reset();
}
int main() {
nonsecure_init();
printf(“ERROR:Should not return here!\n”);
return 0;
}2. Software Design Guide
2.1. Develop Mode(without RTOS)
2.2. Develop Mode(with RTOS)
2.3. Trust Zone Software Tips
• Defining for Non-Secure function in secure region
1.
Definition: attribution "cmse_nonsecure_entry"
__attribute__((cmse_nonsecure_entry))
void fun_name{
...
}2. Linker file: sg veneer area locate at ".gnu.sgstubs"
.gnu.sgstubs : ALIGN (32)
{
. = ALIGN(32);
_start_sg = .;
,*(.gnu.sgstubs*) # sg veneer area
. = ALIGN(32);
_end_sg = .;
} > FLASH-REGION-WITH-NSC-ENABLED 3. Build: build parameter "-mcmse"
gcc ... -mcmse ...2.4. Trust Zone Software Tips(NS->S)
• Call from Non-Secure region to Secure function
1. Generate "CMSE_importLib.o" containing the needed address information
gcc --cmse-implib --out-implib=CMSE_importLib.o ...2. Import NSC lib in non-secure project
gcc CMSE_importLib.o ...2.5. Trust Zone Software Tips(S->NS)
•
Call from Secure region to
Non-Secure function: The "cmse_nonsecure_call"
attribute is to clear the non banked general purpose registers before jumping
back in the non-secure code
typedef void (*funcptr_ns) (void) __attribute__((cmse_nonsecure_call));
void ControlCriticalIO(funcptr_ns callback_fn){
funcptr_ns cb = callback_fn;
if (cb != 0) {
/* do some critical things*/
cb();
}else {
;// do nothing
}}2.6. Secure Coding Style
•
ARMv8-M
Secure software guidelines is here
打开微信,使用“扫一扫”即可关注