Arch: Explicitly set the priority of faults Explicitly set the priority of faults that may indicate corruption of secure state to less than 0x80, to prevent Non-secure from pre-empting them. The priority is set to the highest, which is also the reset value, so behaviour should be unchanged. Change-Id: Icbf7315298ed0c418ee068b98ddad6db85c914c9 Signed-off-by: Jamie Fox <jamie.fox@arm.com>

commit: 3ede971de5d707bf1dbe0c551fed69861b8ad0fc [log] [tgz]
author: Jamie Fox <jamie.fox@arm.com> Mon Sep 28 23:14:54 2020 +0100
committer: Ken Liu <ken.liu@arm.com> Tue Oct 13 07:53:43 2020 +0000
tree: 9a99737fc9b28df3cbd9bb23cc384d1b73261ff3
parent: b78795ade2c43a4d1904b8a8a0bd881a4aef64a4 [diff]
diff --git a/secure_fw/spm/cmsis_func/arch.c b/secure_fw/spm/cmsis_func/arch.c
index a44e5fc..0f5a937 100644
--- a/secure_fw/spm/cmsis_func/arch.c
+++ b/secure_fw/spm/cmsis_func/arch.c

@@ -256,6 +256,23 @@
 }
 #endif
 
+void tfm_arch_set_fault_priority(void)
+{
+    /* For Armv8-M, set fault priority to less than 0x80 (with AIRCR.PRIS set)
+     * to prevent Non-secure from pre-empting faults that may indicate
+     * corruption of Secure state. For Armv7-M, also set fault priority to the
+     * highest for consistent behaviour.
+     */
+#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__) || \
+    defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__)
+    NVIC_SetPriority(MemoryManagement_IRQn, 0);
+    NVIC_SetPriority(BusFault_IRQn, 0);
+#endif
+#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
+    NVIC_SetPriority(SecureFault_IRQn, 0);
+#endif
+}
+
 void tfm_arch_configure_coprocessors(void)
 {
 #if defined (__FPU_PRESENT) && (__FPU_PRESENT == 1U)

diff --git a/secure_fw/spm/cmsis_func/main.c b/secure_fw/spm/cmsis_func/main.c
index d6bb304..df8c172 100644
--- a/secure_fw/spm/cmsis_func/main.c
+++ b/secure_fw/spm/cmsis_func/main.c

@@ -129,6 +129,7 @@
         return TFM_ERROR_GENERIC;
     }
 
+    tfm_arch_set_fault_priority();
     tfm_arch_set_pendsv_priority();
 
     return TFM_SUCCESS;

diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
index 8b66522..35ccd71 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c

@@ -147,6 +147,15 @@
 {
 }
 
+void tfm_arch_set_fault_priority(void)
+{
+    /* Set fault priority to the highest */
+#if defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__)
+    NVIC_SetPriority(MemoryManagement_IRQn, 0);
+    NVIC_SetPriority(BusFault_IRQn, 0);
+#endif
+}
+
 void tfm_arch_configure_coprocessors(void)
 {
     /* There are no coprocessors in Armv6-M implementations */

diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
index 34c3641..4723e0d 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c

@@ -144,6 +144,11 @@
                  (AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
 }
 
+/* Faults other than HardFault are not present in Armv8-M Baseline */
+void tfm_arch_set_fault_priority(void)
+{
+}
+
 /* There are no coprocessors in Armv8-M Baseline implementations */
 void tfm_arch_configure_coprocessors(void)
 {

diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
index f59a902..2891fe1 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c

@@ -163,6 +163,17 @@
                  (AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
 }
 
+void tfm_arch_set_fault_priority(void)
+{
+    /* Set fault priority to less than 0x80 (with AIRCR.PRIS set) to prevent
+     * Non-secure from pre-empting faults that may indicate corruption of Secure
+     * state.
+     */
+    NVIC_SetPriority(MemoryManagement_IRQn, 0);
+    NVIC_SetPriority(BusFault_IRQn, 0);
+    NVIC_SetPriority(SecureFault_IRQn, 0);
+}
+
 void tfm_arch_configure_coprocessors(void)
 {
 #if defined (__FPU_PRESENT) && (__FPU_PRESENT == 1U)

diff --git a/secure_fw/spm/cmsis_psa/main.c b/secure_fw/spm/cmsis_psa/main.c
index 39e6c47..d6b06c0 100644
--- a/secure_fw/spm/cmsis_psa/main.c
+++ b/secure_fw/spm/cmsis_psa/main.c

@@ -128,6 +128,7 @@
         return TFM_ERROR_GENERIC;
     }
 
+    tfm_arch_set_fault_priority();
     tfm_arch_set_pendsv_priority();
 
     return TFM_SUCCESS;

diff --git a/secure_fw/spm/include/tfm_arch.h b/secure_fw/spm/include/tfm_arch.h
index 4bf7f16..74c0aba 100644
--- a/secure_fw/spm/include/tfm_arch.h
+++ b/secure_fw/spm/include/tfm_arch.h

@@ -118,6 +118,11 @@
  */
 void tfm_arch_prioritize_secure_exception(void);
 
+/*
+ * Set the priority of fault exceptions
+ */
+void tfm_arch_set_fault_priority(void);
+
 /**
  * \brief Configure coprocessors
  */
commit	3ede971de5d707bf1dbe0c551fed69861b8ad0fc	[log] [tgz]
author	Jamie Fox <jamie.fox@arm.com>	Mon Sep 28 23:14:54 2020 +0100
committer	Ken Liu <ken.liu@arm.com>	Tue Oct 13 07:53:43 2020 +0000
tree	9a99737fc9b28df3cbd9bb23cc384d1b73261ff3
parent	b78795ade2c43a4d1904b8a8a0bd881a4aef64a4 [diff]