SPM: Unify exception priority setting code
The exception priority setting code is spread into multiple
places while there is no significant difference between them.
Unify them together into one architecture function.
Change-Id: Iac15aff32065394b44f5318c66fb331842ec3b34
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
diff --git a/secure_fw/spm/cmsis_func/arch.c b/secure_fw/spm/cmsis_func/arch.c
index 0f5a937..4722cf7 100644
--- a/secure_fw/spm/cmsis_func/arch.c
+++ b/secure_fw/spm/cmsis_func/arch.c
@@ -236,7 +236,7 @@
#if defined(__ARM_ARCH_8_1M_MAIN__) || \
defined(__ARM_ARCH_8M_MAIN__) || defined(__ARM_ARCH_8M_BASE__)
-void tfm_arch_prioritize_secure_exception(void)
+void tfm_arch_set_secure_exception_priorities(void)
{
uint32_t VECTKEY;
SCB_Type *scb = SCB;
@@ -248,30 +248,23 @@
scb->AIRCR = SCB_AIRCR_PRIS_Msk |
VECTKEY |
(AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
-}
-#elif defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_7M__) || \
- defined(__ARM_ARCH_7EM__)
-void tfm_arch_prioritize_secure_exception(void)
-{
-}
-#endif
-void tfm_arch_set_fault_priority(void)
-{
- /* For Armv8-M, set fault priority to less than 0x80 (with AIRCR.PRIS set)
- * to prevent Non-secure from pre-empting faults that may indicate
- * corruption of Secure state. For Armv7-M, also set fault priority to the
- * highest for consistent behaviour.
- */
-#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__) || \
- defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__)
+#ifndef __ARM_ARCH_8M_BASE__
NVIC_SetPriority(MemoryManagement_IRQn, 0);
NVIC_SetPriority(BusFault_IRQn, 0);
-#endif
-#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
NVIC_SetPriority(SecureFault_IRQn, 0);
#endif
+
+ /*
+ * Function based model needs no PendSV for scheduling,
+ * set its priority just higher than thread mode.
+ */
+ NVIC_SetPriority(SVCall_IRQn, 0);
+ NVIC_SetPriority(PendSV_IRQn, (1 << __NVIC_PRIO_BITS) - 1);
}
+#else
+#error Function based model works on V8M series only.
+#endif
void tfm_arch_configure_coprocessors(void)
{
diff --git a/secure_fw/spm/cmsis_func/main.c b/secure_fw/spm/cmsis_func/main.c
index df8c172..f22dfbf 100644
--- a/secure_fw/spm/cmsis_func/main.c
+++ b/secure_fw/spm/cmsis_func/main.c
@@ -117,24 +117,6 @@
return TFM_SUCCESS;
}
-static int32_t tfm_core_set_secure_exception_priorities(void)
-{
- enum tfm_plat_err_t plat_err = TFM_PLAT_ERR_SYSTEM_ERR;
-
- tfm_arch_prioritize_secure_exception();
-
- /* Explicitly set Secure SVC priority to highest */
- plat_err = tfm_spm_hal_set_secure_irq_priority(SVCall_IRQn, 0);
- if (plat_err != TFM_PLAT_ERR_SUCCESS) {
- return TFM_ERROR_GENERIC;
- }
-
- tfm_arch_set_fault_priority();
- tfm_arch_set_pendsv_priority();
-
- return TFM_SUCCESS;
-}
-
int main(void)
{
/* set Main Stack Pointer limit */
@@ -176,9 +158,7 @@
* Prioritise secure exceptions to avoid NS being able to pre-empt
* secure SVC or SecureFault. Do it before PSA API initialization.
*/
- if (tfm_core_set_secure_exception_priorities() != TFM_SUCCESS) {
- tfm_core_panic();
- }
+ tfm_arch_set_secure_exception_priorities();
/* We close the TFM_SP_CORE_ID partition, because its only purpose is
* to be able to pass the state checks for the tests started from secure.
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
index 35ccd71..fd3e8b6 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
@@ -143,17 +143,16 @@
__ASM volatile("b .");
}
-void tfm_arch_prioritize_secure_exception(void)
-{
-}
-
-void tfm_arch_set_fault_priority(void)
+void tfm_arch_set_secure_exception_priorities(void)
{
/* Set fault priority to the highest */
#if defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__)
NVIC_SetPriority(MemoryManagement_IRQn, 0);
NVIC_SetPriority(BusFault_IRQn, 0);
#endif
+
+ NVIC_SetPriority(SVCall_IRQn, 0);
+ NVIC_SetPriority(PendSV_IRQn, (1 << __NVIC_PRIO_BITS) - 1);
}
void tfm_arch_configure_coprocessors(void)
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
index 4723e0d..4379707 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
@@ -130,7 +130,7 @@
);
}
-void tfm_arch_prioritize_secure_exception(void)
+void tfm_arch_set_secure_exception_priorities(void)
{
uint32_t VECTKEY;
SCB_Type *scb = SCB;
@@ -142,11 +142,28 @@
scb->AIRCR = SCB_AIRCR_PRIS_Msk |
VECTKEY |
(AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
-}
-/* Faults other than HardFault are not present in Armv8-M Baseline */
-void tfm_arch_set_fault_priority(void)
-{
+ NVIC_SetPriority(SVCall_IRQn, 0);
+#ifdef TFM_MULTI_CORE_TOPOLOGY
+ NVIC_SetPriority(PendSV_IRQn, (1 << __NVIC_PRIO_BITS) - 1);
+#else
+ /*
+ * Set secure PendSV priority to the lowest in SECURE state.
+ *
+ * IMPORTANT NOTE:
+ *
+ * Although the priority of the secure PendSV must be the lowest possible
+ * among other interrupts in the Secure state, it must be ensured that
+ * PendSV is not preempted nor masked by Non-Secure interrupts to ensure
+ * the integrity of the Secure operation.
+ * When AIRCR.PRIS is set, the Non-Secure execution can act on
+ * FAULTMASK_NS, PRIMASK_NS or BASEPRI_NS register to boost its priority
+ * number up to the value 0x80.
+ * For this reason, set the priority of the PendSV interrupt to the next
+ * priority level configurable on the platform, just below 0x80.
+ */
+ NVIC_SetPriority(PendSV_IRQn, (1 << (__NVIC_PRIO_BITS - 1)) - 1);
+#endif
}
/* There are no coprocessors in Armv8-M Baseline implementations */
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
index 2891fe1..7ee1141 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
@@ -149,7 +149,7 @@
__ASM volatile("b .");
}
-void tfm_arch_prioritize_secure_exception(void)
+void tfm_arch_set_secure_exception_priorities(void)
{
uint32_t VECTKEY;
SCB_Type *scb = SCB;
@@ -161,10 +161,6 @@
scb->AIRCR = SCB_AIRCR_PRIS_Msk |
VECTKEY |
(AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
-}
-
-void tfm_arch_set_fault_priority(void)
-{
/* Set fault priority to less than 0x80 (with AIRCR.PRIS set) to prevent
* Non-secure from pre-empting faults that may indicate corruption of Secure
* state.
@@ -172,6 +168,28 @@
NVIC_SetPriority(MemoryManagement_IRQn, 0);
NVIC_SetPriority(BusFault_IRQn, 0);
NVIC_SetPriority(SecureFault_IRQn, 0);
+
+ NVIC_SetPriority(SVCall_IRQn, 0);
+#ifdef TFM_MULTI_CORE_TOPOLOGY
+ NVIC_SetPriority(PendSV_IRQn, (1 << __NVIC_PRIO_BITS) - 1);
+#else
+ /*
+ * Set secure PendSV priority to the lowest in SECURE state.
+ *
+ * IMPORTANT NOTE:
+ *
+ * Although the priority of the secure PendSV must be the lowest possible
+ * among other interrupts in the Secure state, it must be ensured that
+ * PendSV is not preempted nor masked by Non-Secure interrupts to ensure
+ * the integrity of the Secure operation.
+ * When AIRCR.PRIS is set, the Non-Secure execution can act on
+ * FAULTMASK_NS, PRIMASK_NS or BASEPRI_NS register to boost its priority
+ * number up to the value 0x80.
+ * For this reason, set the priority of the PendSV interrupt to the next
+ * priority level configurable on the platform, just below 0x80.
+ */
+ NVIC_SetPriority(PendSV_IRQn, (1 << (__NVIC_PRIO_BITS - 1)) - 1);
+#endif
}
void tfm_arch_configure_coprocessors(void)
diff --git a/secure_fw/spm/cmsis_psa/main.c b/secure_fw/spm/cmsis_psa/main.c
index d6b06c0..5bea871 100644
--- a/secure_fw/spm/cmsis_psa/main.c
+++ b/secure_fw/spm/cmsis_psa/main.c
@@ -116,24 +116,6 @@
return TFM_SUCCESS;
}
-static int32_t tfm_core_set_secure_exception_priorities(void)
-{
- enum tfm_plat_err_t plat_err = TFM_PLAT_ERR_SYSTEM_ERR;
-
- tfm_arch_prioritize_secure_exception();
-
- /* Explicitly set Secure SVC priority to highest */
- plat_err = tfm_spm_hal_set_secure_irq_priority(SVCall_IRQn, 0);
- if (plat_err != TFM_PLAT_ERR_SUCCESS) {
- return TFM_ERROR_GENERIC;
- }
-
- tfm_arch_set_fault_priority();
- tfm_arch_set_pendsv_priority();
-
- return TFM_SUCCESS;
-}
-
int main(void)
{
/* set Main Stack Pointer limit */
@@ -161,9 +143,7 @@
* Prioritise secure exceptions to avoid NS being able to pre-empt
* secure SVC or SecureFault. Do it before PSA API initialization.
*/
- if (tfm_core_set_secure_exception_priorities() != TFM_SUCCESS) {
- tfm_core_panic();
- }
+ tfm_arch_set_secure_exception_priorities();
/* Move to handler mode for further SPM initialization. */
tfm_core_handler_mode();
diff --git a/secure_fw/spm/include/tfm_arch.h b/secure_fw/spm/include/tfm_arch.h
index 74c0aba..988c575 100644
--- a/secure_fw/spm/include/tfm_arch.h
+++ b/secure_fw/spm/include/tfm_arch.h
@@ -46,33 +46,6 @@
SCB->ICSR = SCB_ICSR_PENDSVSET_Msk;
}
-#ifdef TFM_MULTI_CORE_TOPOLOGY
-__STATIC_INLINE void tfm_arch_set_pendsv_priority(void)
-{
- NVIC_SetPriority(PendSV_IRQn, (1 << __NVIC_PRIO_BITS) - 1);
-}
-#else
-__STATIC_INLINE void tfm_arch_set_pendsv_priority(void)
-{
- /*
- * Set secure PendSV priority to the lowest in SECURE state.
- *
- * IMPORTANT NOTE:
- *
- * Although the priority of the secure PendSV must be the lowest possible
- * among other interrupts in the Secure state, it must be ensured that
- * PendSV is not preempted nor masked by Non-Secure interrupts to ensure
- * the integrity of the Secure operation.
- * When AIRCR.PRIS is set, the Non-Secure execution can act on
- * FAULTMASK_NS, PRIMASK_NS or BASEPRI_NS register to boost its priority
- * number up to the value 0x80.
- * For this reason, set the priority of the PendSV interrupt to the next
- * priority level configurable on the platform, just below 0x80.
- */
- NVIC_SetPriority(PendSV_IRQn, (1 << (__NVIC_PRIO_BITS - 1)) - 1);
-}
-#endif /* TFM_MULTI_CORE_TOPOLOGY */
-
/**
* \brief Get Link Register
* \details Returns the value of the Link Register (LR)
@@ -114,14 +87,9 @@
uint32_t sp, uint32_t sp_limit);
/*
- * Prioritize Secure exceptions
+ * Set secure exceptions priority
*/
-void tfm_arch_prioritize_secure_exception(void);
-
-/*
- * Set the priority of fault exceptions
- */
-void tfm_arch_set_fault_priority(void);
+void tfm_arch_set_secure_exception_priorities(void);
/**
* \brief Configure coprocessors