| Gyorgy Szing | db9783c | 2019-04-17 21:08:48 +0200 | [diff] [blame^] | 1 | ######################################################### |
| 2 | Generic OS migration from Armv7-M to Armv8-M architecture |
| 3 | ######################################################### |
| 4 | The purpose of this document is to list a set of requirements needed for |
| 5 | migrating a generic OS kernel running on Armv7-M to the Armv8-M architecture. |
| 6 | |
| 7 | ******************** |
| 8 | List of requirements |
| 9 | ******************** |
| 10 | - If the same OS codebase is used for both Secure and Non Secure builds, it is |
| 11 | suggested to put specific code targeted to the Non Secure build under a |
| 12 | compile time switch, e.g. ``#if (DOMAIN_NS == 1U)``. The OS build system in |
| 13 | this case needs to be amended accordingly to support this new switch. |
| 14 | - If the OS implements stack limit checking, the ``PSPLIM`` register |
| 15 | needs to be initialized and properly handled during thread context switch |
| 16 | operations. |
| 17 | - If the OS manipulates directly the Link Register, the default Link Register |
| 18 | value used in Handler mode transitions needs to be differentiated between |
| 19 | Secure and Non Secure builds, i.e. ``0xFD`` and ``0xBC``, respectively. |
| 20 | - If the OS supports the Thread Context Management for Armv8-M TrustZone APIs, |
| 21 | as described |
| 22 | `here <https://www.keil.com/pack/doc/CMSIS/Core/html/group__context__trustzone__functions.html>`__ |
| 23 | , and would like to use the non-secure client identification feature of TF-M, |
| 24 | then it also have to use the |
| 25 | ``enum tfm_status_e tfm_register_client_id (int32_t ns_client_id)`` |
| 26 | API function provided by TF-M, as described in |
| 27 | :doc:`NS client identification documentation <tfm_ns_client_identification>`. |
| 28 | - if the OS doesn't support the API mentioned above, it should set |
| 29 | ``TFM_NS_CLIENT_IDENTIFICATION`` to ``OFF`` in the cmake system. |
| 30 | - .. Note:: |
| 31 | |
| 32 | This is NOT REQUIRED when the Non Secure OS build is meant |
| 33 | to be integrated with TF-M running in Secure world. |
| 34 | |
| 35 | If generic function calls into Secure world have to be supported in Non Secure |
| 36 | builds, integrate an API for secure stack memory management (e.g. the |
| 37 | TrustZone API for secure stack memory management described in |
| 38 | ``tz_context.h``). |
| 39 | |
| 40 | -------------- |
| 41 | |
| 42 | *Copyright (c) 2018-2019, Arm Limited. All rights reserved.* |