SPM: Provide option to schedule when NSPE is interrupted
By default, PendSV_Handler() will skip running the scheduler if it
determines that the NSPE was interrupted by a secure interrupt. This
avoids potentially executing lower-priority SPE work when
higher-priority NSPE work is waiting. For systems where it is known that
the secure work is always higher-priority, it is useful to be able to run
the scheduler in this situation, so this patch provides a configuration
option to support doing so.
Change-Id: I596033ec54c307b225b54412f1fa3a3f5e053481
Signed-off-by: Chris Brand <chris.brand@cypress.com>
diff --git a/config/config_base.h b/config/config_base.h
index 8f572db..92b5518 100644
--- a/config/config_base.h
+++ b/config/config_base.h
@@ -1,5 +1,8 @@
/*
* Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon
+ * company) or an affiliate of Cypress Semiconductor Corporation. All rights
+ * reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -230,12 +233,17 @@
/* The maximal number of secure services that are connected or requested at the same time */
#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
-#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
#endif
/* Disable the doorbell APIs */
#ifndef CONFIG_TFM_DOORBELL_API
-#define CONFIG_TFM_DOORBELL_API 0
+#define CONFIG_TFM_DOORBELL_API 0
+#endif
+
+/* Do not run the scheduler after handling a secure interrupt if the NSPE was pre-empted */
+#ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
+#define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0
#endif
#endif /* __CONFIG_BASE_H__ */
diff --git a/docs/configuration/index.rst b/docs/configuration/index.rst
index 235d05d..72d48ae 100644
--- a/docs/configuration/index.rst
+++ b/docs/configuration/index.rst
@@ -24,7 +24,7 @@
modules, specify location of external dependency or other selection,
global to a project. These option set shall be considered while adopting TF-M
to other build systems.
- In the :ref:`Base_configuration` tabletheses options have *Build* type.
+ In the :ref:`Base_configuration` table these options have *Build* type.
Component configuration
To adjust a particular parameter to a desired value. Those options are
@@ -259,22 +259,26 @@
Secure Partition Manager
========================
-+-------------------------------------+-----------+-------------+
-| Options | Type | Base Values |
-+=====================================+===========+=============+
-|TFM_ISOLATION_LEVEL | Build | 1 |
-+-------------------------------------+-----------+-------------+
-|PSA_FRAMEWORK_HAS_MM_IOVEC | Build | OFF |
-+-------------------------------------+-----------+-------------+
-|CONFIG_TFM_SPM_BACKEND | Build | "SFN" |
-+-------------------------------------+-----------+-------------+
-|TFM_SPM_LOG_LEVEL | Build | 1 |
-+-------------------------------------+-----------+-------------+
-|CONFIG_TFM_CONN_HANDLE_MAX_NUM | Component | 8 |
-+-------------------------------------+-----------+-------------+
-|CONFIG_TFM_DOORBELL_API | Component | 0 |
-+-------------------------------------+-----------+-------------+
++----------------------------------------+-----------+-------------+
+| Options | Type | Base Values |
++========================================+===========+=============+
+|TFM_ISOLATION_LEVEL | Build | 1 |
++----------------------------------------+-----------+-------------+
+|PSA_FRAMEWORK_HAS_MM_IOVEC | Build | OFF |
++----------------------------------------+-----------+-------------+
+|CONFIG_TFM_SPM_BACKEND | Build | "SFN" |
++----------------------------------------+-----------+-------------+
+|TFM_SPM_LOG_LEVEL | Build | 1 |
++----------------------------------------+-----------+-------------+
+|CONFIG_TFM_CONN_HANDLE_MAX_NUM | Component | 8 |
++----------------------------------------+-----------+-------------+
+|CONFIG_TFM_DOORBELL_API | Component | 0 |
++----------------------------------------+-----------+-------------+
+|CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED | Component | OFF |
++----------------------------------------+-----------+-------------+
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
\ No newline at end of file
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon company)
+or an affiliate of Cypress Semiconductor Corporation. All rights reserved.*
diff --git a/docs/integration_guide/index.rst b/docs/integration_guide/index.rst
index e96445c..589edf5 100644
--- a/docs/integration_guide/index.rst
+++ b/docs/integration_guide/index.rst
@@ -123,6 +123,17 @@
be possible for any non-secure interrupt to preempt a higher-priority secure
interrupt.
+********************************
+Secure interrupts and scheduling
+********************************
+To ensure correct operation in the general case, the secure scheduler is not
+run after handling a secure interrupt that pre-empted the NSPE. On systems
+with specific constraints, it may be desirable to run the scheduler in this
+situation, which can be done by setting
+``CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED`` to 1. This could be done if the
+NSPE is known to be a simple, single-threaded application or if non-secure
+interrupts cannot pre-empt the SPE, for example.
+
**********************************
Integration with non-Cmake systems
**********************************
diff --git a/secure_fw/spm/Kconfig.comp b/secure_fw/spm/Kconfig.comp
index d28f0d2..f3d1b90 100644
--- a/secure_fw/spm/Kconfig.comp
+++ b/secure_fw/spm/Kconfig.comp
@@ -1,5 +1,7 @@
#-------------------------------------------------------------------------------
# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon company)
+# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -18,4 +20,8 @@
bool "Enable the doorbell APIs"
depends on TFM_SPM_BACKEND_IPC
default y
+
+config CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
+ bool "Run the scheduler after a secure interrupt pre-empts the NSPE"
+ default n
endmenu
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
index ee808ae..8b8657a 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018-2023, Arm Limited. All rights reserved.
- * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
+ * Copyright (c) 2022-2023 Cypress Semiconductor Corporation (an Infineon
* company) or an affiliate of Cypress Semiconductor Corporation. All rights
* reserved.
*
@@ -104,8 +104,10 @@
#endif
" movs r0, #"M2S(EXC_RETURN_S)" \n"
" mov r1, lr \n"
+#if CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED == 1
" tst r0, r1 \n" /* NS interrupted */
" beq v8b_pendsv_exit \n" /* No schedule */
+#endif
" push {r0, lr} \n" /* Save R0, LR */
" bl ipc_schedule \n"
" pop {r2, r3} \n"
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
index df6acd2..ce0578d 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
@@ -1,9 +1,9 @@
/*
* Copyright (c) 2018-2023, Arm Limited. All rights reserved.
- * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
- * * company) or an affiliate of Cypress Semiconductor Corporation. All rights
- * * reserved.
- * *
+ * Copyright (c) 2022-2023 Cypress Semiconductor Corporation (an Infineon
+ * company) or an affiliate of Cypress Semiconductor Corporation. All rights
+ * reserved.
+ *
* SPDX-License-Identifier: BSD-3-Clause
*
*/
@@ -105,7 +105,9 @@
#endif
" movs r0, #"M2S(EXC_RETURN_S)" \n"
" ands r0, lr \n" /* NS interrupted */
+#if CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED == 1
" beq v8m_pendsv_exit \n" /* No schedule */
+#endif
" push {r0, lr} \n" /* Save R0, LR */
" bl ipc_schedule \n"
" pop {r2, lr} \n"