Hi Andersson,

 

The main usage of BFHFNMINS is that some software only uses the single Non-Secure State. So the faults need to be Non-secure as well.

Handling those faults in Non-secure can have some security issues as Secure is not aware of any those exceptions are triggered.

So if you are using both NS and S, BFHFNMINS should not be set.

 

Best Regards,

Kevin

 

From: Andersson, Joakim via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, June 1, 2022 6:58 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Non-secure use of NMI

 

Hi. I was looking into a failing test-case in the Zephyr project for the NMI  not being processed when using TF-M.


The issue is that SCB.AIRCR.BFHFNMINS bit is not set, so the non-secure write to SCB.ICSR.NMIPENDSET is ignored.

 

Is this a decision that was explicitly made for the TF-M configuration to not allow the non-secure application to use the NMI handler?

I could not find anything in the TF-M documentation mentioning the NMI.

 

Are there security concerns related to the NMI?

 

Joakim Andersson | Senior R&D Engineer
Trondheim, Norway

nordicsemi.com | devzone.nordicsemi.com

Facebook | LinkedIn | Twitter | YouTube | Instagram

 

Nordic_logo_signature