Hi Andrej,
TF-M has no requirement on NS thread execution being unprivileged, nor is it mandated by PSA. It is one of a set of measures that make non-secure thread isolation possible, reduce attack surface and provide a degree of tolerance against programming errors, but its absence does not invalidate the security measures provided by TF-M, so it is a fully valid implementation to make NSPE a single protection domain and all non-secure code execution privileged.
Regards Miklos
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Andrej Butok via TF-M Sent: 02 May 2019 14:19 To: TF-M@lists.trustedfirmware.org Subject: [TF-M] NS application privilege mode
Hello,
May a non-secure TFM user application stay in the privilege mode after start-up? It's needed, as some system registers are accessible only in the privilege mode. Asking, because the TFM NS Musca start-up code is switching to the unprivileged mode from very beginning: MRS R0, control ; Get control value ORR R0, R0, #1 ; Select switch to unprivilage mode ORR R0, R0, #2 ; Select switch to PSP MSR control, R0 Hope, it is not mandatory.
Thanks, Andrej Butok