I am working on porting TF-M to the IAR Embedded Workbench for ARM (EWARM) toolchain and I'm having some issues getting it to start properly.
I started out using the ARM.TFM.1.1.0, ARM.Musca_A1_BSP.2.0.0, ARM.mbedTLS.1.3.1 and ARM.CMSIS.5.5.0-dev2 CMSIS packs and I've had to fix things in all of the packs to make the project build with our compiler, some things just to add our tools, some things that were just gcc:isms that are non standard-C.
The TF-M code is based on a snapshot of https://git.trustedfirmware.org/trusted-firmware-m.git repository of the following hash: 5c1756fbab6097f5688583d11dea5d1271d2d774
I know that some of these packs are old and I'm also working on a port of the bits on trustedfirmware.org, but I would like to bring the old version up first.
The (current) issue I have is that the NS code region becomes inaccessible from the secure part after setting the SAU up and I assume I am missing something.
in tfm_core_init() there are calls to: --- tfm_spm_hal_init_isolation_hw(); configure_ns_code(); ---
tfm_spm_hal_init_isolation_hw() calls sau_and_idau_cfg(), which sets up: --- /* Configures SAU regions to be non-secure */ SAU->RNR = TFM_NS_REGION_CODE; SAU->RBAR = (memory_regions.non_secure_partition_base & SAU_RBAR_BADDR_Msk); SAU->RLAR = (memory_regions.non_secure_partition_limit & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; ---
After this piece is run, the NS vector table becomes all zeros when viewed from secure mode. This causes the configure_ns_code() call above to fail to pick up the ns_msp and ns_entry addresses, they become 0.
If I swap the calls around so they become: --- configure_ns_code(); tfm_spm_hal_init_isolation_hw(); --- then ns_msp and ns_entry are picked up OK.
How is this supposed to work?
When the SAU is setup I get RAZ/WI when accessing NS memory from S mode, the other way around results is a security violation, which is properly handled by the SecureFault_Handler().
What am I missing?
I run into other problems later, but that may very well a consequence of earlier issues.
Thanks, /Thomas