Alan,

 

The un-interrupted execution flow in such scenarios should look like:

 

1. NS thread calls secure service,  S execution in thread mode
2. S execution triggers crypto hardware accelerator then executes WFE (wait for interrupts, but still is in thread mode)
3. crypto hardware raises IRQ, interrupt execution in secure mode
4. After interrupt execution, return to secure thread mode
5. When secure service completes return to NS thread mode

 

The only time where NS interrupts are effectively blocked are during (3) interrupt execution in secure mode.  Important is to keep this interrupts short.  During (1), (2), (4), (5) RTOS pre-emption is not blocked.

Is this in-line with your thinking?

Reinhard