Hi Thomas,

As you correctly identified, the value of the EXC_RETURN is not appropriate for the state the exception was taken from. As a quick double check, you can set it manually from a debugger to 0xFFFFFFBC before the exception return takes place and in that case the exception return will happen correctly. You can find more details on the meaning of each bit of the EXC_RETURN register at the following link: https://static.docs.arm.com/100701/0100/armv8_m_processor_exception_handling... (section 1.10).

In general, once TF-M has finished booting and has jumped to the NS state, the OS initialisation should take place (you can see as an example in the NS app how the RTX kernel initialisation happens). If the OS manipulates directly the Link Register, it needs to be aware that it's running from the NS state (this can imply a build time configuration step) so that it will set up correctly the default value of the EXC_RETURN when an exception happens. You can find more details in docs/user_guides/os_migration_guide_armv8m.md .

Thanks, Antonio

-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Thomas Törnblom via TF-M Sent: 25 February 2019 15:34 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] SecureFault when starting the OS

In my work to port TF-M to IAR EWARM I have now gotten the MPC set up so that the startup will properly switch to the NS code.

I'm now running into an issue where I get a SecureFault when attempting to start the OS.

The idle and timer threads have been configured and the timer thread has been put on run.curr and SVC_Exit issues a BX LR, which results in a SecureFault.

SFSR indicates that it is an INVER (Invalid Exception Return): --- Invalid exception return flag. This can be caused by EXC_RETURN.DCRS being set to 0 when returning from an exception in the Non-secure state, or by EXC_RETURN.ES being set to 1 when returning from an exception in the Non-secure state. The possible values of this bit are: 0 Error has not occurred. 1 Error has occurred. --

LR was 0xfffffffd (DCRS=1, ES=1) and the security bit was cleared, so it appears to be the second condition that triggered the exception.

What am I missing here?

Is the OS supposed to be started from NS mode?

I am still using the ARM.TFM.1.1.0, ARM.Musca_A1_BSP.2.0.0, ARM.mbedTLS.1.3.1 and ARM.CMSIS.5.5.0-dev2 packs.

Thanks, /Thomas

*Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom@iar.com mailto:thomas.tornblom@iar.com Website: www.iar.com http://www.iar.com Twitter: www.twitter.com/iarsystems http://www.twitter.com/iarsystems -- TF-M mailing list TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.