• State Verified Answer
  • Replies 2 replies
  • Subscribers 74 subscribers
  • Views 1030 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 255908
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

cmse_check_address_range failure if object spans multiple RAM regions

DevinCallahan

I implemented some NonSecure Entry functions in my app and I've noticed that if I check an object using the cmse_check_address_range intrinsic that the check fails if the object happens to span multiple RAM regions, even if all those regions are configured to be NonSecure in the SPU.

A concrete example looks like this:

cmse_check_address_range((void*)0x2002FFFE, 2, CMSE_NONSECURE) // Succeeds

cmse_check_address_range((void*)0x2002FFFE, 3, CMSE_NONSECURE) // Fails

0x2002FFFE + 3 bumps the address being checked from being in RAM region 23 to RAM region 24 which causes the failure

I am struggling to find good documentation for these features so I'm hoping maybe someone here knows if this is expected behavior.


Thank you!

Parents
  • +1

    Hi there,

    Thanks for your question!

    The CMSE address range functions are implemented using the TT ARMv8-M instructions which makes them inefficient with ranges crossing one or multiple  MPU, SAU or IDAU (i.e. SPU) boundaries.

    See here: https://developer.arm.com/documentation/100720/0200/The-Test-Target-instruction?lang=en

    So what you observe is expected behavior.

    I risk an assumption that you want to validate a supplied address range when you execute a secure function that is callable from non-secure code. If this is the case, then you need to provide an implementation that takes into consideration the Nordic SPU architecture. For instance, you can us the TT instructions directly, to get the initial and the last SPU region of your address range and then check the permissions in all the SPU regions your address range overlaps with.

    Agree that ideally this should be provided by the SDK Slight smile 

Reply
  • +1

    Hi there,

    Thanks for your question!

    The CMSE address range functions are implemented using the TT ARMv8-M instructions which makes them inefficient with ranges crossing one or multiple  MPU, SAU or IDAU (i.e. SPU) boundaries.

    See here: https://developer.arm.com/documentation/100720/0200/The-Test-Target-instruction?lang=en

    So what you observe is expected behavior.

    I risk an assumption that you want to validate a supplied address range when you execute a secure function that is callable from non-secure code. If this is the case, then you need to provide an implementation that takes into consideration the Nordic SPU architecture. For instance, you can us the TT instructions directly, to get the initial and the last SPU region of your address range and then check the permissions in all the SPU regions your address range overlaps with.

    Agree that ideally this should be provided by the SDK Slight smile 

Children
No Data
Related
Terms of service