Core: Enable SPE preemption by NSPE
Enable Non-secure interrupts to preempt Secure thread mode.
This is done by not disabling Non-secure interrupts when entering
Secure service.
Change-Id: I99ab50b153e60ed68f67aa4d1f1cb033a6c8c022
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/docs/user_guides/tfm_integration_guide.rst b/docs/user_guides/tfm_integration_guide.rst
index 5d0e80d..df8a87a 100644
--- a/docs/user_guides/tfm_integration_guide.rst
+++ b/docs/user_guides/tfm_integration_guide.rst
@@ -125,6 +125,17 @@
See
:doc:`ns client identification documentation <tfm_ns_client_identification>`.
+*********************
+Non-secure interrupts
+*********************
+Non-secure interrupts are allowed to preempt Secure thread mode.
+With the current implementation, a NSPE task can spoof the identity of another
+NSPE task. This is an issue only when NSPE has provisions for task isolation.
+Note, that ``AIRCR.PRIS`` is still set to restrict the priority range available
+to NS interrupts to the lower half of available priorities so that it wouldn't
+be possible for any non-secure interrupt to preempt a higher-priority secure
+interrupt.
+
--------------
*Copyright (c) 2017-2019, Arm Limited. All rights reserved.*
diff --git a/secure_fw/core/secure_utilities.h b/secure_fw/core/secure_utilities.h
index d367fe8..875310a 100644
--- a/secure_fw/core/secure_utilities.h
+++ b/secure_fw/core/secure_utilities.h
@@ -25,11 +25,6 @@
#define EXC_NUM_PENDSV (14)
#define EXC_NUM_SYSTICK (15)
-/* Disable NS exceptions by setting NS PRIMASK to 1 */
-#define TFM_NS_EXC_DISABLE() __TZ_set_PRIMASK_NS(1)
-/* Enable NS exceptions by setting NS PRIMASK to 0 */
-#define TFM_NS_EXC_ENABLE() __TZ_set_PRIMASK_NS(0)
-
struct tfm_exc_stack_t {
uint32_t R0;
uint32_t R1;
diff --git a/secure_fw/core/tfm_func_api.c b/secure_fw/core/tfm_func_api.c
index 2edb3b6..e2423af 100644
--- a/secure_fw/core/tfm_func_api.c
+++ b/secure_fw/core/tfm_func_api.c
@@ -258,17 +258,6 @@
return TFM_SECURE_LOCK_FAILED;
}
- if ((caller_flags & SPM_PART_FLAG_APP_ROT) == 0) {
- /* Disable NS exception handling while secure service is running.
- * FixMe:
- * This restriction is applied to limit the number of possible attack
- * vectors.
- * To be removed when pre-emption and context management issues have
- * been analysed and resolved.
- */
- TFM_NS_EXC_DISABLE();
- }
-
partition_idx = get_partition_idx(desc_ptr->sp_id);
curr_part_data = tfm_spm_partition_get_runtime_data(partition_idx);
@@ -448,15 +437,6 @@
tfm_secure_lock--;
- if ((return_partition_flags & SPM_PART_FLAG_APP_ROT) == 0) {
- /* Re-enable NS exceptions when secure service returns to NS client.
- * FixMe:
- * To be removed when pre-emption and context management issues have
- * been analysed and resolved.
- */
- TFM_NS_EXC_ENABLE();
- }
-
#if (TFM_LVL != 1) && (TFM_LVL != 2)
/* Deconfigure completed partition environment */
tfm_spm_partition_sandbox_deconfig(current_partition_idx);