Enabled uVisor secure mode for K64F

features/FEATURE_UVISOR/AUTHORS.txt

@@ -1,7 +1,7 @@
-   519	Milosch Meriac
-   420	Alessandro Angelino
-    16	Niklas Hauser
-    15	Jaeden Amero
+   523	Milosch Meriac
+   422	Alessandro Angelino
+    17	Niklas Hauser
+    16	Jaeden Amero
      3	Hugo Vincent
      3	JaredCJR
      3	Jim Huang

features/FEATURE_UVISOR/VERSION.txt

@@ -1 +1 @@
-v0.9.14-alpha
+v0.9.14-alpha-8-g1f0a4b9b181476c65d396838d61465ea5363e23b

features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_nvic_virtual.h

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __UVISOR_API_NVIC_VIRTUAL_H__
+#define __UVISOR_API_NVIC_VIRTUAL_H__
+
+#include "api/inc/interrupts.h"
+
+#define NVIC_SetPriorityGrouping    __NVIC_SetPriorityGrouping
+#define NVIC_GetPriorityGrouping    __NVIC_GetPriorityGrouping
+#define NVIC_EnableIRQ              vIRQ_EnableIRQ
+#define NVIC_DisableIRQ             vIRQ_DisableIRQ
+#define NVIC_GetPendingIRQ          vIRQ_GetPendingIRQ
+#define NVIC_SetPendingIRQ          vIRQ_SetPendingIRQ
+#define NVIC_ClearPendingIRQ        vIRQ_ClearPendingIRQ
+#define NVIC_GetActive              __NVIC_GetActive
+#define NVIC_SetPriority            vIRQ_SetPriority
+#define NVIC_GetPriority            vIRQ_GetPriority
+
+#endif /* __UVISOR_API_NVIC_VIRTUAL_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_vectab_virtual.h

@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __UVISOR_API_VECTAB_VIRTUAL_H__
+#define __UVISOR_API_VECTAB_VIRTUAL_H__
+
+#include "api/inc/interrupts.h"
+
+#define NVIC_SetVector              vIRQ_SetVector
+#define NVIC_GetVector              vIRQ_GetVector
+
+#endif /* __UVISOR_API_VECTAB_VIRTUAL_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway.h

@@ -60,16 +60,17 @@
  *
  * @param box_name[in]  The name of the source box as decalred in
  *                      `UVISOR_BOX_CONFIG`.
+ * @param shared[in]    Whether the gateway can be shared with other boxes or
+ *                      not. Two values are available: UVISOR_RGW_SHARED,
+ *                      UVISOR_RGW_EXCLUSIVE.
  * @param addr[in]      The address for the data access.
  * @param operation[in] The operation to perform at the address for the read. It
  *                      is chosen among the `UVISOR_RGW_OP_*` macros.
- * @param shared[in]    True if the gateway can be performed by any box. In this
- *                      case, the box_name field does not guarantee exclusivity.
  * @param mask[in]      The mask to apply for the read operation.
  * @returns The value read from address using the operation and mask provided
  * (or their respective defaults if they have not been provided).
  */
-#define uvisor_read(box_name, addr, op, shared, msk) \
+#define uvisor_read(box_name, shared, addr, op, msk) \
     ({ \
         /* Instanstiate the gateway. This gets resolved at link-time. */ \
         __attribute__((aligned(4))) static TRegisterGateway const register_gateway = { \
@@ -106,15 +107,16 @@
  *
  * @param box_name[in]  The name of the source box as decalred in
  *                      `UVISOR_BOX_CONFIG`.
+ * @param shared[in]    Whether the gateway can be shared with other boxes or
+ *                      not. Two values are available: UVISOR_RGW_SHARED,
+ *                      UVISOR_RGW_EXCLUSIVE.
  * @param addr[in]      The address for the data access.
  * @param val[in]       The value to write at address.
  * @param operation[in] The operation to perform at the address for the read. It
  *                      is chosen among the `UVISOR_RGW_OP_*` macros.
- * @param shared[in]    True if the gateway can be performed by any box. In this
- *                      case, the box_name field does not guarantee exclusivity.
  * @param mask[in]      The mask to apply for the write operation.
  */
-#define uvisor_write(box_name, addr, val, op, shared, msk) \
+#define uvisor_write(box_name, shared, addr, val, op, msk) \
     { \
         /* Instanstiate the gateway. This gets resolved at link-time. */ \
         __attribute__((aligned(4))) static TRegisterGateway const register_gateway = { \
@@ -143,77 +145,95 @@
 /** Get the selected bits at the target address.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Target address
  * @param mask[in]     Bits to select out of the target address
  * @returns The value `*address & mask`.
  */
-#define UVISOR_BITS_GET(box_name, address, mask) \
+#define UVISOR_BITS_GET(box_name, shared, address, mask) \
     /* Register gateway implementation:
      * *address & mask */ \
-    uvisor_read(box_name, address, UVISOR_RGW_OP_READ_AND, false, mask)
+    uvisor_read(box_name, shared, address, UVISOR_RGW_OP_READ_AND, mask)
 
 /** Check the selected bits at the target address.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Address at which to check the bits
  * @param mask[in]     Bits to select out of the target address
- * @returns The value `(bool) (*address & mask) == mask)`.
+ * @returns The value `((*address & mask) == mask)`.
  */
-#define UVISOR_BITS_CHECK(box_name, address, mask) \
-    ((bool) (UVISOR_BITS_GET(box_name, address, mask) == mask))
+#define UVISOR_BITS_CHECK(box_name, shared, address, mask) \
+    ((UVISOR_BITS_GET(box_name, shared, address, mask)) == (mask))
 
 /** Set the selected bits to 1 at the target address.
  *
  * Equivalent to: `*address |= mask`.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Target address
  * @param mask[in]     Bits to select out of the target address
  */
-#define UVISOR_BITS_SET(box_name, address, mask) \
+#define UVISOR_BITS_SET(box_name, shared, address, mask) \
     /* Register gateway implementation:
      * *address |= (mask & mask) */ \
-    uvisor_write(box_name, address, mask, UVISOR_RGW_OP_WRITE_OR, false, mask)
+    uvisor_write(box_name, shared, address, mask, UVISOR_RGW_OP_WRITE_OR, mask)
 
 /** Clear the selected bits at the target address.
  *
  * Equivalent to: `*address &= ~mask`.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Target address
  * @param mask[in]     Bits to select out of the target address
  */
-#define UVISOR_BITS_CLEAR(box_name, address, mask) \
+#define UVISOR_BITS_CLEAR(box_name, shared, address, mask) \
     /* Register gateway implementation:
      * *address &= (0x00000000 | ~mask) */ \
-    uvisor_write(box_name, address, 0x00000000, UVISOR_RGW_OP_WRITE_AND, false, mask)
+    uvisor_write(box_name, shared, address, 0x00000000, UVISOR_RGW_OP_WRITE_AND, mask)
 
 /** Set the selected bits at the target address to the given value.
  *
  * Equivalent to: `*address = (*address & ~mask) | (value & mask)`.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Target address
  * @param mask[in]     Bits to select out of the target address
  * @param value[in]    Value to write at the address location. Note: The value
  *                     must be already shifted to the correct bit position
  */
-#define UVISOR_BITS_SET_VALUE(box_name, address, mask, value) \
+#define UVISOR_BITS_SET_VALUE(box_name, shared, address, mask, value) \
     /* Register gateway implementation:
      * *address = (*address & ~mask) | (value & mask) */ \
-    uvisor_write(box_name, address, value, UVISOR_RGW_OP_WRITE_REPLACE, false, mask)
+    uvisor_write(box_name, shared, address, value, UVISOR_RGW_OP_WRITE_REPLACE, mask)
 
 /** Toggle the selected bits at the target address.
  *
  * Equivalent to: `*address ^= mask`.
  * @param box_name[in] Box name as defined by the uVisor box configuration
  *                     macro `UVISOR_BOX_CONFIG`
+ * @param shared[in]   Whether the gateway can be shared with other boxes or
+ *                     not. Two values are available: UVISOR_RGW_SHARED,
+ *                     UVISOR_RGW_EXCLUSIVE.
  * @param address[in]  Target address
  * @param mask[in]     Bits to select out of the target address
  */
-#define UVISOR_BITS_TOGGLE(box_name, address, mask) \
+#define UVISOR_BITS_TOGGLE(box_name, shared, address, mask) \
     /* Register gateway implementation:
      * *address ^= (0xFFFFFFFF & mask) */ \
-    uvisor_write(box_name, address, 0xFFFFFFFF, UVISOR_RGW_OP_WRITE_XOR, false, mask)
+    uvisor_write(box_name, shared, address, 0xFFFFFFFF, UVISOR_RGW_OP_WRITE_XOR, mask)
 
 #endif /* __UVISOR_API_REGISTER_GATEWAY_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway_exports.h

@@ -79,6 +79,10 @@ typedef struct {
                  (((uint16_t) (width) << __UVISOR_RGW_OP_WIDTH_POS) & __UVISOR_RGW_OP_WIDTH_MASK) | \
                  (((uint16_t) (shared) << __UVISOR_RGW_OP_SHARED_POS) & __UVISOR_RGW_OP_SHARED_MASK)))
 
+/** Register gateway operation - Shared */
+#define UVISOR_RGW_SHARED    1
+#define UVISOR_RGW_EXCLUSIVE 0
+
 /** Register gateway operation - Type */
 #define UVISOR_RGW_OP_READ          0 /**< value = *address */
 #define UVISOR_RGW_OP_READ_AND      1 /**< value = *address & mask */

hal/common/critical.c

@@ -53,9 +53,14 @@ void core_util_critical_section_enter()
        are enabled, then something has gone badly wrong thus assert an error.
     */
     MBED_ASSERT(interrupt_enable_counter < UINT32_MAX); 
+// FIXME
+#ifndef   FEATURE_UVISOR
     if (interrupt_enable_counter > 0) {
         MBED_ASSERT(interrupts_disabled & 0x1);
     }
+#else
+#warning "core_util_critical_section_enter needs fixing to work from unprivileged code"
+#endif /* FEATURE_UVISOR */
     interrupt_enable_counter++;
 }
 
@@ -64,9 +69,14 @@ void core_util_critical_section_exit()
     /* If critical_section_enter has not previously been called, do nothing */
     if (interrupt_enable_counter) {
 
+// FIXME
+#ifndef   FEATURE_UVISOR
         uint32_t interrupts_disabled = get_interrupts_disabled(); /* get the current interrupt disabled state */
 
         MBED_ASSERT(interrupts_disabled & 0x1); /* Interrupts must be disabled on invoking an exit from a critical section */
+#else
+#warning "core_util_critical_section_exit needs fixing to work from unprivileged code"
+#endif /* FEATURE_UVISOR */
 
         interrupt_enable_counter--;
 

hal/targets/cmsis/TARGET_Freescale/TARGET_K64F/TOOLCHAIN_GCC_ARM/MK64FN1M0xxx12.ld

@@ -90,7 +90,11 @@ SECTIONS
   } > m_flash_config
 
   /* The program code and other data goes into internal flash */
-  .text :
+  /* Note: The uVisor expects this section at a fixed location, as specified by
+   * the porting process configuration parameter: FLASH_OFFSET. */
+  __UVISOR_TEXT_OFFSET = 0x410;
+  __UVISOR_TEXT_START = ORIGIN(m_interrupts) + __UVISOR_TEXT_OFFSET;
+  .text __UVISOR_TEXT_START :
   {
     /* uVisor code and data */
     . = ALIGN(4);
@@ -200,7 +204,7 @@ SECTIONS
   __UVISOR_BSS_START = ORIGIN(m_data) + __UVISOR_SRAM_OFFSET;
   ASSERT(__interrupts_ram_end__ <= __UVISOR_BSS_START,
          "The ISR relocation region overlaps with the uVisor BSS section.")
-  .uvisor.bss (NOLOAD):
+  .uvisor.bss __UVISOR_BSS_START (NOLOAD):
   {
     . = ALIGN(32);
     __uvisor_bss_start = .;

hal/targets/cmsis/TARGET_Freescale/TARGET_K64F/cmsis_nvic.c

@@ -32,11 +32,11 @@
 
 extern void InstallIRQHandler(IRQn_Type irq, uint32_t irqHandler);
 
-void NVIC_SetVector(IRQn_Type IRQn, uint32_t vector) {
+void __NVIC_SetVector(IRQn_Type IRQn, uint32_t vector) {
     InstallIRQHandler(IRQn, vector);
 }
 
-uint32_t NVIC_GetVector(IRQn_Type IRQn) {
+uint32_t __NVIC_GetVector(IRQn_Type IRQn) {
     uint32_t *vectors = (uint32_t*)SCB->VTOR;
     return vectors[IRQn + 16];
 }

hal/targets/cmsis/TARGET_Freescale/TARGET_K64F/cmsis_nvic.h

@@ -41,8 +41,8 @@
 extern "C" {
 #endif
 
-void NVIC_SetVector(IRQn_Type IRQn, uint32_t vector);
-uint32_t NVIC_GetVector(IRQn_Type IRQn);
+void __NVIC_SetVector(IRQn_Type IRQn, uint32_t vector);
+uint32_t __NVIC_GetVector(IRQn_Type IRQn);
 
 #ifdef __cplusplus
 }