diff --git a/cmsis/TARGET_CORTEX_M/core_cmSecureAccess.h b/cmsis/TARGET_CORTEX_M/core_cmSecureAccess.h index 4903efd..1fa367b 100644 --- a/cmsis/TARGET_CORTEX_M/core_cmSecureAccess.h +++ b/cmsis/TARGET_CORTEX_M/core_cmSecureAccess.h @@ -41,86 +41,6 @@ /* ########################### Core Secure Access ########################### */ -#ifdef FEATURE_UVISOR -#include "uvisor-lib/uvisor-lib.h" - -/* Secure uVisor implementation. */ - -/** Set the value at the target address. - * - * Equivalent to: `*address = value`. - * @param address[in] Target address - * @param value[in] Value to write at the address location. - */ -#define SECURE_WRITE(address, value) \ - uvisor_write(public_box, UVISOR_RGW_SHARED, address, value, UVISOR_RGW_OP_WRITE, 0xFFFFFFFFUL) - -/** Get the value at the target address. - * - * @param address[in] Target address - * @returns The value `*address`. - */ -#define SECURE_READ(address) \ - uvisor_read(public_box, UVISOR_RGW_SHARED, address, UVISOR_RGW_OP_READ, 0xFFFFFFFFUL) - -/** Get the selected bits at the target address. - * - * @param address[in] Target address - * @param mask[in] Bits to select out of the target address - * @returns The value `*address & mask`. - */ -#define SECURE_BITS_GET(address, mask) \ - UVISOR_BITS_GET(public_box, UVISOR_RGW_SHARED, address, mask) - -/** Check the selected bits at the target address. - * - * @param address[in] Address at which to check the bits - * @param mask[in] Bits to select out of the target address - * @returns The value `((*address & mask) == mask)`. - */ -#define SECURE_BITS_CHECK(address, mask) \ - UVISOR_BITS_CHECK(public_box, UVISOR_RGW_SHARED, address, mask) - -/** Set the selected bits to 1 at the target address. - * - * Equivalent to: `*address |= mask`. - * @param address[in] Target address - * @param mask[in] Bits to select out of the target address - */ -#define SECURE_BITS_SET(address, mask) \ - UVISOR_BITS_SET(public_box, UVISOR_RGW_SHARED, address, mask) - -/** Clear the selected bits at the target address. - * - * Equivalent to: `*address &= ~mask`. - * @param address[in] Target address - * @param mask[in] Bits to select out of the target address - */ -#define SECURE_BITS_CLEAR(address, mask) \ - UVISOR_BITS_CLEAR(public_box, UVISOR_RGW_SHARED, address, mask) - -/** Set the selected bits at the target address to the given value. - * - * Equivalent to: `*address = (*address & ~mask) | (value & mask)`. - * @param address[in] Target address - * @param mask[in] Bits to select out of the target address - * @param value[in] Value to write at the address location. Note: The value - * must be already shifted to the correct bit position - */ -#define SECURE_BITS_SET_VALUE(address, mask, value) \ - UVISOR_BITS_SET_VALUE(public_box, UVISOR_RGW_SHARED, address, mask, value) - -/** Toggle the selected bits at the target address. - * - * Equivalent to: `*address ^= mask`. - * @param address[in] Target address - * @param mask[in] Bits to select out of the target address - */ -#define SECURE_BITS_TOGGLE(address, mask) \ - UVISOR_BITS_TOGGLE(public_box, UVISOR_RGW_SHARED, address, mask) - -#else - /* Insecure fallback implementation. */ /** Set the value at the target address. @@ -196,6 +116,4 @@ #define SECURE_BITS_TOGGLE(address, mask) \ *(address) ^= (mask) -#endif - #endif /* __CORE_CM_SECURE_ACCESS_H */ diff --git a/doxyfile_options b/doxyfile_options index b3d9e2b..e13a842 100644 --- a/doxyfile_options +++ b/doxyfile_options @@ -846,7 +846,6 @@ */features/storage/* \ */features/unsupported/* \ */features/lwipstack/* \ - */features/FEATURE_UVISOR/* \ */features/nanostack/sal-stack-nanostack/* \ */features/nanostack/coap-service/* \ */mbed-trace/* \ diff --git a/doxygen_options.json b/doxygen_options.json index 971748f..2d6936f 100644 --- a/doxygen_options.json +++ b/doxygen_options.json @@ -10,5 +10,5 @@ "EXPAND_AS_DEFINED": "", "SKIP_FUNCTION_MACROS": "NO", "STRIP_CODE_COMMENTS": "NO", - "EXCLUDE_PATTERNS": "*/tools/* */targets/* */features/mbedtls/* */features/storage/* */features/unsupported/* */BUILD/* */rtos/TARGET_CORTEX/rtx*/* */cmsis/* */features/lwipstack/* */features/FEATURE_UVISOR/* */nanostack/sal-stack-nanostack/* */nanostack/coap-service/* */ble/generic/* */ble/pal/* */mbed-trace/* */mbed-coap/* */nanostack-libservice/* */mbed-client-randlib/* */nanostack/sal-stack-nanostack-eventloop/*" + "EXCLUDE_PATTERNS": "*/tools/* */targets/* */features/mbedtls/* */features/storage/* */features/unsupported/* */BUILD/* */rtos/TARGET_CORTEX/rtx*/* */cmsis/* */features/lwipstack/* */nanostack/sal-stack-nanostack/* */nanostack/coap-service/* */ble/generic/* */ble/pal/* */mbed-trace/* */mbed-coap/* */nanostack-libservice/* */mbed-client-randlib/* */nanostack/sal-stack-nanostack-eventloop/*" } diff --git a/features/FEATURE_UVISOR/AUTHORS.txt b/features/FEATURE_UVISOR/AUTHORS.txt deleted file mode 100644 index 9e06c94..0000000 --- a/features/FEATURE_UVISOR/AUTHORS.txt +++ /dev/null @@ -1,26 +0,0 @@ - 600 Alessandro Angelino - 592 Milosch Meriac - 213 Jaeden Amero - 89 Niklas Hauser - 27 Fangyi Zhou - 17 Michael Schwarcz - 9 Irit Arkin - 8 Alexander Zilberkant - 7 Amir Cohen - 6 Roman Kuznetsov - 5 Amanda Butler - 4 Oren Cohen - 3 AnotherButler - 3 Danny Shavit - 3 Hugo Vincent - 3 Jan Jongboom - 3 JaredCJR - 3 Jim Huang - 2 Jethro Hsu - 2 Nathan Chong - 2 Vincenzo Frascino - 2 ccli8 - 2 tonyyanxuan - 1 Aksel Skauge Mellbye - 1 Michael Bartling - 1 Russ Butler diff --git a/features/FEATURE_UVISOR/README.md b/features/FEATURE_UVISOR/README.md deleted file mode 100644 index f458f24..0000000 --- a/features/FEATURE_UVISOR/README.md +++ /dev/null @@ -1,487 +0,0 @@ -# Getting started guide for uVisor on mbed OS - -This guide will help you start uVisor on mbed OS by showing you how to create a sample application for the NXP FRDM-K64F board. - -The uVisor provides sandboxed environments and resources protection for applications built for ARM Cortex-M3 and Cortex-M4 devices. This guide will show you how to enable the uVisor and configure a secure box to access some exclusive resources (memory, peripherals, interrupts). For more information about the uVisor design philosophy, please see the uVisor [introductory document](../../README.md). - -## Requirements - -To run the `blinky` application on mbed OS with uVisor enabled, you need: - -- A platform and a toolchain that uVisor on mbed OS supports. You can verify this on [the official list](../README.md#supported-platforms). If uVisor supports your platform internally but not on mbed OS, the porting process is incomplete. To port your platform to uVisor and enable it on mbed OS, please follow the [uVisor porting guide for mbed OS](../core/PORTING.md). -- Git. -- mbed CLI. Run `pip install mbed-cli` to install it. - -The remainder of this guide assumes: - -- You are developing on a \*nix machine in the `~/code` folder. -- You are building the app for the [NXP FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) target with the [GNU ARM Embedded Toolchain](https://launchpad.net/gcc-arm-embedded). - -You can use these instructions as guidelines in the case of other targets on other host OSs. - -## Start with the `blinky` app -[Go to top](#overview) - -Create a new mbed application called `uvisor-example` by running the following commands: - -```bash -$ cd ~/code -$ mbed new uvisor-example -$ cd uvisor-example -``` - -The mbed CLI tools automatically fetch the mbed codebase. By default, Git tracks your code changes, so you can push your application to a Git server if you want to. - -Once the import process finishes, create a `source` folder: -```bash -$ mkdir ~/code/uvisor-example/source -``` -Place a new file `main.cpp` in it: - -```C -/* ~/code/uvisor-example/source/main.cpp */ - -#include "mbed.h" - -DigitalOut led(LED1); - -int main(void) -{ - while (true) { - led = !led; - wait(0.5); - } -} -``` - -This application blinks an LED from the main thread, which the OS creates by default. - ---- - -**Checkpoint** - -Compile the application: - -```bash -$ mbed compile -m K64F -t GCC_ARM -``` - -The resulting binary is located at: - -```bash -~/code/uvisor-example/BUILD/K64F/GCC_ARM/uvisor-example.bin -``` - -Drag and drop it onto the USB device mounted on your computer to flash the device. When the flashing process is complete, press the reset button on the device. The device's LED blinks. - -## Enable uVisor -[Go to top](#overview) - -To enable the uVisor on the app, add these lines to the beginning of the `main.cpp` file: - -```C -/* ~/code/uvisor-example/source/main.cpp */ - -#include "mbed.h" -#include "uvisor-lib/uvisor-lib.h" - -/* Public box Access Control Lists (ACLs). */ -/* Note: These are specific to the NXP FRDM-K64F board. See the section below - * for more information. */ -static const UvisorBoxAclItem g_public_box_acls[] = { - /* For the LED */ - {SIM, sizeof(*SIM), UVISOR_TACLDEF_PERIPH}, - {PORTB, sizeof(*PORTB), UVISOR_TACLDEF_PERIPH}, - - /* For messages printed on the serial port */ - {OSC, sizeof(*OSC), UVISOR_TACLDEF_PERIPH}, - {MCG, sizeof(*MCG), UVISOR_TACLDEF_PERIPH}, - {UART0, sizeof(*UART0), UVISOR_TACLDEF_PERIPH}, - {PIT, sizeof(*PIT), UVISOR_TACLDEF_PERIPH}, -}; - -/* Enable uVisor, using the ACLs we just created. */ -UVISOR_SET_MODE_ACL(UVISOR_ENABLED, g_public_box_acls); - -/* Rest of the existing code */ -... -``` - -In the code above, we specified two elements: - -1. Public box Access Control Lists (ACLs). With uVisor enabled, everything runs in unprivileged mode, so make sure the public box and peripherals the OS accesses are allowed. These peripherals are specified using a list like the one in the snippet above. This example provides the list of all the ACLs you need. For other platforms or other applications, you need to determine those ACLs following the process in [The main box ACLs](#the-main-box-acls). -1. App-specific uVisor configurations: `UVISOR_SET_MODE_ACL`. This macro sets the uVisor mode (enabled) and associates the list of ACLs you just created with the public box. - -Before compiling, you need to override the original `K64F` target to enable the uVisor feature. To do so, add the file `~/code/uvisor-example/mbed_app.json` with the following content: - -```JSON -{ - "target_overrides": { - "*": { - "target.features_add": ["UVISOR"], - "target.extra_labels_add": ["UVISOR_SUPPORTED"] - } - }, - "macros": [ - "FEATURE_UVISOR=1", - "TARGET_UVISOR_SUPPORTED=1" - ] -} -``` - -The macros `FEATURE_UVISOR` and `TARGET_UVISOR_SUPPORTED` in the configuration file above are automatically defined for C and C++ files but not for assembly files. Because the uVisor relies on those symbols in some assembly code, you need to define them manually. - ---- - -**Checkpoint** - -Compile the application again. This time, the `K64F` target includes the new features and labels you provided in `mbed_app.json`; - -```bash -$ mbed compile -m K64F -t GCC_ARM -``` - -The binary is located at: - -```bash -~/code/uvisor-example/BUILD/K64F/GCC_ARM/uvisor-example.bin -``` - -Reflash the device, and press the reset button. The device LED blinks as in the previous case. - ---- - -If you enable uVisor in the `blinky` app as it was written above, you do not get any particular security feature. All code and resources share the same security context, which we call the *public box*. - -A lot happens unseen, though. All the user code now runs in unprivileged mode, and the systems services, such as the `NVIC` APIs and the OS SVCalls, are routed through the uVisor. - -## Add a secure box -[Go to top](#overview) - -Now that uVisor is enabled, you can finally add a *secure box*. - -A secure box is a special compartment with exclusive access to peripherals, memories and interrupts. Private resources are only accessible when the *context* of the secure box is active. The uVisor is the only one that can enable a secure box context, for example upon thread switching or interrupt handling. - -uVisor does not obfuscate code that belongs to a box, so it is still readable and executable from outside of the box. In addition, declaring an object in the same file that configures a secure box does not protect that object automatically. - -Instead, we provide specific APIs to instruct the uVisor to protect a private resource. The `uvisor-example` app will show how to use these APIs. - -### Configure the secure box - -For this example, we want to create a secure box called `private_button`. The `private_button` box has exclusive access to the push-button on the NXP FRDM-K64F board, which means that other boxes cannot access its corresponding peripheral. - -Each secure box must have at least one thread, which we call the box's main thread. In our `private_button` box, we only use this thread throughout the whole program. The thread runs every second and counts the number of times it has been called between two button presses. The thread count is saved in a variable private to the box. Whenever we press the `SW2` button on the board, the current thread count is stored into a private buffer and restarts. For debug purposes, the program prints the content of the buffer every time it fills up. - -You want the box to have exclusive access to the following resources: - -- The push-button peripheral (as specified by a peripheral ACL). Nobody else should be able to access the push-button port. -- The push-button interrupt (as specified by an IRQ ACL). You want the button IRQ to reroute to our box-specific ISR. -- The private dynamically allocated buffer (as specified by a dynamic memory ACL). -- The private variables (as specified by a static memory ACL). - -Create a new source file, `~/code/uvisor-example/source/secure_box.cpp`. You will configure the secure box inside this file. The secure box name for this example is `private_button`. - -```C -/* ~/code/uvisor-example/source/secure_box.cpp */ - -#include "mbed.h" -#include "uvisor-lib/uvisor-lib.h" - -/* Private static memory for the secure box */ -typedef struct { - uint32_t * buffer; /* Static private memory, pointing to dynamically allocated private memory */ - uint32_t counter; /* Static private memory */ - int index; /* Static private memory */ - RawSerial * pc; /* Static private memory, pointing to dynamically allocated private memory */ -} PrivateButtonStaticMemory; - -/* ACLs list for the secure box: Timer (PIT). */ -static const UvisorBoxAclItem g_private_button_acls[] = { - {PORTC, sizeof(*PORTC), UVISOR_TACLDEF_PERIPH}, /* Private peripheral */ - {(void *) PORTC_IRQn, 0, UVISOR_TACL_IRQ}, /* Private IRQ */ -}; - -static void private_button_main_thread(const void *); - -/* Secure box configuration */ -UVISOR_BOX_NAMESPACE(NULL); /* We won't specify a box namespace for this example. */ -UVISOR_BOX_HEAPSIZE(4096); /* Heap size for the secure box */ -UVISOR_BOX_MAIN(private_button_main_thread, /* Main thread for the secure box */ - osPriorityNormal, /* Priority of the secure box's main thread */ - 1024); /* Stack size for the secure box's main thread */ -UVISOR_BOX_CONFIG(private_button, /* Name of the secure box */ - g_private_button_acls, /* ACLs list for the secure box */ - 1024, /* Stack size for the secure box */ - PrivateButtonStaticMemory); /* Private static memory for the secure box. */ -``` - -### Create the secure box's main thread function - -In general, you can decide what to do in your box's main thread. You can run it once and then stop it or use it to configure memories or peripherals or to create other threads. In this app, the box's main thread is the only thread for the `private_button` box, and it runs throughout the program. - -The `private_button_main_thread` function configures the push-button to trigger an interrupt when pressed, allocates the dynamic buffer to hold the thread count values and initializes its private static memory, `PrivateButtonStaticMemory`. A spinning loop updates the counter value every second. - -```C -/* ~/code/uvisor-example/source/secure_box.cpp */ - -/* The previous code goes here. */ -... - -#define uvisor_ctx ((PrivateButtonStaticMemory *) __uvisor_ctx) - -#define PRIVATE_BUTTON_BUFFER_COUNT 8 - -static void private_button_on_press(void) -{ - /* Store the thread count into the buffer and reset it. */ - uvisor_ctx->buffer[uvisor_ctx->index] = uvisor_ctx->counter; - uvisor_ctx->counter = 0; - - /* Update the index. Behave as a circular buffer. */ - if (uvisor_ctx->index < PRIVATE_BUTTON_BUFFER_COUNT - 1) { - uvisor_ctx->index++; - } else { - uvisor_ctx->index = 0; - - /* For debug purposes: Print the content of the buffer. */ - uvisor_ctx->pc->printf("Thread count between button presses: "); - for (int i = 0; i < PRIVATE_BUTTON_BUFFER_COUNT; ++i) { - uvisor_ctx->pc->printf("%lu ", uvisor_ctx->buffer[i]); - } - uvisor_ctx->pc->printf("\n"); - } - -} - -/* Main thread for the secure box */ -static void private_button_main_thread(const void *) -{ - /* Allocate serial port to ensure that code in this secure box - * won't touch handle in the default security context when printing */ - if (!(uvisor_ctx->pc = new RawSerial(USBTX, USBRX))) { - return; - } - - /* Create the buffer and cache its pointer to the private static memory. */ - uvisor_ctx->buffer = (uint32_t *) malloc(PRIVATE_BUTTON_BUFFER_COUNT * sizeof(uint32_t)); - if (uvisor_ctx->buffer == NULL) { - uvisor_ctx->pc->printf("ERROR: Failed to allocate memory for the button buffer\n"); - mbed_die(); - } - uvisor_ctx->index = 0; - uvisor_ctx->counter = 0; - - /* Setup the push-button callback. */ - InterruptIn button(SW2); /* Private IRQ */ - button.mode(PullUp); - button.fall(&private_button_on_press); - - /* Increment the private counter every second. */ - while (1) { - uvisor_ctx->counter++; - wait(1.0); - } -} -``` - -A few things to note in the code above: - -- If code runs in the context of `private_button`, then any object instantiated inside that code belongs to the `private_button` heap and stack. This means that in the example above, the `InterruptIn` object is private to the `private_button` box. The same applies to the dynamically allocated buffer `uvisor_ctx->buffer`. -- You can access the content of the private memory `PrivateButtonStaticMemory` using the `void * const __uvisor_ctx` pointer, which uVisor maintains. You need to cast this pointer to your own context type. In this example we used a pre-processor symbol to improve readability. -- The `InterruptIn` object triggers the registration of an interrupt slot using the NVIC APIs. If you want to use the IRQ APIs directly, read the [NVIC APIs section](#the-nvic-apis) below. We registered the push-button IRQ to the `private_button` box through an IRQ ACL, and hence only code from this box can access it. Changing the push-button IRQ state from the public box causes a uVisor fault. -- Even if the `private_button_on_press` function runs in the context of `private_button`, you can still use the `printf` function, which accesses the `UART0` peripheral, owned by the public box. This is because all ACLs declared in the public box are by default shared with all the other secure boxes. This also means that the messages we are printing on the serial port are not secure because other boxes have access to that peripheral. - -> **Warning**: Instantiating an object in the `secure_box.cpp` global scope automatically maps it to the public box context, not the `private_button` one. If you want an object to be private to a box, you need to instantiate it inside the code that runs in the context of that box (such as the `InterruptIn` object), or alternatively statically initialize it in the box private static memory (such as the `buffer`, `index` and `counter` variables in `PrivateButtonStaticMemory`). - ---- - -**Checkpoint** - -Compile the application again: - -```bash -$ mbed compile -m K64F -t GCC_ARM -``` - -Reflash the device, and press the reset button. The device LED blinks. - -If the LED doens't blink, it means the application halted somewhere, probably because uVisor captured a fault. You can set up the uVisor debug messages to see if there is a problem. See [Debugging uVisor on mbed OS](DEBUGGING.md) for a step-by-step guide. - -If the LED is blinking, the app is running correctly. If you press the `SW2` button on the NXP FRDM-K64F board, the `private_button_on_press` function executes, printing the values in the timer buffer after `PRIVATE_BUTTON_BUFFER_COUNT` presses. You can observe these values by opening a serial port connection to the device, with a baud rate of 9600. - -## Expose public secure entry points to the secure box -[Go to top](#overview) - -So far, the code in the secure box cannot communicate to other boxes. To let other boxes call functions in our secure box, you can define public secure entry points. These entry points can map to private functions within the context of a secure box, and an RPC protocol automatically serializes the arguments and return values to ensure no private memory can leak to external boxes. - -You can define a public secure entry point to retrieve the index value from the secure box. This index value increases every time you press the `SW2` button. - -### Defining a secure entry point - -Create a new source file, `~/code/uvisor-example/source/secure_box.h`, where you will define the functions that you can call through RPC. - -```cpp -/* ~/code/uvisor-example/source/secure_box.h */ - -#ifndef SECURE_BOX_H_ -#define SECURE_BOX_H_ - -#include "uvisor-lib/uvisor-lib.h" - -UVISOR_EXTERN int (*secure_get_index)(void); - -#endif -``` - -### Implementing a secure entry point - -Now that you have defined the secure entry point, you can map the entry point to a function running in the secure box. You can do this through the `UVISOR_BOX_RPC_GATEWAY_SYNC` macro. Open `~/code/uvisor-example/source/secure_box.cpp`, and replace the line with `#define PRIVATE_BUTTON_BUFFER_COUNT 8` by: - -```cpp -/* ~/code/uvisor-example/source/secure_box.cpp */ - -/* Function called through RPC */ -static int get_index() { - /* Access to private memory here */ - return uvisor_ctx->index; -} - -UVISOR_BOX_RPC_GATEWAY_SYNC (private_button, secure_get_index, get_index, int, void); - - #define PRIVATE_BUTTON_BUFFER_COUNT 8 -``` - -### Listening for RPC messages - -To receive RPC messages, you need to spin up a new thread, running in the secure box context. You can do this in the main thread of the secure box. In `~/code/uvisor-example/source/secure_box.cpp`, replace the first five lines of `private_button_main_thread` with: - -```cpp -/* ~/code/uvisor-example/source/secure_box.cpp */ - -static void listen_for_rpc() { - /* List of functions to wait for */ - static const TFN_Ptr my_fn_array[] = { - (TFN_Ptr) get_index - }; - - while (1) { - int caller_id; - int status = rpc_fncall_waitfor(my_fn_array, 1, &caller_id, UVISOR_WAIT_FOREVER); - - if (status) { - uvisor_error(USER_NOT_ALLOWED); - } - } -} - -/* Main thread for the secure box */ -static void private_button_main_thread(const void *) -{ - /* allocate serial port to ensure that code in this secure box - * won't touch handle in the default security context when printing */ - if (!(uvisor_ctx->pc = new RawSerial(USBTX, USBRX))) - return; - - /* Start listening for RPC messages in a separate thread */ - Thread rpc_thread(osPriorityNormal, 1024); - rpc_thread.start(&listen_for_rpc); - - /* ... Rest of the private_button_main_thread function ... */ -``` - -### Calling the public secure entry point - -To call the public secure entry point from any other box, you can use the `secure_get_index` function. It will automatically do an RPC call into the secure box and serialize the return value. You can try this out from the public box. In `~/code/uvisor-example/source/main.cpp`, first include the header file for the secure box: - -```cpp -/* ~/code/uvisor-example/source/main.cpp */ - -#include "secure_box.h" -``` - -Then replace the `main` function with: - -```cpp -/* ~/code/uvisor-example/source/main.cpp */ - -int main(void) -{ - while (true) { - led = !led; - printf("Secure index is %d\n", secure_get_index()); - Thread::wait(500); - } -} -``` - -You can observe the secure index by opening a serial port connection to the device with a baud rate of 9600. When you press the `SW2` button, the index will increase. - -## The NVIC APIs - -The ARM CMSIS header files provide APIs to configure, enable and disable IRQs in the NVIC module. These APIs all begin with `NVIC_`, and you can find them in the `core_cm*.h` files in your CMSIS module. The CMSIS header files also provide APIs to set and get an interrupt vector at runtime. This requires the relocation of the interrupt vector table, which is usually located in flash, to SRAM. - -When the uVisor is enabled, all NVIC APIs are rerouted to the corresponding uVisor vIRQ APIs, which virtualize the interrupt module. The uVisor interrupt model has the following features: - -- The uVisor owns the interrupt vector table. -- All ISRs are relocated to SRAM. -- Code in a box can only change the state of an IRQ (enable it, change its priority and so on) if the box registered that IRQ with uVisor through an IRQ ACL. -- An IRQ that belongs to a box can only be modified when that box context is active. - -Although this behavior is different from that of the original NVIC, it is backward compatible. Legacy code (such as a device HAL) still works after uVisor is enabled. - -All IRQ slots that are not listed in any box ACL list are considered unclaimed. Boxes can gain exclusive ownership of unclaimed IRQs on a first-come first-served basis through the use of the NVIC APIs. - -## The *public box* ACLs - -The code samples in this guide provide a list of ACLs for the public box. The list includes peripherals necessary to make the example app work, and they are specific to the NXP FRDM-K64F target. - -To generate the ACLs list for a different target or a different app, use the code provided in the [Enable uVisor](#enable-uvisor) section, but start with an empty ACLs list: - -```C -static const UvisorBoxAclItem g_public_box_acls[] = { -} -``` - -Compile your application using uVisor in debug mode. This operation requires some more advanced steps. Please read [Debugging uVisor on mbed OS](DEBUGGING.md) for the detailed instructions. - -Once the uVisor debug messages are enabled, your application fails. The failure is due to the first missing ACL being hit by the public box code. The message will look like: - -``` -*********************************************************** - BUS FAULT -*********************************************************** - -* Active Box ID: 0 -* FAULT SYNDROME REGISTERS - - CFSR: 0x00008200 - BFAR: 0x40048044 - --> PRECISERR: precise data access. - -... -``` - -Look up the faulty address (the value of BFAR) in the target device reference manual. - -Once you know which peripheral is causing the fault (the `SIM` peripheral, in this example), add its entry to the ACLs list: - -```C -static const UvisorBoxAclItem g_public_box_acls[] = { - {SIM, sizeof(*SIM), UVISOR_TACLDEF_PERIPH}, -}; -``` - -> **Note**: If the fault debug screen does not show the name of the peripheral, look it up in the target device reference manual. - -For readability, do not use the hard-coded addresses of your peripherals. Instead, use the symbols that the target CMSIS module provides. - -Repeat the process multiple times until all ACLs have been added to the list. When no other ACL is needed, the system runs without hitting a uVisor fault. - -## Additional resources -[Go to top](#overview) - -- [uVisor API documentation](API.md). -- [Debugging uVisor on mbed OS](DEBUGGING.md). -- [Using nonvolatile storage from uVisor on mbed OS](manual/Flash.md). - -If you found any bug or inconsistency in this guide, please [raise an issue](https://github.com/ARMmbed/uvisor/issues/new). diff --git a/features/FEATURE_UVISOR/VERSION.txt b/features/FEATURE_UVISOR/VERSION.txt deleted file mode 100644 index 5affb13..0000000 --- a/features/FEATURE_UVISOR/VERSION.txt +++ /dev/null @@ -1 +0,0 @@ -v0.31.1 diff --git a/features/FEATURE_UVISOR/importer/Makefile b/features/FEATURE_UVISOR/importer/Makefile deleted file mode 100644 index 29005e9..0000000 --- a/features/FEATURE_UVISOR/importer/Makefile +++ /dev/null @@ -1,130 +0,0 @@ -########################################################################### -# -# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -########################################################################### - -# Toolchain -PREFIX:=arm-none-eabi- -GDB:=$(PREFIX)gdb -OBJDUMP:=$(PREFIX)objdump - -# Translate between uVisor namespace and mbed namespace -TARGET_TRANSLATION:=MCU_K64F.kinetis EFM32.efm32 STM32F4.stm32 ARM_BEETLE_SOC.beetle M480.m480 -TARGET_PREFIX:=../ -TARGET_SUPPORTED:=$(TARGET_PREFIX)targets/TARGET_UVISOR_SUPPORTED -TARGET_UNSUPPORTED:=$(TARGET_PREFIX)targets/TARGET_UVISOR_UNSUPPORTED -TARGET_INC:=$(TARGET_PREFIX)includes/uvisor/api -TARGET_LIB_SRC:=$(TARGET_PREFIX)source -TARGET_LIB_INC:=$(TARGET_PREFIX)includes/uvisor-lib - -# uVisor source directory - hidden from mbed via TARGET_IGNORE -UVISOR_GIT_URL:=https://github.com/ARMmbed/uvisor -UVISOR_GIT_BRANCH:=master -UVISOR_DIR:=TARGET_IGNORE/uvisor -UVISOR_API:=$(UVISOR_DIR)/api -UVISOR_GIT_CFG=$(UVISOR_DIR)/.git/config - -# Derive variables from user configuration -TARGET_LIST:=$(subst .,,$(suffix $(TARGET_TRANSLATION))) -TARGET_LIST_DIR_SRC:=$(addprefix $(UVISOR_API)/lib/,$(TARGET_LIST)) -TARGET_LIST_DIR_DST:=$(addprefix $(TARGET_SUPPORTED)/,$(TARGET_LIST)) -TARGET_LIST_RELEASE:=$(addsuffix /release,$(TARGET_LIST_DIR_DST)) -TARGET_LIST_DEBUG:=$(addsuffix /debug,$(TARGET_LIST_DIR_DST)) - -# mbed OS paths -MBED_OS_ROOT:=../../.. -MBED_OS_CMSIS:=$(MBED_OS_ROOT)/cmsis - -.PHONY: all deploy rsync publish uvisor uvisor-compile clean cache update - -all: uvisor - -uvisor: uvisor-compile publish - -rsync: - # - # Copying uVisor into mbed library... - rm -rf $(TARGET_SUPPORTED) - mkdir -p $(TARGET_SUPPORTED) - rsync -a --exclude='*.txt' $(TARGET_LIST_DIR_SRC) $(TARGET_SUPPORTED) - # - # Copying uVisor headers to mbed includes... - rm -rf $(TARGET_INC) - mkdir -p $(TARGET_INC) - rsync -a --delete $(UVISOR_API)/inc $(TARGET_INC) - rsync -a --delete $(UVISOR_API)/rtx/inc/ $(TARGET_LIB_INC)/rtx - # - # Copying uVisor unsupported sources to unsupported target source... - mkdir -p $(TARGET_UNSUPPORTED) - cp $(UVISOR_API)/src/unsupported.c $(TARGET_UNSUPPORTED)/ - # - # Copying uVisor shared sources to mbed source... - rm -rf $(TARGET_LIB_SRC) - mkdir -p $(TARGET_LIB_SRC) - cp $(UVISOR_DIR)/core/system/src/page_allocator.c $(TARGET_LIB_SRC)/page_allocator.c_inc - cp $(UVISOR_DIR)/core/system/inc/page_allocator_config.h $(TARGET_LIB_SRC)/page_allocator_config.h - rsync -a --delete $(UVISOR_API)/rtx/src/ $(TARGET_LIB_SRC)/rtx - # - # Copying the secure API header file... - # Note: This will not be needed when we upstream the file to CMSIS. - cp $(UVISOR_DIR)/core/cmsis/inc/core_cmSecureAccess.h $(MBED_OS_CMSIS)/ - # - # Copying the documentation... - cp $(UVISOR_DIR)/docs/*/QUICKSTART.md $(TARGET_PREFIX)/README.md - # - # Copying licenses - cp $(UVISOR_DIR)/LICENSE* $(TARGET_SUPPORTED) - -TARGET_M%: TARGET_LIBS_FIND=$(wildcard $(TARGET_SUPPORTED)/*/*/*_cortex_m$(subst TARGET_M,,$@)*.a) -TARGET_M%: rsync - @printf "#\n# Copying $@ files...\n" - mkdir $(foreach file,$(TARGET_LIBS_FIND),$(dir $(file))$@) - $(foreach file,$(TARGET_LIBS_FIND),mv $(file) $(dir $(file))$@/lib$(notdir $(file));) - -publish: TARGET_M3 TARGET_M4 - # - # Rename release directorires to TARGET_RELEASE filters... - $(foreach dir, $(TARGET_LIST_RELEASE),mv $(dir) $(dir $(dir))TARGET_RELEASE;) - # - # Rename debug directorires to TARGET_DEBUG filters... - $(foreach dir, $(TARGET_LIST_DEBUG),mv $(dir) $(dir $(dir))TARGET_DEBUG;) - # - # Rename target directorires to TARGET_* filters... - $(foreach target, $(TARGET_TRANSLATION),mv $(TARGET_SUPPORTED)/$(subst .,,$(suffix $(target))) $(TARGET_SUPPORTED)/TARGET_$(basename $(target));) - # - # Updating checked out version tag - git -C $(UVISOR_DIR) describe --tags --abbrev=40 --dirty > $(TARGET_PREFIX)VERSION.txt - # - # Updated list of authors, sorted by contributions - git -C $(UVISOR_DIR) shortlog -s -n > $(TARGET_PREFIX)AUTHORS.txt - # Updated version of uvisor-tests - cp $(UVISOR_DIR)/tools/uvisor-tests.txt $(TARGET_PREFIX)uvisor-tests.txt - -uvisor-compile: $(UVISOR_GIT_CFG) - make -C $(UVISOR_DIR) - -update: $(UVISOR_GIT_CFG) - # - # Updating to latest uVisor library version - git -C $(UVISOR_DIR) pull --rebase - -$(UVISOR_GIT_CFG): - rm -rf $(UVISOR_DIR) - git clone -b $(UVISOR_GIT_BRANCH) $(UVISOR_GIT_URL) $(UVISOR_DIR) - -clean: $(UVISOR_GIT_CFG) - make -C $(UVISOR_DIR) clean diff --git a/features/FEATURE_UVISOR/importer/README.md b/features/FEATURE_UVISOR/importer/README.md deleted file mode 100644 index 29bcaf6..0000000 --- a/features/FEATURE_UVISOR/importer/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Rebuilding the uVisor mbed Library - -This directory contains scripts to import and rebuild the latest uVisor library to mbed Classic. -uVisor does not need to be re-deployed for normal application development. - -For uVisor development and code contributions please visit the [uVisor repository](https://github.com/ARMmbed/uvisor). \ No newline at end of file diff --git a/features/FEATURE_UVISOR/importer/TARGET_IGNORE/.gitignore b/features/FEATURE_UVISOR/importer/TARGET_IGNORE/.gitignore deleted file mode 100644 index 12e5820..0000000 --- a/features/FEATURE_UVISOR/importer/TARGET_IGNORE/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/uvisor \ No newline at end of file diff --git a/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/rtx_box_index.h b/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/rtx_box_index.h deleted file mode 100644 index 3275e8d..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/rtx_box_index.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __RTX_BOX_INDEX_H__ -#define __RTX_BOX_INDEX_H__ - -#include "cmsis_os2.h" -#include "rtx_os.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct -{ - /* The uvisor box index must be placed at the beginning */ - UvisorBoxIndex index; - - /* ID of the mutex */ - osMutexId_t mutex_id; - - /* Attribute of the mutex */ - osMutexAttr_t mutex_attr; - - /* Internal data of the mutex */ - osRtxMutex_t mutex_data; -} RtxBoxIndex; - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __RTX_BOX_INDEX_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/secure_allocator.h b/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/secure_allocator.h deleted file mode 100644 index d250109..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor-lib/rtx/secure_allocator.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __SECURE_ALLOCATOR_H__ -#define __SECURE_ALLOCATOR_H__ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** Contains the allocator data and backing page table. */ -typedef void * SecureAllocator; - -/** Create an allocator in-place in an existing pool without using pages. - * Use this to turn statically allocated memory into a heap. - * Or allocate a large piece of memory and then turn that into a heap. - * - * @param mem Pointer to the origin of the memory pool - * @param bytes Length of the memory pool in bytes - * @returns the allocator or `NULL` on failure - */ -SecureAllocator secure_allocator_create_with_pool( - void * mem, - size_t bytes); - -/** Create an allocator using pages from the page heap. - * Use this to request secure dynamic memory for your process. - * Note that this memory is not guaranteed to be consecutive, therefore you - * must specify the maximum allocation size that you plan to use in this - * allocator. This function will then compute the number and size of required - * pages and request them from the secure page heap. - * - * @param total_size The minimal total size of the heap - * @param maximum_malloc_size The largest size to be allocated in one chunk - * @returns the allocator or `NULL` on failure (out of memory, - * maximum malloc size cannot be fulfilled) - */ -SecureAllocator secure_allocator_create_with_pages( - size_t total_size, - size_t maximum_malloc_size); - -/** Destroy the allocator and free the backing pages. - * An attempt to destroy a memory-pool backed allocator will fail and return - * with an error code. - * - * @retval 0 Allocator successfully destroyed. - * @retval -1 Allocator is static (memory-pool), or freeing memory pages failed. - */ -int secure_allocator_destroy( - SecureAllocator allocator); - -/** Drop-in for `malloc`. */ -void * secure_malloc( - SecureAllocator allocator, - size_t size); - -/** Drop-in for `aligned_alloc`. */ -void * secure_aligned_alloc( - SecureAllocator allocator, - size_t alignment, - size_t size); - -/** Drop-in for `calloc`. */ -void * secure_calloc( - SecureAllocator allocator, - size_t nmemb, - size_t size); - -/** Drop-in for `realloc`. */ -void * secure_realloc( - SecureAllocator allocator, - void * ptr, - size_t size); - -/** Drop-in for `free`. */ -void secure_free( - SecureAllocator allocator, - void * ptr); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __SECURE_ALLOCATOR_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor-lib/uvisor-lib.h b/features/FEATURE_UVISOR/includes/uvisor-lib/uvisor-lib.h deleted file mode 100644 index 32c91a4..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor-lib/uvisor-lib.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2013-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_LIB_UVISOR_LIB_H__ -#define __UVISOR_LIB_UVISOR_LIB_H__ - -/* This file translates mbed-specific pre-processor symbols into - * uVisor-specific ones. Then the main uvisor-lib.h file is included. */ - -/* mbed uses UVISOR_SUPPORTED to determine whether the full uVisor binaries - * should be included or not. This symbol maps to the uVisor-internal symbol - * UVISOR_PRESENT. */ -/* By default uVisor is not supported. */ -#if !defined(FEATURE_UVISOR) || !defined(TARGET_UVISOR_SUPPORTED) || defined(TARGET_UVISOR_UNSUPPORTED) -#define UVISOR_PRESENT 0 -#else -#define UVISOR_PRESENT 1 -#endif - -/* Detect the target using the mbed-specific symbols and determine the MPU - * architecture accordingly. */ -#if defined(TARGET_KINETIS) -#define ARCH_MPU_KINETIS -#else -#define ARCH_MPU_ARMv7M -#endif - -/* The uVisor API main header file will use the above definitions. */ -#include "uvisor/api/inc/uvisor-lib.h" -#include "uvisor-lib/rtx/rtx_box_index.h" -#include "uvisor-lib/rtx/secure_allocator.h" - -#endif /* __UVISOR_LIB_UVISOR_LIB_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/api.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/api.h deleted file mode 100644 index 46c29c3..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/api.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_H__ -#define __UVISOR_API_H__ - -#include "rt_OsEventObserver.h" -#include "api/inc/uvisor_exports.h" -#include "api/inc/virq_exports.h" -#include "api/inc/debug_exports.h" -#include "api/inc/halt_exports.h" -#include "api/inc/pool_queue_exports.h" -#include "api/inc/page_allocator_exports.h" -#include "api/inc/uvisor_spinlock_exports.h" -#include - -#define UVISOR_API_MAGIC 0x5C9411B4 -#define UVISOR_API_VERSION (10) - -UVISOR_EXTERN_C_BEGIN - -extern void uvisor_init(void); -/* This method is an api method which initializes the g_semihosting_magic variable. - * This function will only work if called in privileged mode or from secure code, - * it is only intended to be called by debugger after reset. - */ -void debug_semihosting_enable(void); - -typedef struct { - uint32_t magic; - uint32_t (*get_version)(uint32_t); - - void (*init)(uint32_t caller); - - void (*irq_enable)(uint32_t irqn); - void (*irq_disable)(uint32_t irqn); - void (*irq_disable_all)(void); - void (*irq_enable_all)(void); - void (*irq_set_vector)(uint32_t irqn, uint32_t vector); - uint32_t (*irq_get_vector)(uint32_t irqn); - void (*irq_set_priority)(uint32_t irqn, uint32_t priority); - uint32_t (*irq_get_priority)(uint32_t irqn); - void (*irq_set_pending)(uint32_t irqn); - uint32_t (*irq_get_pending)(uint32_t irqn); - void (*irq_clear_pending)(uint32_t irqn); - int (*irq_get_level)(void); - void (*irq_system_reset)(TResetReason reason); - - int (*page_malloc)(UvisorPageTable * const table); - int (*page_free)(const UvisorPageTable * const table); - - int (*box_namespace)(int box_id, char *box_namespace, size_t length); - int (*box_id_for_namespace)(int * const box_id, const char * const box_namespace); - - void (*error)(THaltUserError reason); - void (*start)(void); - void (*vmpu_mem_invalidate)(void); - - int (*pool_init)(uvisor_pool_t *, void *, size_t, size_t); - int (*pool_queue_init)(uvisor_pool_queue_t *, uvisor_pool_t *, void *, size_t, size_t); - uvisor_pool_slot_t (*pool_allocate)(uvisor_pool_t *); - uvisor_pool_slot_t (*pool_try_allocate)(uvisor_pool_t *); - uvisor_pool_slot_t (*pool_queue_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_queue_try_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_free)(uvisor_pool_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_try_free)(uvisor_pool_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_queue_dequeue)(uvisor_pool_queue_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_queue_try_dequeue)(uvisor_pool_queue_t *, uvisor_pool_slot_t); - uvisor_pool_slot_t (*pool_queue_dequeue_first)(uvisor_pool_queue_t *); - uvisor_pool_slot_t (*pool_queue_try_dequeue_first)(uvisor_pool_queue_t *); - uvisor_pool_slot_t (*pool_queue_find_first)(uvisor_pool_queue_t *, TQueryFN_Ptr, void *); - uvisor_pool_slot_t (*pool_queue_try_find_first)(uvisor_pool_queue_t *, TQueryFN_Ptr, void *); - - void (*spin_init)(UvisorSpinlock * spinlock); - bool (*spin_trylock)(UvisorSpinlock * spinlock); - void (*spin_lock)(UvisorSpinlock * spinlock); - void (*spin_unlock)(UvisorSpinlock * spinlock); - - void (*debug_semihosting_enable)(void); - - OsEventObserver os_event_observer; -} UVISOR_PACKED UvisorApi; - -extern UvisorApi uvisor_api; - -static UVISOR_FORCEINLINE uint32_t uvisor_get_version(void) -{ - return uvisor_api.get_version(UVISOR_API_VERSION); -} - -UVISOR_EXTERN_C_END - -#endif /* __UVISOR_API_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_config.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_config.h deleted file mode 100644 index 1f21d65..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_config.h +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright (c) 2013-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_BOX_CONFIG_H__ -#define __UVISOR_API_BOX_CONFIG_H__ - -#include "api/inc/uvisor_exports.h" -#include "api/inc/debug_exports.h" -#include "api/inc/page_allocator_exports.h" -#include "api/inc/rpc_exports.h" -#include -#include -#include - -UVISOR_EXTERN const uint32_t __uvisor_mode; -UVISOR_EXTERN void const * const public_box_cfg_ptr; - -/* All pointers in the box index need to be 4-byte aligned. - * We therefore also need to round up all sizes to 4-byte multiples to - * provide the space to be able to align the pointers to 4-bytes. */ -#define __UVISOR_BOX_ROUND_4(size) \ - (((size) + 3UL) & ~3UL) - -#define UVISOR_DISABLED 0 -#define UVISOR_PERMISSIVE 1 -#define UVISOR_ENABLED 2 - -#define UVISOR_SET_MODE(mode) \ - UVISOR_SET_MODE_ACL_COUNT(mode, NULL, 0) - -#define UVISOR_SET_MODE_ACL(mode, acl_list) \ - UVISOR_SET_MODE_ACL_COUNT(mode, acl_list, UVISOR_ARRAY_COUNT(acl_list)) - -#define UVISOR_SET_MODE_ACL_COUNT(mode, acl_list, acl_list_count) \ - uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) __reserved_stack[UVISOR_STACK_BAND_SIZE]; \ - \ - UVISOR_EXTERN const uint32_t __uvisor_mode = (mode); \ - \ - static const __attribute__((section(".keep.uvisor.cfgtbl"), aligned(4))) UvisorBoxConfig public_box_cfg = { \ - UVISOR_BOX_MAGIC, \ - UVISOR_BOX_VERSION, \ - { \ - sizeof(RtxBoxIndex), \ - 0, \ - 0, \ - sizeof(uvisor_rpc_t), \ - sizeof(uvisor_ipc_t), \ - 0, \ - }, \ - 0, \ - NULL, \ - NULL, \ - acl_list, \ - acl_list_count \ - }; \ - \ - UVISOR_EXTERN const __attribute__((section(".keep.uvisor.cfgtbl_ptr_first"), aligned(4))) void * const public_box_cfg_ptr = &public_box_cfg; - -/* Creates a global page heap with at least `minimum_number_of_pages` each of size `page_size` in bytes. - * The total page heap size is at least `minimum_number_of_pages * page_size`. */ -#define UVISOR_SET_PAGE_HEAP(page_size, minimum_number_of_pages) \ - const uint32_t __uvisor_page_size = (page_size); \ - uint8_t __attribute__((section(".keep.uvisor.page_heap"))) \ - public_page_heap_reserved[ (page_size) * (minimum_number_of_pages) ] - - -/* this macro selects an overloaded macro (variable number of arguments) */ -#define __UVISOR_BOX_MACRO(_1, _2, _3, _4, NAME, ...) NAME - -#define __UVISOR_BOX_CONFIG(box_name, acl_list, acl_list_count, stack_size, context_size) \ - \ - uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) \ - box_name ## _reserved[ \ - UVISOR_STACK_SIZE_ROUND( \ - ( \ - (UVISOR_MIN_STACK(stack_size) + \ - __UVISOR_BOX_ROUND_4(context_size) + \ - __UVISOR_BOX_ROUND_4(__uvisor_box_heapsize) + \ - __UVISOR_BOX_ROUND_4(sizeof(RtxBoxIndex)) + \ - __UVISOR_BOX_ROUND_4(sizeof(uvisor_rpc_outgoing_message_queue_t)) + \ - __UVISOR_BOX_ROUND_4(sizeof(uvisor_rpc_incoming_message_queue_t)) + \ - __UVISOR_BOX_ROUND_4(sizeof(uvisor_rpc_fn_group_queue_t)) + \ - __UVISOR_BOX_ROUND_4(sizeof(struct _reent)) \ - ) \ - * 8) \ - / 6)]; \ - \ - static const __attribute__((section(".keep.uvisor.cfgtbl"), aligned(4))) UvisorBoxConfig box_name ## _cfg = { \ - UVISOR_BOX_MAGIC, \ - UVISOR_BOX_VERSION, \ - { \ - sizeof(RtxBoxIndex), \ - context_size, \ - sizeof(struct _reent), \ - sizeof(uvisor_rpc_t), \ - sizeof(uvisor_ipc_t), \ - __uvisor_box_heapsize, \ - }, \ - UVISOR_MIN_STACK(stack_size), \ - __uvisor_box_lib_config, \ - __uvisor_box_namespace, \ - acl_list, \ - acl_list_count \ - }; \ - \ - UVISOR_EXTERN const __attribute__((section(".keep.uvisor.cfgtbl_ptr"), aligned(4))) void * const box_name ## _cfg_ptr = &box_name ## _cfg; - -#define UVISOR_BOX_EXTERN(box_name) \ - UVISOR_EXTERN const __attribute__((section(".keep.uvisor.cfgtbl_ptr"), aligned(4))) void * const box_name ## _cfg_ptr; - -#define __UVISOR_BOX_CONFIG_NOCONTEXT(box_name, acl_list, stack_size) \ - __UVISOR_BOX_CONFIG(box_name, acl_list, UVISOR_ARRAY_COUNT(acl_list), stack_size, 0) \ - -#define __UVISOR_BOX_CONFIG_CONTEXT(box_name, acl_list, stack_size, context_type) \ - __UVISOR_BOX_CONFIG(box_name, acl_list, UVISOR_ARRAY_COUNT(acl_list), stack_size, sizeof(context_type)) \ - UVISOR_EXTERN context_type *const *const __uvisor_ps; - -#define __UVISOR_BOX_CONFIG_NOACL(box_name, stack_size, context_type) \ - __UVISOR_BOX_CONFIG(box_name, NULL, 0, stack_size, sizeof(context_type)) \ - UVISOR_EXTERN context_type *const *const __uvisor_ps; - -#define __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT(box_name, stack_size) \ - __UVISOR_BOX_CONFIG(box_name, NULL, 0, stack_size, 0) - -#define UVISOR_BOX_CONFIG_ACL(...) \ - __UVISOR_BOX_MACRO(__VA_ARGS__, __UVISOR_BOX_CONFIG_CONTEXT, \ - __UVISOR_BOX_CONFIG_NOCONTEXT, \ - __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT)(__VA_ARGS__) - -#define UVISOR_BOX_CONFIG_CTX(...) \ - __UVISOR_BOX_MACRO(__VA_ARGS__, __UVISOR_BOX_CONFIG_CONTEXT, \ - __UVISOR_BOX_CONFIG_NOACL, \ - __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT)(__VA_ARGS__) - -#define UVISOR_BOX_CONFIG(...) \ - UVISOR_BOX_CONFIG_ACL(__VA_ARGS__) - -/* Use this macro before box defintion (for example, UVISOR_BOX_CONFIG) to - * define the name of your box. If you don't want a name, use this macro with - * box_namespace as NULL. */ -#define UVISOR_BOX_NAMESPACE(box_namespace) \ - static const char *const __uvisor_box_namespace = box_namespace - -/* Use this macro before UVISOR_BOX_CONFIG to define the function the main - * thread of your box will use for its body. If you don't want a main thread, - * too bad: you have to have one. */ -#define UVISOR_BOX_MAIN(function, priority, stack_size) \ - static const uvisor_box_main_t __uvisor_box_main = { \ - function, \ - priority, \ - stack_size, \ - }; \ - static const void * const __uvisor_box_lib_config = &__uvisor_box_main; - -#define UVISOR_BOX_HEAPSIZE(heap_size) \ - static const uint32_t __uvisor_box_heapsize = heap_size; - -#define __uvisor_ctx (((UvisorBoxIndex *) __uvisor_ps)->bss.address_of.context) - - -/* Use this macro after calling the box configuration macro, in order to register your box as a debug box. - * It will create a valid debug driver struct with the halt_error_func parameter as its halt_error() function */ -#define UVISOR_DEBUG_DRIVER(box_name, halt_error_func) \ - UVISOR_EXTERN TUvisorDebugDriver const __uvisor_debug_driver; \ - TUvisorDebugDriver const __uvisor_debug_driver = { \ - UVISOR_DEBUG_BOX_MAGIC, \ - UVISOR_DEBUG_BOX_VERSION, \ - &box_name ## _cfg, \ - halt_error_func \ - }; - -/* Use this macro after calling the box configuration macro, in order to - * register the public box as a debug box. */ -#define UVISOR_PUBLIC_BOX_DEBUG_DRIVER(halt_error_func) \ - UVISOR_DEBUG_DRIVER(public_box, halt_error_func) - - -#endif /* __UVISOR_API_BOX_CONFIG_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_id.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_id.h deleted file mode 100644 index 1f75fd5..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_id.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_BOX_ID_H__ -#define __UVISOR_API_BOX_ID_H__ - -#include "api/inc/api.h" - -UVISOR_EXTERN_C_BEGIN - -/* Return the numeric box ID of the current box. */ -int uvisor_box_id_self(void); - -/* Return the numeric box ID of the box that is calling through the most recent - * secure gateway. Return -1 if there is no secure gateway calling box. */ -int uvisor_box_id_caller(void) UVISOR_DEPRECATED; - -/* Copy the box namespace of the specified box ID to the memory provided by - * box_namespace. The box_namespace's length must be at least - * MAX_BOX_NAMESPACE_LENGTH bytes. Return how many bytes were copied into - * box_namespace. Return UVISOR_ERROR_INVALID_BOX_ID if the provided box ID is - * invalid. Return UVISOR_ERROR_BUFFER_TOO_SMALL if the provided box_namespace - * is too small to hold MAX_BOX_NAMESPACE_LENGTH bytes. Return - * UVISOR_ERROR_BOX_NAMESPACE_ANONYMOUS if the box is anonymous. */ -static UVISOR_FORCEINLINE int uvisor_box_namespace(int box_id, char *box_namespace, size_t length) -{ - return uvisor_api.box_namespace(box_id, box_namespace, length); -} - -static UVISOR_FORCEINLINE int uvisor_box_id_for_namespace(int * const box_id, const char * const box_namespace) -{ - return uvisor_api.box_id_for_namespace(box_id, box_namespace); -} - -UVISOR_EXTERN_C_END - -#endif /* __UVISOR_API_BOX_ID_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_init.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_init.h deleted file mode 100644 index c59632e..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/box_init.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_BOX_INIT_H__ -#define __UVISOR_API_BOX_INIT_H__ - -#include "api/inc/uvisor-lib.h" - -UVISOR_EXTERN void __uvisor_lib_box_init(void * lib_config); - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_nvic_virtual.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_nvic_virtual.h deleted file mode 100644 index ba7b1e6..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_nvic_virtual.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_NVIC_VIRTUAL_H__ -#define __UVISOR_API_NVIC_VIRTUAL_H__ - -#include "api/inc/interrupts.h" -#include "api/inc/virq_exports.h" - -/* The NVIC APIs are only wrapped on ARMv7-M. */ -#if !defined(ARCH_CORE_ARMv8M) && !defined(TARGET_M33) - -#define NVIC_SetPriorityGrouping __NVIC_SetPriorityGrouping -#define NVIC_GetPriorityGrouping __NVIC_GetPriorityGrouping -#define NVIC_EnableIRQ vIRQ_EnableIRQ -#define NVIC_DisableIRQ vIRQ_DisableIRQ -#define NVIC_GetPendingIRQ vIRQ_GetPendingIRQ -#define NVIC_SetPendingIRQ vIRQ_SetPendingIRQ -#define NVIC_ClearPendingIRQ vIRQ_ClearPendingIRQ -#define NVIC_GetActive __NVIC_GetActive -#define NVIC_SetPriority vIRQ_SetPriority -#define NVIC_GetPriority vIRQ_GetPriority -#define NVIC_SystemReset() vIRQ_SystemReset(RESET_REASON_NO_REASON) - -#else - -#define NVIC_SetPriorityGrouping __NVIC_SetPriorityGrouping -#define NVIC_GetPriorityGrouping __NVIC_GetPriorityGrouping -#define NVIC_EnableIRQ __NVIC_EnableIRQ -#define NVIC_DisableIRQ __NVIC_DisableIRQ -#define NVIC_GetPendingIRQ __NVIC_GetPendingIRQ -#define NVIC_SetPendingIRQ __NVIC_SetPendingIRQ -#define NVIC_ClearPendingIRQ __NVIC_ClearPendingIRQ -#define NVIC_GetActive __NVIC_GetActive -#define NVIC_SetPriority __NVIC_SetPriority -#define NVIC_GetPriority __NVIC_GetPriority -#define NVIC_SystemReset() __NVIC_SystemReset() - -#endif - -#endif /* __UVISOR_API_NVIC_VIRTUAL_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_vectab_virtual.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_vectab_virtual.h deleted file mode 100644 index 0d66fb1..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/cmsis_vectab_virtual.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_VECTAB_VIRTUAL_H__ -#define __UVISOR_API_VECTAB_VIRTUAL_H__ - -#include "api/inc/interrupts.h" - -/* The NVIC APIs are only wrapped on ARMv7-M. */ -#if !defined(ARCH_CORE_ARMv8M) && !defined(TARGET_M33) - -#define NVIC_SetVector vIRQ_SetVector -#define NVIC_GetVector vIRQ_GetVector - -#else - -#define NVIC_SetVector __NVIC_SetVector -#define NVIC_GetVector __NVIC_GetVector - -#endif - -#endif /* __UVISOR_API_VECTAB_VIRTUAL_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/context_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/context_exports.h deleted file mode 100644 index dc4c846..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/context_exports.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_CONTEX_EXPORTS_H__ -#define __UVISOR_CONTEX_EXPORTS_H__ - -/** Maximum number of nested context switches. - * - * The same state stack is kept for all kinds of context switches that are bound - * to a function, for which uVisor keeps an internal state. */ -#define UVISOR_CONTEXT_MAX_DEPTH 16 - -#endif /* __UVISOR_CONTEX_EXPORTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/debug_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/debug_exports.h deleted file mode 100644 index 2c8fc33..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/debug_exports.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_DEBUG_EXPORTS_H__ -#define __UVISOR_API_DEBUG_EXPORTS_H__ - -#include "api/inc/halt_exports.h" -#include -#include "api/inc/vmpu_exports.h" - - -#define UVISOR_DEBUG_BOX_VERSION (1) - - -/* Debug box driver - * A constant instance of this struct must be instantiated by the unprivileged - * code to setup a debug box.*/ -typedef struct TUvisorDebugDriver { - const uint32_t magic; - const uint32_t version; - const UvisorBoxConfig * const box_cfg_ptr; - void (*halt_error)(THaltError, const THaltInfo *); -} TUvisorDebugDriver; - -/* Number of handlers in the debug box driver */ -#define DEBUG_BOX_HANDLERS_NUMBER (sizeof(TUvisorDebugDriver) / sizeof(void *)) - -#endif /* __UVISOR_API_DEBUG_EXPORTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/disabled.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/disabled.h deleted file mode 100644 index 21b9a48..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/disabled.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_DISABLED_H__ -#define __UVISOR_API_DISABLED_H__ - -#include "api/inc/uvisor_exports.h" -#include - -UVISOR_EXTERN void uvisor_disabled_switch_in(const uint32_t *dst_box_cfgtbl_ptr); -UVISOR_EXTERN void uvisor_disabled_switch_out(void); - -/* The host OS can override the implementations of these functions in case a - * different handling of IRQs is required when uVisor is disabled. */ -UVISOR_EXTERN void uvisor_disabled_set_vector(uint32_t irqn, uint32_t vector); -UVISOR_EXTERN uint32_t uvisor_disabled_get_vector(uint32_t irqn); - -#endif /* __UVISOR_API_DISABLED_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/error.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/error.h deleted file mode 100644 index 85f8a49..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/error.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_ERROR_H__ -#define __UVISOR_API_ERROR_H__ - -#include "api/inc/halt_exports.h" -#include "api/inc/uvisor_exports.h" -#include "api/inc/api.h" - -UVISOR_EXTERN_C_BEGIN - -static UVISOR_FORCEINLINE void uvisor_error(THaltUserError reason) -{ - uvisor_api.error(reason); -} - -UVISOR_EXTERN_C_END - -#endif /* __UVISOR_API_ERROR_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/halt_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/halt_exports.h deleted file mode 100644 index ab173ea..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/halt_exports.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_HALT_EXPORTS_H__ -#define __UVISOR_API_HALT_EXPORTS_H__ - -#include "uvisor_exports.h" - -#define UVISOR_ERROR_INVALID_BOX_ID (-2) -#define UVISOR_ERROR_BUFFER_TOO_SMALL (-3) -#define UVISOR_ERROR_BOX_NAMESPACE_ANONYMOUS (-4) -#define UVISOR_ERROR_BAD_MAGIC (-5) -#define UVISOR_ERROR_BAD_VERSION (-6) -#define UVISOR_ERROR_OUT_OF_STRUCTURES (-7) -#define UVISOR_ERROR_INVALID_PARAMETERS (-8) -#define UVISOR_ERROR_NOT_IMPLEMENTED (-9) -#define UVISOR_ERROR_TIMEOUT (-10) - - -#define UVISOR_ERROR_CLASS_MASK (0xFFFF0000UL) -#define UVISOR_ERROR_MASK (0x0000FFFFUL) - -#define UVISOR_ERROR_CLASS_PAGE (1UL << 16) - -typedef enum { - USER_NOT_ALLOWED = 1, - DEBUG_BOX_HALT, -} THaltUserError; - -typedef enum { - HALT_NO_ERROR = 0, - PERMISSION_DENIED = 1, - SANITY_CHECK_FAILED, - NOT_IMPLEMENTED, - NOT_ALLOWED, - FAULT_MEMMANAGE, - FAULT_BUS, - FAULT_USAGE, - FAULT_HARD, - FAULT_DEBUG, - FAULT_SECURE, - __THALTERROR_MAX /* always keep as the last element of the enum */ -} THaltError; - -/** A basic exception frame - * - * This struct contains the registers always saved during an exception in the - * order they are placed in the memory. - * If FPU state is also saved it's placed after this register block. - * On ARMv8-M in certain cases an additional state context may be placed on - * the stack before this block. - */ -typedef struct { - uint32_t r0; - uint32_t r1; - uint32_t r2; - uint32_t r3; - uint32_t r12; - uint32_t lr; - uint32_t retaddr; - uint32_t retpsr; -} UVISOR_PACKED exception_frame_t; - -/* A pointer to this structure will be given to halt_error() handler - * of the debug box driver. */ -typedef struct { - /* A basic exception stack frame that is always present with a valid stack. */ - exception_frame_t stack_frame; - - /* A few registers that may be useful for debug. */ - uint32_t lr; - uint32_t control; - uint32_t ipsr; - - /* Fault status registers. */ - uint32_t mmfar; - uint32_t bfar; - uint32_t cfsr; - uint32_t hfsr; - uint32_t dfsr; - uint32_t afsr; - - /* Bitmask telling which of the above regions are valid. */ - uint32_t valid_data; -} UVISOR_PACKED THaltInfo; - -/* Bitmask to specify which HaltInfo regions are valid. */ -typedef enum { - HALT_INFO_STACK_FRAME = 0x1, - HALT_INFO_REGISTERS = 0x2 -} THaltInfoValidMask; - -#endif /* __UVISOR_API_HALT_EXPORTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/interrupts.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/interrupts.h deleted file mode 100644 index ef31082..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/interrupts.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2013-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_INTERRUPTS_H__ -#define __UVISOR_API_INTERRUPTS_H__ - -#include "api/inc/virq_exports.h" -#include "api/inc/uvisor_exports.h" -#include "api/inc/api.h" -#include - -UVISOR_EXTERN_C_BEGIN - -static UVISOR_FORCEINLINE void vIRQ_SetVector(uint32_t irqn, uint32_t vector) -{ - uvisor_api.irq_set_vector(irqn, vector); -} - -static UVISOR_FORCEINLINE uint32_t vIRQ_GetVector(uint32_t irqn) -{ - return uvisor_api.irq_get_vector(irqn); -} - -static UVISOR_FORCEINLINE void vIRQ_EnableIRQ(uint32_t irqn) -{ - uvisor_api.irq_enable(irqn); -} - -static UVISOR_FORCEINLINE void vIRQ_DisableIRQ(uint32_t irqn) -{ - uvisor_api.irq_disable(irqn); -} - -static UVISOR_FORCEINLINE void vIRQ_ClearPendingIRQ(uint32_t irqn) -{ - uvisor_api.irq_clear_pending(irqn); -} - -static UVISOR_FORCEINLINE void vIRQ_SetPendingIRQ(uint32_t irqn) -{ - uvisor_api.irq_set_pending(irqn); -} - -static UVISOR_FORCEINLINE uint32_t vIRQ_GetPendingIRQ(uint32_t irqn) -{ - return uvisor_api.irq_get_pending(irqn); -} - -static UVISOR_FORCEINLINE void vIRQ_SetPriority(uint32_t irqn, uint32_t priority) -{ - uvisor_api.irq_set_priority(irqn, priority); -} - -static UVISOR_FORCEINLINE uint32_t vIRQ_GetPriority(uint32_t irqn) -{ - return uvisor_api.irq_get_priority(irqn); -} - -static UVISOR_FORCEINLINE int vIRQ_GetLevel(void) -{ - return uvisor_api.irq_get_level(); -} - -/** Disable all interrupts for the currently active box. - * - * Calling this function from a box only affects the interrupts of that box. - * System interrupts and interrupts owned by other boxes are left untouched. - * - * Successive calls to this function increase an internal counter that is used - * by uVisor to decide when to re-enable IRQs. The related call - * ::vIRQ_EnableIRQ() decreases this counter. Only when the counter is 0 the - * interrupts are re-enabled for that box. - * - * This guarantees that code that disables IRQs will not accidentally have them - * re-enabled by a nested function that it calls before the expected call to - * ::vIRQ_EnableAll(). Example: - * - * vIRQ_DisableAll(); counter = 1; IRQs are now disabled. - * some_function(); counter = 2, then counter = 1; IRQs are still disabled. - * vIRQ_EnableAll(); counter = 0; IRQs are now re-enabled. - * - * where some_function() also has a disable/enable pair. */ -static UVISOR_FORCEINLINE void vIRQ_DisableAll(void) -{ - uvisor_api.irq_disable_all(); -} - -/** Re-enable all interrupts that were previously disabled for the currently - * active box. - * - * This function only re-enables interrupt if the uVisor internal counter is set - * to 0, to make sure that nested disabling of IRQs is still effective. See - * ::vIRQ_DisableAll for more information. */ -static UVISOR_FORCEINLINE void vIRQ_EnableAll(void) -{ - uvisor_api.irq_enable_all(); -} - -/** Reset the device. - * @warning Currently only the debug box can reset the device. - * @param reason[in] Reason for rebooting. Currently not used. - */ -static UVISOR_FORCEINLINE void vIRQ_SystemReset(TResetReason reason) -{ - return uvisor_api.irq_system_reset(reason); -} - -UVISOR_EXTERN_C_END - -#endif /* __UVISOR_API_INTERRUPTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc.h deleted file mode 100644 index 4186df4..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_IPC_H__ -#define __UVISOR_API_IPC_H__ - -#include "api/inc/ipc_exports.h" -#include "api/inc/uvisor_exports.h" -#include -#include - - -/** Wait for any of the specified IPC operations to complete. - * - * @note This function currently spins, burning through power. - * - * @param[in] wait_tokens a bitfield of tokens to wait on - * @param[out] done_tokens a bitfield which tokens completed - * @param[in] timeout_ms how long to wait (in ms) for an IPC operation - * before returning. 0 means don't wait at all. Any - * other value means wait forever. - * @return 0 on success, non-zero error code otherwise - */ -UVISOR_EXTERN int ipc_waitforany(uint32_t wait_tokens, uint32_t * done_tokens, uint32_t timeout_ms); - -/** Wait for all of the specified IPC operations to complete. - * - * @note This function currently spins, burning through power. - * - * @param[in] wait_tokens a bitfield of tokens to wait on - * @param[out] done_tokens a bitfield which tokens completed - * @param[in] timeout_ms how long to wait (in ms) for an IPC operation - * before returning. 0 means don't wait at all. - * Any other value means wait forever. - * @return 0 on success, non-zero error code otherwise - */ -UVISOR_EXTERN int ipc_waitforall(uint32_t wait_tokens, uint32_t * done_tokens, uint32_t timeout_ms); - -/** Asynchronously send an IPC message - * - * @note The memory used for receiving the message (pointed to by msg) and the - * IPC descriptor (pointed to by desc) must be valid until after the send is - * complete. In addition, each IPC message should use its own IPC descriptor. - * Reusing an IPC descriptor will lead to unpredictable behaviours. - * - * @param[inout] desc an IPC descriptor for the message - * @param[in] msg the message to send - * - * @return 0 on success, non-zero error code otherwise - * */ -UVISOR_EXTERN int ipc_send(uvisor_ipc_desc_t * desc, const void * msg); - -/** Asynchronously receive an IPC message - * - * @note The memory used for receiving the message (pointed to by msg) and the - * IPC descriptor (pointed to by desc) must be valid until after the receive is - * complete. In addition, each IPC message should use its own IPC descriptor. - * Reusing an IPC descriptor will lead to unpredictable behaviours. - * - * @param[inout] desc an IPC descriptor for the message - * @param[out] msg the memory to copy the message to - * - * @return 0 on success, non-zero error code otherwise - */ -UVISOR_EXTERN int ipc_recv(uvisor_ipc_desc_t * desc, void * msg); - -#endif /* __UVISOR_API_IPC_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc_exports.h deleted file mode 100644 index 72de5f3..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc_exports.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_IPC_EXPORTS_H__ -#define __UVISOR_API_IPC_EXPORTS_H__ - -#include "api/inc/pool_queue_exports.h" -#include "api/inc/uvisor_spinlock_exports.h" -#include "api/inc/vmpu_exports.h" -#include - -/* Use the invalid box ID to mean "receive from any" box. */ -#define UVISOR_BOX_ID_ANY UVISOR_BOX_ID_INVALID - -#define UVISOR_IPC_SEND_SLOTS 16 -#define UVISOR_IPC_RECV_SLOTS 16 - -/* The value UVISOR_IPC_INVALID_TOKEN is defined to should be useful as a null - * token, and preferably not having any other legitimate use. Due to the - * internal bitfield representation of tokens, it makes a lot of sense to use 0 - * as the null token. ipc_allocate_token() returns 0 if no tokens are - * available. Freeing 0 bits means nothing ('&= ~0' is a no-op). No other value - * makes as much sense to use as 0. If tokens become represented internally as - * something other than a bitfield, it would make sense to reconsider the value - * used here. */ -#define UVISOR_IPC_INVALID_TOKEN 0 - -typedef enum uvisor_ipc_io_state { - UVISOR_IPC_IO_STATE_INVALID, - UVISOR_IPC_IO_STATE_IDLE, - UVISOR_IPC_IO_STATE_READY_TO_SEND, /* Enqueued and waiting for delivery */ - UVISOR_IPC_IO_STATE_READY_TO_RECV, /* Enqueued and waiting for delivery */ - UVISOR_IPC_IO_STATE_VALID, /* uVisor has copied the message */ -} uvisor_ipc_io_state_t; - -/* IPC Descriptor Structure - * When sending: - * @param[in] box_id the ID of the destination box - * @param[in] port the port to send the message to - * @param[in] len the length of the message - * @param[out] token a token that can be used to wait at a later time for - * the send to complete - * - * When receiving before a message has been received: - * @param[in] box_id an ID of a box that is allowed to send to this box, or - * UVISOR_BOX_ID_ANY to allow messages from any box - * @param[in] port the port to listen for messages on - * @param[in] len the maximum length of message to receive - * @param[out] token a token that can be used to wait at a later time for - * the recv to complete - * - * When receiving after a message has been received: - * @param[out] box_id the box ID of the sender - * @param[out] port the port the message arrived on - * @param[out] len the length of the message - * @param[out] token not modified - */ -typedef struct uvisor_ipc_desc { - int box_id; - size_t port; - size_t len; - uint32_t token; -} uvisor_ipc_desc_t; - -/* IPC IO Request Structure */ -typedef struct uvisor_ipc_io { - uvisor_ipc_desc_t * desc; - void * msg; - uvisor_ipc_io_state_t state; -} uvisor_ipc_io_t; - -#define UVISOR_IPC_SEND_TYPE(slots) \ - struct { \ - uvisor_pool_queue_t queue; \ - uvisor_pool_t pool; \ - uvisor_pool_queue_entry_t entries[slots]; \ - uvisor_ipc_io_t io[slots]; \ - } - -#define UVISOR_IPC_RECV_TYPE(slots) \ - struct { \ - uvisor_pool_queue_t queue; \ - uvisor_pool_t pool; \ - uvisor_pool_queue_entry_t entries[slots]; \ - uvisor_ipc_io_t io[slots]; \ - } - -typedef UVISOR_IPC_SEND_TYPE(UVISOR_IPC_SEND_SLOTS) uvisor_ipc_send_queue_t; -typedef UVISOR_IPC_RECV_TYPE(UVISOR_IPC_RECV_SLOTS) uvisor_ipc_recv_queue_t; - -typedef struct uvisor_ipc { - uvisor_ipc_send_queue_t send_queue; - uvisor_ipc_recv_queue_t recv_queue; - UvisorSpinlock tokens_lock; /* Protect access to tokens. */ - uint32_t allocated_tokens; /* Endpoints read and write. */ - uint32_t completed_tokens; /* uVisor and endpoints read and write. */ -} uvisor_ipc_t; - -static inline uvisor_ipc_t * uvisor_ipc(UvisorBoxIndex * const index) -{ - return (uvisor_ipc_t *) index->bss.address_of.ipc; -} - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/lib_hook_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/lib_hook_exports.h deleted file mode 100644 index 74c790d..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/lib_hook_exports.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_LIB_HOOK_EXPORTS_H__ -#define __UVISOR_API_LIB_HOOK_EXPORTS_H__ - -#include - -/* Predeclaration */ -typedef struct uvisor_semaphore UvisorSemaphore; - -/* - * uVisor library hooks - * - * All functions that uVisor needs to call that are implemented in uvisor-lib. - * These functions will be run by unprivileged code only. */ -typedef struct { - void (*box_init)(void * lib_config); - int (*semaphore_init)(UvisorSemaphore * semaphore, uint32_t initial_count, uint32_t max_count); - int (*semaphore_pend)(UvisorSemaphore * semaphore, uint32_t timeout_ms); -} UvisorLibHooks; - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/linker_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/linker_exports.h deleted file mode 100644 index 2597fdc..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/linker_exports.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_LINKER_EXPORTS_H__ -#define __UVISOR_API_LINKER_EXPORTS_H__ - -/* FIXME Consider supporting other aliasing schemes. This is dependent on the - * IDAU implementation. Not all aliasing is guaranteed to work the same way. We - * currently only support a 1-bit MSB IDAU. */ -#if defined (ARCH_CORE_ARMv8M) || defined (TARGET_M33) -# define SECURE_ALIAS_OFFSET 0x10000000 -#else -# define SECURE_ALIAS_OFFSET 0 -#endif - -/** @returns the non-secure alias of the input address. */ -#define UVISOR_GET_NS_ALIAS(addr) ((typeof(addr)) ((uint32_t) (addr) & ~SECURE_ALIAS_OFFSET)) -/** @returns the secure alias of the input address. */ -#define UVISOR_GET_S_ALIAS(addr) ((typeof(addr)) ((uint32_t) (addr) | SECURE_ALIAS_OFFSET)) -/** @returns `true` if address is a secure alias. */ -#define UVISOR_IS_S_ALIAS(addr) ((uint32_t) (addr) & SECURE_ALIAS_OFFSET) -/** @returns an address targeting the non-secure state. */ -#define UVISOR_GET_NS_ADDRESS(addr) ((addr) & ~1UL) - -/** @returns the secure alias of the input address for uVisor core builds, and - * the non-secure alias for non-uVisor core builds. - * This is useful for code shared across secure and non-secure aliases. */ -#if UVISOR_CORE_BUILD -#define UVISOR_AUTO_ALIAS(addr) UVISOR_GET_S_ALIAS(addr) -#else -#define UVISOR_AUTO_ALIAS(addr) UVISOR_GET_NS_ALIAS(addr) -#endif - -/** @returns the secure alias of the input address for uVisor core builds, and - * assumes the addr supplied is already a non-secure alias for non-uVisor core builds. - * This is useful for code shared across secure and non-secure aliases. */ -#if UVISOR_CORE_BUILD -#define UVISOR_AUTO_NS_ALIAS(addr) UVISOR_GET_S_ALIAS(addr) -#else -#define UVISOR_AUTO_NS_ALIAS(addr) addr -#endif - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/magic_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/magic_exports.h deleted file mode 100644 index 7ebe857..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/magic_exports.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_MAGIC_EXPORTS_H__ -#define __UVISOR_API_MAGIC_EXPORTS_H__ - -#include - -/* udf imm16 - * UDF - ARMv7M ARM section A7.7.191 - * 111 1;0 111;1111; ; 1 01 0; (Encoding T2) - */ -#define UDF_OPCODE(imm16) \ - ((uint32_t) (0xA000F7F0UL | (((uint32_t) (imm16) & 0xFFFU) << 16U) | (((uint32_t) (imm16) & 0xF000UL) >> 12))) - -/** Magics - * - * The following magics are used to verify various things within uVisor.The - * magics are chosen to be one of the explicitly undefined Thumb-2 - * instructions. - */ -#if defined(__thumb__) && defined(__thumb2__) -#define UVISOR_RPC_GATEWAY_MAGIC_ASYNC UDF_OPCODE(0x07C2) -#define UVISOR_RPC_GATEWAY_MAGIC_SYNC UDF_OPCODE(0x07C3) -#define UVISOR_POOL_MAGIC UDF_OPCODE(0x07C4) -#define UVISOR_POOL_QUEUE_MAGIC UDF_OPCODE(0x07C5) -#define UVISOR_DEBUG_BOX_MAGIC UDF_OPCODE(0x07C6) -#else -#error "Unsupported instruction set. The ARM Thumb-2 instruction set must be supported." -#endif /* __thumb__ && __thumb2__ */ - - -#endif /* __UVISOR_API_MAGIC_EXPORTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator.h deleted file mode 100644 index 35ab826..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_PAGE_ALLOCATOR_H__ -#define __UVISOR_API_PAGE_ALLOCATOR_H__ - -#include "api/inc/uvisor_exports.h" -#include "api/inc/page_allocator_exports.h" -#include "api/inc/api.h" -#include - -UVISOR_EXTERN_C_BEGIN - -/* Allocate a number of requested pages with the requested page size. - * @param table.page_size[in] Must be equal to the current page size - * @param table.page_count[in] The number of pages to be allocated - * @param table.page_origins[out] Pointers to the page origins. The table must be large enough to hold page_count entries. - * @returns Non-zero on failure with failure class `UVISOR_ERROR_CLASS_PAGE`. See `UVISOR_ERROR_PAGE_*`. - */ -static UVISOR_FORCEINLINE int uvisor_page_malloc(UvisorPageTable * const table) -{ - return uvisor_api.page_malloc(table); -} - -/* Free the pages associated with the table, only if it passes validation. - * @returns Non-zero on failure with failure class `UVISOR_ERROR_CLASS_PAGE`. See `UVISOR_ERROR_PAGE_*`. - */ -static UVISOR_FORCEINLINE int uvisor_page_free(const UvisorPageTable * const table) -{ - return uvisor_api.page_free(table); -} - -/* @returns the active page size for one page. */ -static UVISOR_FORCEINLINE uint32_t uvisor_get_page_size(void) -{ - return __uvisor_page_size; -} - -UVISOR_EXTERN_C_END - -#endif /* __UVISOR_API_PAGE_ALLOCATOR_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator_exports.h deleted file mode 100644 index 52c24ec..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/page_allocator_exports.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ -#define __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ - -#include "api/inc/halt_exports.h" -#include -#include - - -#define UVISOR_ERROR_PAGE_OK (0) -#define UVISOR_ERROR_PAGE_OUT_OF_MEMORY (UVISOR_ERROR_CLASS_PAGE + 1) -#define UVISOR_ERROR_PAGE_INVALID_PAGE_TABLE (UVISOR_ERROR_CLASS_PAGE + 2) -#define UVISOR_ERROR_PAGE_INVALID_PAGE_SIZE (UVISOR_ERROR_CLASS_PAGE + 3) -#define UVISOR_ERROR_PAGE_INVALID_PAGE_ORIGIN (UVISOR_ERROR_CLASS_PAGE + 4) -#define UVISOR_ERROR_PAGE_INVALID_PAGE_OWNER (UVISOR_ERROR_CLASS_PAGE + 5) -#define UVISOR_ERROR_PAGE_INVALID_PAGE_COUNT (UVISOR_ERROR_CLASS_PAGE + 6) - -/* Contains the uVisor page size. - * @warning Do not read directly, instead use `uvisor_get_page_size()` accessor! */ -UVISOR_EXTERN const uint32_t __uvisor_page_size; - -typedef struct { - uint32_t page_size; /* The page size in bytes. Must be multiple of `UVISOR_PAGE_SIZE`! */ - uint32_t page_count; /* The number of pages in the page table. */ - void * page_origins[1]; /* Table of pointers to the origin of each page. */ -} UvisorPageTable; - -#endif /* __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ */ diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/pool_queue_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/pool_queue_exports.h deleted file mode 100644 index d9764fb..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/pool_queue_exports.h +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef UVISOR_POOL_QUEUE_EXPORTS_H -#define UVISOR_POOL_QUEUE_EXPORTS_H - -#include "api/inc/magic_exports.h" -#include "api/inc/uvisor_exports.h" -#include "api/inc/uvisor_spinlock_exports.h" -#include -#include - -#define UVISOR_POOL_QUEUE_NON_BLOCKING (0) -#define UVISOR_POOL_QUEUE_BLOCKING (1) - -#define UVISOR_POOL_SLOT_INVALID ((uint8_t) 0xFFU) -#define UVISOR_POOL_SLOT_IS_DEQUEUED ((uint8_t) 0xFEU) -#define UVISOR_POOL_SLOT_IS_FREE ((uint8_t) 0xFDU) -#define UVISOR_POOL_MAX_VALID ((uint8_t) 0xFCU) - -typedef uint8_t uvisor_pool_slot_t; - -typedef struct uvisor_pool_queue_entry { - union { - struct { - /* The next slot in the queue */ - uvisor_pool_slot_t next; - - /* The previous slot in the queue */ - uvisor_pool_slot_t prev; - } queued; - struct { - /* If the slot is free, the next available slot in the free list */ - uvisor_pool_slot_t next; - - /* If the slot is free or dequeued */ - uvisor_pool_slot_t state; - } dequeued; - }; -} uvisor_pool_queue_entry_t; - -/* These are assumed to only be statically allocated, so the management array - * in in-place. */ -typedef struct uvisor_pool { - /* Magic that identifies this as a uvisor_pool type. */ - uint32_t magic; - - /* The array holds slots of data. */ - void const * array; - - /* The distance between elements in the array. */ - size_t stride; - - /* The maximum number of elements that could be in the array. */ - uvisor_pool_slot_t num; - - /* The number of items currently allocated from the pool. For testing and - * debug purposes only. */ - uvisor_pool_slot_t num_allocated; - - /* The first free slot. */ - uvisor_pool_slot_t first_free; - - /* The spinlock serializes updates to the management array. */ - UvisorSpinlock spinlock; - - /* This must be at the end so we can allocate memory for pools by - * allocating enough room for the size of the pool appended by an array of - * entries. */ - uvisor_pool_queue_entry_t management_array[]; -} uvisor_pool_t; - -typedef struct uvisor_pool_queue { - /* Magic that identifies this as a uvisor_pool_queue type. */ - uint32_t magic; - - /* The first allocated slot */ - uvisor_pool_slot_t head; - - /* The last allocated slot */ - uvisor_pool_slot_t tail; - - uvisor_pool_t * pool; -} uvisor_pool_queue_t; - -/* Intialize a pool. - * Return 0 on success, non-zero otherwise. */ -UVISOR_EXTERN int uvisor_pool_init(uvisor_pool_t * pool, void * array, size_t stride, size_t num); - -/* Initialize a pool queue. - * Return 0 on success, non-zero otherwise. */ -UVISOR_EXTERN int uvisor_pool_queue_init(uvisor_pool_queue_t * pool_queue, uvisor_pool_t * pool, void * array, size_t stride, size_t num); - -/* Allocate a slot from the pool. This doesn't put anything in the slot for - * you. It's up to you to do that. Return the index of the allocated slot, or - * UVISOR_POOL_SLOT_INVALID if there is no available slot. This function will - * spin until the spin lock serializing access to the pool can be taken. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_allocate(uvisor_pool_t * pool); -/* Attempt to allocate a slot. This function will fail if the spin lock - * serializing access to the pool can not be taken. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_try_allocate(uvisor_pool_t * pool); - -/* Enqueue the specified slot into the queue. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_try_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot); - -/* Free the specified slot back into the pool. Invalid slots are ignored. - * Return the slot that was freed, or UVISOR_POOL_SLOT_IS_FREE if the slot was - * already freed, or UVISOR_POOL_SLOT_INVALID if the slot being requested to - * free is outside the range of the queue. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_free(uvisor_pool_t * pool, uvisor_pool_slot_t slot); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_try_free(uvisor_pool_t * pool, uvisor_pool_slot_t slot); - -/* Remove the specified slot from the queue. This function does not free the - * specified slot back into the pool. Return the slot that was dequeued, or - * UVISOR_POOL_SLOT_IS_DEQUEUED if the slot was already dequeued, or - * UVISOR_POOL_SLOT_INVALID if the slot being requested to dequeue is outside - * the range of the queue. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_try_dequeue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_dequeue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot); - -/* Remove the first slot from the queue. This function does not free the - * specified slot back into the pool. Return the slot that was dequeued or - * UVISOR_POOL_SLOT_INVALID if the slot being requested to dequeue is outside - * the range of the queue. */ -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_dequeue_first(uvisor_pool_queue_t * pool_queue); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_try_dequeue_first(uvisor_pool_queue_t * pool_queue); - -/* Find the first (in queue order) slot that the supplied query function - * returns non-zero for. The query function is provided with `context` on every - * invocation. This allows query functions to access additional data without - * having to use global variables. `uvisor_pool_queue_find_first` is reentrant. */ -typedef int (*TQueryFN_Ptr)(uvisor_pool_slot_t slot, void * context); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_try_find_first(uvisor_pool_queue_t * pool_queue, - TQueryFN_Ptr query_fn, void * context); -UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_find_first(uvisor_pool_queue_t * pool_queue, - TQueryFN_Ptr query_fn, void * context); - -/* Inline helper function to make allocating slots for pool queues easier and - * better encapsulated (clients don't need to pull the pool out of the pool - * queue, or even realize pool_queue is implemented with a pool) */ -static inline uvisor_pool_slot_t uvisor_pool_queue_allocate(uvisor_pool_queue_t * pool_queue) -{ - return uvisor_pool_allocate(pool_queue->pool); -} - -static inline uvisor_pool_slot_t uvisor_pool_queue_try_allocate(uvisor_pool_queue_t * pool_queue) -{ - return uvisor_pool_try_allocate(pool_queue->pool); -} - -/* Inline helper function to make freeing slots for pool queues easier and - * better encapsulated (clients don't need to pull the pool out of the pool - * queue, or even realize pool_queue is implemented with a pool) */ -static inline uvisor_pool_slot_t uvisor_pool_queue_free(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot) -{ - return uvisor_pool_free(pool_queue->pool, slot); -} - -static inline uvisor_pool_slot_t uvisor_pool_queue_try_free(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot) -{ - return uvisor_pool_try_free(pool_queue->pool, slot); -} - -/* Return a pointer to the specified slot within the pool. */ -static inline void * uvisor_pool_pointer_to(uvisor_pool_t * pool, uvisor_pool_slot_t slot) -{ - if (slot >= pool->num) { - return NULL; - } - return (uint8_t *) pool->array + pool->stride * slot; -} - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/priv_sys_hooks_exports.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/priv_sys_hooks_exports.h deleted file mode 100644 index dc5a05a..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/priv_sys_hooks_exports.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_PRIV_SYS_HOOK_EXPORTS_H__ -#define __UVISOR_API_PRIV_SYS_HOOK_EXPORTS_H__ - -/* Predeclaration */ -typedef struct uvisor_semaphore UvisorSemaphore; - -/* - * Privileged system hooks - * - * In this version of uVisor, uVisor lives alongside an RTOS that requires - * running privileged code. In order for the RTOS to run any privileged code, - * uVisor must allow the RTOS to handle a subset of privileged system - * interrupts or system calls. Only the following system interrupts and system - * calls are hookable. Code called by these hooks circumvents uVisor security. - * HANDLE WITH CARE. */ -typedef struct { - void (*priv_svc_0)(void); - void (*priv_pendsv)(void); - void (*priv_systick)(void); - int32_t (*priv_os_suspend)(void); - int (*priv_uvisor_semaphore_post)(UvisorSemaphore * semaphore); -} UvisorPrivSystemHooks; - -/* Use this macro to register privileged system IRQ hooks. If you don't want to - * register a particular privileged system IRQ hook, you can supply NULL for - * that hook parameter. */ -#define UVISOR_SET_PRIV_SYS_HOOKS(priv_svc_0_, priv_pendsv_, priv_systick_, priv_os_suspend_, priv_uvisor_semaphore_post_) \ - UVISOR_EXTERN_C_BEGIN \ - const UvisorPrivSystemHooks __uvisor_priv_sys_hooks = { \ - .priv_svc_0 = priv_svc_0_, \ - .priv_pendsv = priv_pendsv_, \ - .priv_systick = priv_systick_, \ - .priv_os_suspend = priv_os_suspend_, \ - .priv_uvisor_semaphore_post = priv_uvisor_semaphore_post_, \ - }; \ - UVISOR_EXTERN_C_END - -#endif diff --git a/features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway.h b/features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway.h deleted file mode 100644 index ade380b..0000000 --- a/features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway.h +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2015-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __UVISOR_API_REGISTER_GATEWAY_H__ -#define __UVISOR_API_REGISTER_GATEWAY_H__ - -#include "api/inc/register_gateway_exports.h" -#include "api/inc/uvisor_exports.h" -#include "api/inc/svc_exports.h" -#include - -/** Get the offset of a struct member. - * @internal - */ -#define __UVISOR_OFFSETOF(type, member) ((uint32_t) (&(((type *)(0))->member))) - -/** Generate the SVCall opcode from the SVC ID. */ -#define UVISOR_SVC_OPCODE(id) ((uint16_t) (0xDF00 | ((id) & 0xFF))) - -/** Generate the opcode of the 16-bit Thumb-2 16-bit T2 encoding of the branch - * instruction. - * @internal - * @note The branch instruction is encoded according to the Thumb-2 immediate - * encoding rules: - * : B.N