Support for non-secure (NS) binaries #2753
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allows for much simpler custom linker scripts
…ript_var variables Means that CMake doesn't need to know the default memory addresses for different platforms
Non-secure side can successfully connect to WiFi
Make rolling XIP to the non-secure partition easier
…re_binary_default function to launch default nonsecure binary
Prevents nonsecure code printing secure data
|
Please do not submit against |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is alpha level, and APIs/build process are subject to change:
See the corresponding examples branch: https://github.com/raspberrypi/pico-examples/tree/ns-alpha
This PR allows the user to build separate binaries for the Secure and NonSecure sides of RP2350, and have one call the other. It provides secure call APIs for the NonSecure side to call code on the Secure side, along with CMake functions to configure both binaries to have the same functionality.
This allows for simple use of the Secure/NonSecure split, for example to keep secrets on the Secure side, while running a WiFi/USB stack on the NonSecure side.
The
hello_trustzoneexample is a minimal example showing how to create a Secure/NonSecure binary. It has NonSecure doingstdio_usb, and both sides using their respective timers. It also demonstrates a user secure call, allowing user NonSecure code to talk to Secure code. This produces a single hello_trustzone.uf2 file, which can be loaded onto any device with the trustzone_pt.json programmed. So steps are:picotool partition create trustzone_pt.json pt.uf2picotool load pt.uf2picotool reboot -udrag & drop hello_trustzone.uf2 onto the device
In addition there is a
hello_trustzone_no_flashexample for those not using flash - this doesn't require a partition table to load, either load in two parts with picotool:picotool load hello_trustzone_no_flash_ns.uf2picotool load hello_trustzone_no_flash_s.uf2 -xor create a combined UF2 using the code in the new branch (https://github.com/raspberrypi/picotool/tree/uf2-combine), which can just be dragged & dropped (or loaded with picotool as a single UF2):
picotool uf2 combine hello_trustzone_no_flash_s.uf2 hello_trustzone_no_flash_ns.uf2 hello_trustzone_no_flash.uf2drag & drop hello_trustzone_no_flash.uf2 onto the device