NSC call broken on NSPE interrupt disabled
Closed, ResolvedPublic
Actions

Description

The issue happens in TF-M 1.4, not in TF-M 1.3.

From 1.3 to 1.4, the following commit is the point:
91d9f7403cb476539b74cc06de82483977daf3a0
SPM: Correct the PendSV priority value

In the commit, PendSV priority is raised from (0x80 - 1) to 0x80.

On Mbed/TF-M M2354, the following flow will fail:

In TF-M, AIRCR.PRIS set, NSPE priority is 0x80~0xFF.
In Mbed, interrupt disabled (PRIMASK_NS.PM set), NSPE priority is raised to 0x80.
Mbed calls into TF-M via NSC.
In TF-M, on exit from Secure SVC, Secure PendSV (TF-M scheduler) is expected to run, but incorrectly masked by NSPE priority 0x80.

So Secure PendSV priority should adjust back to (0x80 - 1) from just 0x80.

Related Objects

Mentioned In: T950: NS interrupt masking prevents from executing PSA calls

Event Timeline

ccli8 created this task.Sep 17 2021, 1:44 AM

kevin-peng-hao claimed this task.Sep 17 2021, 9:45 AM

I think you're right.
The Secure PendSV is masked by NSPE, although it has the same priority value 0x80.
It has to have a lower value to preempt the NSPE, having an equal priority value does not work.

Revert patch is created:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11565

kevin-peng-hao mentioned this in T950: NS interrupt masking prevents from executing PSA calls.Sep 18 2021, 6:53 AM

Hi,

Thanks for your check. Would you also backport the patch to TF-M 1.4?

Hi,

The 1.4.x branch is only intended for security fixes.
https://developer.trustedfirmware.org/w/collaboration/tf_m_security_patch_release/

So this fix will not be backported. Sorry for the inconvenience.

The fix has been merged. Close the issue.

NSC call broken on NSPE interrupt disabledClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

NSC call broken on NSPE interrupt disabled
Closed, ResolvedPublic
Actions