1.. _arc_secure_service:
2
3ARC Secure Service
4##################
5
6Overview
7********
8
9This sample implements a simple secure service based on ARC SecureShield to
10demonstrate how a secure zephyr application runs together with a normal
11Zephyr application.
12
13In this sample:
14
15* Secure application will be in the secure memory space defined in
16  ``arc_mpu_regions.c``. Half of RAM and ROM is allocated to secure world,
17  the other half is allocated to normal world.
18
19* Memory not allocated to the secure application is allocated to
20  the normal application.
21
22* By default, all the peripheral space is normal mode accessible, i.e.,
23  the peripherals are shared between normal mode and secure mode. If some
24  peripherals are required by secure world, it can be done by adding static
25  mpu entry in ``arc_mpu_regions.c``.
26
27* The interrupts of two internal timers are configure as normal interrupts,
28  so the normal zephyr's kernel tick can work correctly.
29
30* Secure interrupts priority > secure threads priority > normal interrupts
31  priority > normal threads priority.
32
33
34Requirements
35************
36
37To use this sample, ARC processor should be equipped with ARC SecureShield. In
38Zephyr, the following board configurations are supported:
39
40* em_starterkit_em7d
41  * secure application: em_starterkit_em7d_secure
42  * normal application: em_starterkit_em7d_normal
43* nsim_sem
44  * secure application: nsim_sem
45  * normal application: nsim_sem_normal
46
47Building and Running
48********************
49
50Building
51========
52
53Secure application
54^^^^^^^^^^^^^^^^^^
55
56First, you should build the secure application.
57
58.. zephyr-app-commands::
59   :zephyr-app: samples/boards/arc_secure_services
60   :board: em_starterkit_em7d_secure nsim_sem
61   :goals: build
62   :compact:
63
64Normal application
65^^^^^^^^^^^^^^^^^^
66
67Currently, in normal application, MPU is not accessible, so no user space and
68mpu-based stack checking. Please copy the specific dts file and def_config
69file to the specific board dir to build normal application.
70
71Here,take :ref:'dining-philosophers-sample' as an example for normal
72application.
73
74.. zephyr-app-commands::
75   :zephyr-app: samples/philosophers
76   :board: em_starterkit_em7d_normal nsim_sem_normal
77   :goals: build
78   :compact:
79
80Running
81=======
82
83* Run using the bootloader
84
85The bootloader should load the secure and normal application into the correct place,
86then jump to the entry of the secure application. The entry of normal application
87is hardcoded in secure application. Secure application will boot normal application.
88
89* Run using the debugger (recommended)
90
91Use the gdb debugger to load and run the two applications.
92
93For em starter kit, run the following commands
94
95.. code-block:: console
96
97    # load secure application first
98    $ cd samples/boards/arc_secure_services/build
99    $ west debug
100    # load normal application
101    $ monitor load_image ../../../philosophers/build/zephyr/zephyr.elf
102    $ c
103
104For nsim sem, you need two consoles: one for application output, and one for
105debugger.
106
107In the console for output:
108
109.. code-block:: console
110
111    # open debug server
112    $ cd samples/boards/arc_secure_services/build
113    $ west debugserver
114
115In the console for debugger:
116
117.. code-block:: console
118
119    # open debug server
120    $ cd samples/boards/arc_secure_services/build
121    $ arc-elf32-gdb zephyr/zephyr.elf
122    $ target remote :3333
123    # load normal application
124    $ load ../../../philosophers/build/zephyr/zephyr.elf
125    # load secure application
126    $ load
127    $ c
128