1:orphan:
2
3.. _arc_secure_service:
4
5ARC Secure Service
6##################
7
8Overview
9********
10
11This sample implements a simple secure service based on ARC SecureShield to
12demonstrate how a secure zephyr application runs together with a normal
13Zephyr application.
14
15In this sample:
16
17* Secure application will be in the secure memory space defined in
18  ``arc_mpu_regions.c``. Half of RAM and ROM is allocated to secure world,
19  the other half is allocated to normal world.
20
21* Memory not allocated to the secure application is allocated to
22  the normal application.
23
24* By default, all the peripheral space is normal mode accessible, i.e.,
25  the peripherals are shared between normal mode and secure mode. If some
26  peripherals are required by secure world, it can be done by adding static
27  mpu entry in ``arc_mpu_regions.c``.
28
29* The interrupts of two internal timers are configure as normal interrupts,
30  so the normal zephyr's kernel tick can work correctly.
31
32* Secure interrupts priority > secure threads priority > normal interrupts
33  priority > normal threads priority.
34
35
36Requirements
37************
38
39To use this sample, ARC processor should be equipped with ARC SecureShield. In
40Zephyr, the following board configurations are supported:
41
42* em_starterkit_em7d
43  * secure application: em_starterkit_em7d_secure
44  * normal application: em_starterkit_em7d_normal
45* nsim_sem
46  * secure application: nsim_sem
47  * normal application: nsim_sem_normal
48
49Building and Running
50********************
51
52Building
53========
54
55Secure application
56^^^^^^^^^^^^^^^^^^
57
58First, you should build the secure application.
59
60.. zephyr-app-commands::
61   :zephyr-app: samples/boards/arc_secure_services
62   :board: em_starterkit_em7d_secure nsim_sem
63   :goals: build
64   :compact:
65
66Normal application
67^^^^^^^^^^^^^^^^^^
68
69Currently, in normal application, MPU is not accessible, so no user space and
70mpu-based stack checking. Please copy the specific dts file and def_config
71file to the specific board dir to build normal application.
72
73Here,take :zephyr:code-sample:`dining-philosophers` as an example for normal
74application.
75
76.. zephyr-app-commands::
77   :zephyr-app: samples/philosophers
78   :board: em_starterkit_em7d_normal nsim_sem_normal
79   :goals: build
80   :compact:
81
82Running
83=======
84
85* Run using the bootloader
86
87The bootloader should load the secure and normal application into the correct place,
88then jump to the entry of the secure application. The entry of normal application
89is hardcoded in secure application. Secure application will boot normal application.
90
91* Run using the debugger (recommended)
92
93Use the gdb debugger to load and run the two applications.
94
95For em starter kit, run the following commands
96
97.. code-block:: console
98
99    # load secure application first
100    $ cd samples/boards/arc_secure_services/build
101    $ west debug
102    # load normal application
103    $ monitor load_image ../../../philosophers/build/zephyr/zephyr.elf
104    $ c
105
106For nsim sem, you need two consoles: one for application output, and one for
107debugger.
108
109In the console for output:
110
111.. code-block:: console
112
113    # open debug server
114    $ cd samples/boards/arc_secure_services/build
115    $ west debugserver
116
117In the console for debugger:
118
119.. code-block:: console
120
121    # open debug server
122    $ cd samples/boards/arc_secure_services/build
123    $ arc-elf32-gdb zephyr/zephyr.elf
124    $ target remote :3333
125    # load normal application
126    $ load ../../../philosophers/build/zephyr/zephyr.elf
127    # load secure application
128    $ load
129    $ c
130