From db3f6aab02b63d40600d997735be4cdf7083d160 Mon Sep 17 00:00:00 2001
From: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Date: Tue, 3 Apr 2018 09:39:43 +0200
Subject: [PATCH] arch: arm: add option to define an NSC region

This commit adds K-config options that allow the user to
signify an ARM Secure Firmware that contains Secure Entry
functions and to define the starting address of the linker
section that will contain the Secure Entry functions. It
also instructs the linker to append the NSC section if
instructed so by the user.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
---
 arch/arm/core/Kconfig                       | 32 +++++++++++++++++++++
 arch/arm/include/cortex_m/tz.h              |  3 ++
 include/arch/arm/cortex_m/scripts/linker.ld | 16 +++++++++++
 include/linker/linker-defs.h                |  9 ++++++
 4 files changed, 60 insertions(+)

diff --git a/arch/arm/core/Kconfig b/arch/arm/core/Kconfig
index 21e339fe7f2..02c0b437694 100644
--- a/arch/arm/core/Kconfig
+++ b/arch/arm/core/Kconfig
@@ -93,6 +93,38 @@ config ARM_NONSECURE_FIRMWARE
 	  resources of the Cortex-M MCU, and, therefore, it shall avoid
 	  accessing them.
 
+menu "ARM Secure Firmware Options"
+depends on ARM_SECURE_FIRMWARE
+
+config ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
+	bool "Secure Firmware has Secure Entry functions"
+	depends on ARM_SECURE_FIRMWARE
+	default n
+	help
+	  Option indicates that ARM Secure Firmware contains
+	  Secure Entry functions that may be called from
+	  Non-Secure state. Secure Entry functions must be
+	  located in Non-Secure Callable memory regions.
+
+config ARM_NSC_REGION_BASE_ADDRESS
+	hex "ARM Non-Secure Callable Region base address"
+	depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
+	default 0
+	help
+	  Start address of Non-Secure Callable section.
+
+	  Notes:
+	  - The default value (i.e. when the user does not configure
+	  the option explicitly) instructs the linker script to
+	  place the Non-Secure Callable section, automatically,
+	  inside the .text area.
+	  - Certain requirements/restrictions may apply regarding
+	  the size and the alignment of the starting address for
+	  a Non-Secure Callable section, depending on the available
+	  security atttribution unit (SAU or IDAU) for a given SOC.
+
+endmenu
+
 menu "Architecture Floating Point Options"
 depends on CPU_HAS_FPU
 
diff --git a/arch/arm/include/cortex_m/tz.h b/arch/arm/include/cortex_m/tz.h
index d2f21887b88..5c6258da1da 100644
--- a/arch/arm/include/cortex_m/tz.h
+++ b/arch/arm/include/cortex_m/tz.h
@@ -269,6 +269,7 @@ typedef void __attribute__((cmse_nonsecure_call)) (*tz_ns_func_ptr_t) (void);
 /* Required for C99 compilation */
 #define typeof  __typeof__
 
+#if defined(CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS)
 /**
  * @brief Non-Secure entry function attribute.
  *
@@ -282,6 +283,8 @@ typedef void __attribute__((cmse_nonsecure_call)) (*tz_ns_func_ptr_t) (void);
 #define __TZ_NONSECURE_ENTRY_FUNC \
 	__attribute__((cmse_nonsecure_entry, noinline))
 
+#endif /* CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS */
+
 /**
  * @brief Declare a pointer of non-secure function type
  *
diff --git a/include/arch/arm/cortex_m/scripts/linker.ld b/include/arch/arm/cortex_m/scripts/linker.ld
index 7d3fec09847..5c8635800f1 100644
--- a/include/arch/arm/cortex_m/scripts/linker.ld
+++ b/include/arch/arm/cortex_m/scripts/linker.ld
@@ -184,6 +184,22 @@ SECTIONS
 	. = ALIGN(4);
 	} GROUP_LINK_IN(ROMABLE_REGION)
 
+#if defined CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
+#if CONFIG_ARM_NSC_REGION_BASE_ADDRESS != 0
+       SECTION_PROLOGUE(.gnu.sgstubs,CONFIG_ARM_NSC_REGION_BASE_ADDRESS,)
+#else
+       SECTION_PROLOGUE(.gnu.sgstubs,,)
+#endif /* CONFIG_ARM_NSC_REGION_BASE_ADDRESS != 0 */
+       {
+       . = ALIGN(4);
+       __sg_start = .;
+       *(.gnu*)
+       . = ALIGN(4);
+       __sg_end = .;
+       __sg_size = __sg_end - __sg_start;
+       } GROUP_LINK_IN(ROMABLE_REGION)
+#endif /* CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS */
+
 	_image_rodata_end = .;
 	_image_rom_end = .;
 
diff --git a/include/linker/linker-defs.h b/include/linker/linker-defs.h
index 4aa73581d8f..4836fc9607d 100644
--- a/include/linker/linker-defs.h
+++ b/include/linker/linker-defs.h
@@ -263,6 +263,15 @@ extern char __ccm_noinit_end[];
 extern char __ccm_end[];
 #endif /* CONFIG_CCM_BASE_ADDRESS */
 
+/* Used by the Security Attribution Unit to configure the
+ * Non-Secure Callable region.
+ */
+#ifdef CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
+extern char __sg_start[];
+extern char __sg_end[];
+extern char __sg_size[];
+#endif /* CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS */
+
 
 #endif /* ! _ASMLANGUAGE */