Pre-allocate secure-side context structures

This commit improves ARMv8-M security by pre-allocating secure-side task context structures and changing how tasks reference a secure-side context structure when calling a secure function. The new configuration constant secureconfigMAX_SECURE_CONTEXTS sets the number of secure context structures to pre-allocate. secureconfigMAX_SECURE_CONTEXTS defaults to 8 if left undefined. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2026-03-19 15:21:18 -04:00 · 2021-08-04 14:52:22 -07:00 · 2021-08-04 14:52:22 -07:00 · ccaa0f4d6e
commit ccaa0f4d6e
parent f8ada39d85
27 changed files with 1012 additions and 657 deletions
--- a/portable/ARMv8M/secure/context/portable/IAR/ARM_CM23/secure_context_port.c
+++ b/portable/ARMv8M/secure/context/portable/IAR/ARM_CM23/secure_context_port.c
@ -1,49 +0,0 @@
-/*
- * FreeRTOS Kernel <DEVELOPMENT BRANCH>
- * Copyright (C) 2021 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * SPDX-License-Identifier: MIT
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
- */
-
-/* Secure context includes. */
-#include "secure_context.h"
-
-/* Secure port macros. */
-#include "secure_port_macros.h"
-
-/* Functions implemented in assembler file. */
-extern void SecureContext_LoadContextAsm( SecureContextHandle_t xSecureContextHandle );
-extern void SecureContext_SaveContextAsm( SecureContextHandle_t xSecureContextHandle );
-
-secureportNON_SECURE_CALLABLE void SecureContext_LoadContext( SecureContextHandle_t xSecureContextHandle )
-{
-    SecureContext_LoadContextAsm( xSecureContextHandle );
-}
-/*-----------------------------------------------------------*/
-
-secureportNON_SECURE_CALLABLE void SecureContext_SaveContext( SecureContextHandle_t xSecureContextHandle )
-{
-    SecureContext_SaveContextAsm( xSecureContextHandle );
-}
-/*-----------------------------------------------------------*/
--- a/portable/ARMv8M/secure/context/portable/IAR/ARM_CM23/secure_context_port_asm.s
+++ b/portable/ARMv8M/secure/context/portable/IAR/ARM_CM23/secure_context_port_asm.s
@ -26,52 +26,56 @@
 *
 */

-	SECTION .text:CODE:NOROOT(2)
-	THUMB
+    SECTION .text:CODE:NOROOT(2)
+    THUMB

-	PUBLIC SecureContext_LoadContextAsm
-	PUBLIC SecureContext_SaveContextAsm
+    PUBLIC SecureContext_LoadContextAsm
+    PUBLIC SecureContext_SaveContextAsm

 #if ( configENABLE_FPU == 1 )
-	#error Cortex-M23 does not have a Floating Point Unit (FPU) and therefore configENABLE_FPU must be set to 0.
+    #error Cortex-M23 does not have a Floating Point Unit (FPU) and therefore configENABLE_FPU must be set to 0.
 #endif
 /*-----------------------------------------------------------*/

 SecureContext_LoadContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, load_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	ldmia r0!, {r1, r2}						/* r1 = xSecureContextHandle->pucCurrentStackPointer, r2 = xSecureContextHandle->pucStackLimit. */
-#if ( configENABLE_MPU == 1 )
-	ldmia r1!, {r3}							/* Read CONTROL register value from task's stack. r3 = CONTROL. */
-	msr control, r3							/* CONTROL = r3. */
-#endif /* configENABLE_MPU */
-	msr psplim, r2							/* PSPLIM = r2. */
-	msr psp, r1								/* PSP = r1. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                    /* r1 = IPSR. */
+    cbz r1, load_ctx_therad_mode    /* Do nothing if the processor is running in the Thread Mode. */
+    ldmia r0!, {r1, r2}             /* r1 = pxSecureContext->pucCurrentStackPointer, r2 = pxSecureContext->pucStackLimit. */

-	load_ctx_therad_mode:
-		bx lr
+#if ( configENABLE_MPU == 1 )
+    ldmia r1!, {r3}                 /* Read CONTROL register value from task's stack. r3 = CONTROL. */
+    msr control, r3                 /* CONTROL = r3. */
+#endif /* configENABLE_MPU */
+
+    msr psplim, r2                  /* PSPLIM = r2. */
+    msr psp, r1                     /* PSP = r1. */
+
+    load_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/

 SecureContext_SaveContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, save_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	mrs r1, psp								/* r1 = PSP. */
-#if ( configENABLE_MPU == 1 )
-	mrs r2, control							/* r2 = CONTROL. */
-	subs r1, r1, #4							/* Make space for the CONTROL value on the stack. */
-	str r1, [r0]							/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-	stmia r1!, {r2}							/* Store CONTROL value on the stack. */
-#else /* configENABLE_MPU */
-	str r1, [r0]							/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-#endif /* configENABLE_MPU */
-	movs r1, #0								/* r1 = securecontextNO_STACK. */
-	msr psplim, r1							/* PSPLIM = securecontextNO_STACK. */
-	msr psp, r1								/* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                    /* r1 = IPSR. */
+    cbz r1, save_ctx_therad_mode    /* Do nothing if the processor is running in the Thread Mode. */
+    mrs r1, psp                     /* r1 = PSP. */

-	save_ctx_therad_mode:
-		bx lr
+#if ( configENABLE_MPU == 1 )
+    mrs r2, control                 /* r2 = CONTROL. */
+    subs r1, r1, #4                 /* Make space for the CONTROL value on the stack. */
+    str r1, [r0]                    /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+    stmia r1!, {r2}                 /* Store CONTROL value on the stack. */
+#else /* configENABLE_MPU */
+    str r1, [r0]                    /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+#endif /* configENABLE_MPU */
+
+    movs r1, #0                     /* r1 = securecontextNO_STACK. */
+    msr psplim, r1                  /* PSPLIM = securecontextNO_STACK. */
+    msr psp, r1                     /* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+
+    save_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/

-	END
+    END
--- a/portable/ARMv8M/secure/context/portable/IAR/ARM_CM33/secure_context_port.c
+++ b/portable/ARMv8M/secure/context/portable/IAR/ARM_CM33/secure_context_port.c
@ -1,49 +0,0 @@
-/*
- * FreeRTOS Kernel <DEVELOPMENT BRANCH>
- * Copyright (C) 2021 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * SPDX-License-Identifier: MIT
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
- */
-
-/* Secure context includes. */
-#include "secure_context.h"
-
-/* Secure port macros. */
-#include "secure_port_macros.h"
-
-/* Functions implemented in assembler file. */
-extern void SecureContext_LoadContextAsm( SecureContextHandle_t xSecureContextHandle );
-extern void SecureContext_SaveContextAsm( SecureContextHandle_t xSecureContextHandle );
-
-secureportNON_SECURE_CALLABLE void SecureContext_LoadContext( SecureContextHandle_t xSecureContextHandle )
-{
-    SecureContext_LoadContextAsm( xSecureContextHandle );
-}
-/*-----------------------------------------------------------*/
-
-secureportNON_SECURE_CALLABLE void SecureContext_SaveContext( SecureContextHandle_t xSecureContextHandle )
-{
-    SecureContext_SaveContextAsm( xSecureContextHandle );
-}
-/*-----------------------------------------------------------*/
--- a/portable/ARMv8M/secure/context/portable/IAR/ARM_CM33/secure_context_port_asm.s
+++ b/portable/ARMv8M/secure/context/portable/IAR/ARM_CM33/secure_context_port_asm.s
@ -26,49 +26,54 @@
 *
 */

-	SECTION .text:CODE:NOROOT(2)
-	THUMB
+    SECTION .text:CODE:NOROOT(2)
+    THUMB

-	PUBLIC SecureContext_LoadContextAsm
-	PUBLIC SecureContext_SaveContextAsm
+    PUBLIC SecureContext_LoadContextAsm
+    PUBLIC SecureContext_SaveContextAsm
 /*-----------------------------------------------------------*/

 SecureContext_LoadContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, load_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	ldmia r0!, {r1, r2}						/* r1 = xSecureContextHandle->pucCurrentStackPointer, r2 = xSecureContextHandle->pucStackLimit. */
-#if ( configENABLE_MPU == 1 )
-	ldmia r1!, {r3}							/* Read CONTROL register value from task's stack. r3 = CONTROL. */
-	msr control, r3							/* CONTROL = r3. */
-#endif /* configENABLE_MPU */
-	msr psplim, r2							/* PSPLIM = r2. */
-	msr psp, r1								/* PSP = r1. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                        /* r1 = IPSR. */
+    cbz r1, load_ctx_therad_mode        /* Do nothing if the processor is running in the Thread Mode. */
+    ldmia r0!, {r1, r2}                 /* r1 = pxSecureContext->pucCurrentStackPointer, r2 = pxSecureContext->pucStackLimit. */

-	load_ctx_therad_mode:
-		bx lr
+#if ( configENABLE_MPU == 1 )
+    ldmia r1!, {r3}                     /* Read CONTROL register value from task's stack. r3 = CONTROL. */
+    msr control, r3                     /* CONTROL = r3. */
+#endif /* configENABLE_MPU */
+
+    msr psplim, r2                      /* PSPLIM = r2. */
+    msr psp, r1                         /* PSP = r1. */
+
+    load_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/

 SecureContext_SaveContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, save_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	mrs r1, psp								/* r1 = PSP. */
-#if ( configENABLE_FPU == 1 )
-	vstmdb r1!, {s0}						/* Trigger the defferred stacking of FPU registers. */
-	vldmia r1!, {s0}						/* Nullify the effect of the pervious statement. */
-#endif /* configENABLE_FPU */
-#if ( configENABLE_MPU == 1 )
-	mrs r2, control							/* r2 = CONTROL. */
-	stmdb r1!, {r2}							/* Store CONTROL value on the stack. */
-#endif /* configENABLE_MPU */
-	str r1, [r0]							/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-	movs r1, #0								/* r1 = securecontextNO_STACK. */
-	msr psplim, r1							/* PSPLIM = securecontextNO_STACK. */
-	msr psp, r1								/* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                        /* r1 = IPSR. */
+    cbz r1, save_ctx_therad_mode        /* Do nothing if the processor is running in the Thread Mode. */
+    mrs r1, psp                         /* r1 = PSP. */

-	save_ctx_therad_mode:
-		bx lr
+#if ( configENABLE_FPU == 1 )
+    vstmdb r1!, {s0}                    /* Trigger the defferred stacking of FPU registers. */
+    vldmia r1!, {s0}                    /* Nullify the effect of the pervious statement. */
+#endif /* configENABLE_FPU */
+
+#if ( configENABLE_MPU == 1 )
+    mrs r2, control                     /* r2 = CONTROL. */
+    stmdb r1!, {r2}                     /* Store CONTROL value on the stack. */
+#endif /* configENABLE_MPU */
+
+    str r1, [r0]                        /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+    movs r1, #0                         /* r1 = securecontextNO_STACK. */
+    msr psplim, r1                      /* PSPLIM = securecontextNO_STACK. */
+    msr psp, r1                         /* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+
+    save_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/

-	END
+    END