Pre-allocate secure-side context structures

This commit improves ARMv8-M security by pre-allocating secure-side task context structures and changing how tasks reference a secure-side context structure when calling a secure function. The new configuration constant secureconfigMAX_SECURE_CONTEXTS sets the number of secure context structures to pre-allocate. secureconfigMAX_SECURE_CONTEXTS defaults to 8 if left undefined. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2025-08-20 10:08:33 -04:00 · 2021-08-04 14:52:22 -07:00 · 2021-08-04 14:52:22 -07:00 · ccaa0f4d6e
commit ccaa0f4d6e
parent f8ada39d85
27 changed files with 1012 additions and 657 deletions
--- a/portable/ARMv8M/secure/context/secure_context.h
+++ b/portable/ARMv8M/secure/context/secure_context.h
@ -36,15 +36,29 @@
 #include "FreeRTOSConfig.h"

 /**
- * @brief PSP value when no task's context is loaded.
+ * @brief PSP value when no secure context is loaded.
 */
 #define securecontextNO_STACK    0x0
+/*-----------------------------------------------------------*/

 /**
- * @brief Opaque handle.
+ * @brief Structure to represent a secure context.
+ *
+ * @note Since stack grows down, pucStackStart is the highest address while
+ * pucStackLimit is the first address of the allocated memory.
 */
-struct SecureContext;
-typedef struct SecureContext * SecureContextHandle_t;
+typedef struct SecureContext
+{
+    uint8_t * pucCurrentStackPointer; /**< Current value of stack pointer (PSP). */
+    uint8_t * pucStackLimit;          /**< Last location of the stack memory (PSPLIM). */
+    uint8_t * pucStackStart;          /**< First location of the stack memory. */
+} SecureContext_t;
+/*-----------------------------------------------------------*/
+
+/**
+ * @brief Opaque handle for a secure context.
+ */
+typedef uint32_t SecureContextHandle_t;
 /*-----------------------------------------------------------*/

 /**