1. Introduction
In the context of the Secure Manager, an RTOS can be used. In this article, we will explore how an RTOS can be used with the Secure Manager, with a focus on the mechanism provided to ensure secure thread-safe calls. To do this, we will take the example of a non-secure application like SMAK that uses the Secure Manager service. We will see the differences to implement for the non-secure application to use the Secure Manager in multi-thread.
The different steps and prerequisites to integrate a non-secure application with the Secure Manager can be find here Security:Secure Manager STM32H5 How to Intro - stm32mcu which details: Secure Manager installation, non-secure application development, firmware update, etc.
2. Implementation example
2.1. Thread-safe secure calls
We will have to protect the API calls. There is a mechanism in the middleware that allows interfacing with the secure-manager. This mechanism, based on functions defined as __weak, will have to be re-implemented by integrating our protection based on mutexes. The use of mutex as a mechanism to synchronize access to the PSA API.
1. Declare a mutex and initialize it to 0:
static SemaphoreHandle_t nsIpcMutex = { 0 };
2. Create a function that creates the mutex and assigns it to the nsIpcMutex variable. If the mutex creation fails, log an error:
void tfm_ns_interface_init( void )
{
nsIpcMutex = xSemaphoreCreateMutex();
if(nsIpcMutex == NULL)
{
// Logging Error
}
}
3. Implement the acquisition and release of the mutex in the ns_ipc_seq_begin and ns_ipc_seq_end functions, respectively. This ensuring that shared resources are not accessed simultaneously:
void ns_ipc_seq_begin(const ns_ipc_seq_info_t* info)
{
/* Lock mutex */
if(nsIpcMutex != NULL)
{
xSemaphoreTake(nsIpcMutex, portMAX_DELAY );
}
….
}
void ns_ipc_seq_end(const ns_ipc_seq_info_t* info)
{
/* Unlock mutex */
if(nsIpcMutex != NULL)
{
xSemaphoreGive(nsIpcMutex);
}
….
}
Firmware
└───ST
└───secure_manager_api
└───ipc
└───nonsecure
└───src
└───tfm_ns_interface.c
For more concrete examples, an actual implementations can be found in X-Cube-AWS & X-Cube-Azure using the Secure Manager with a real-time operating system.
2.2. Memory Management
SRAM 3 can be configured with heap RTOS configuration. The heap_5 implementation of FreeRTOS dynamic memory allocator is selected to use non-contiguous memory regions in SRAM1 and SRAM3. During initialization, prvInitializeHeap() needs to be set up.