1. Introduction
In the context of the Secure Manager, an RTOS can be used. In this article, we will explore how an RTOS can be use with the Secure Manager, focused on the mechanism provided to ensure thread safe secure calls. We will now use FreeRTOS to show how the implementation is done.
2. Implementation example
2.1. Thread-safe secure calls
We will have to protect the API calls. There is a mechanism in the middleware that allows interfacing with the secure-manager. This mechanism, based on functions defined as __weak, will have to be re-implemented by integrating our protection based on mutexes. The use of mutex as a mechanism to synchronize access to the PSA API and protect shared resources.
- Declare a mutex and initialize it to 0:
static SemaphoreHandle_t nsIpcMutex = { 0 };
- Create a function that creates the mutex and assigns it to the nsIpcMutex variable. If the mutex creation fails, log an error:
void tfm_ns_interface_init( void )
{
nsIpcMutex = xSemaphoreCreateMutex();
if(nsIpcMutex == NULL)
{
// Logging Error
}
}
- Implement the acquisition and release of the mutex in the ns_ipc_seq_begin and ns_ipc_seq_end functions, respectively. This ensuring that shared resources are not accessed simultaneously:
void ns_ipc_seq_begin(const ns_ipc_seq_info_t* info)
{
/* Lock mutex */
if(nsIpcMutex != NULL)
{
xSemaphoreTake(nsIpcMutex, portMAX_DELAY );
}
….
}
void ns_ipc_seq_end(const ns_ipc_seq_info_t* info)
{
/* Unlock mutex */
if(nsIpcMutex != NULL)
{
xSemaphoreGive(nsIpcMutex);
}
….
}
For more concrete examples, an actual implementations can be found in X-Cube-AWS & X-Cube-Azure using the Secure Manager with a real-time operating system.
2.2. Memory Management
SRAM 3 can be configured with heap RTOS configuration. The heap_5 implementation of FreeRTOS dynamic memory allocator is selected to use non-contiguous memory regions in SRAM1 and SRAM3. During initialization, prvInitializeHeap() needs to be set up.