Can't read Secure Region with Segger J-Link on LPC55S69-EVK

cancel
Showing results for 
Search instead for 
Did you mean: 

Can't read Secure Region with Segger J-Link on LPC55S69-EVK

462 Views
chris18
Contributor II

When using SEGGER JLink, I can't seem to read memory in the secure region from GDB. For example on the hello_world_ trustzone demo app in the sdk, I always see access errors for secure regions reads

(gdb) x/a *(uint32_t*)0x30000000
Cannot access memory at address 0x30000000

but non-secure regions work fine:

(gdb) x/a *(uint32_t*)0x20008000
0x20008920:    0x20008898

Any ideas on how to fix this? Thanks!

Labels (1)
4 Replies

193 Views
chris18
Contributor II

Just in case anyone else runs into this, I probed the underlying SWD transaction figured it out. SEGGER JLink looks like it's masking out the secure bit (bit 28) so an access to 0x3000.0000 gets issued out over the wire as an access to 0x2000.0000 causing a fault.

The problem can be worked around by disabling the SAU while debugging, i.e

// Try to read

(gdb) x/a 0x30000000
0x30000000 <SystemCoreClock>:    Cannot access memory at address 0x30000000

// put processor in secure mode

(gdb) set *(uint32_t*)0xE000EE08=0x10000

// disable SAU

(gdb) set *(uint32_t*)0xE000EDD0=0x0

// read should now work

(gdb) x/a 0x30000000
0x30000000 <SystemCoreClock>:    0x5b8d800

Interestingly, it seems like when debugging with the LinkServer in the MCUXpresso IDE the SAU gets disabled and I don't see any logic in the code which enables the SAU. So I guess you have to fully power cycle the board when using the IDE to actually be testing the trustzone features.

193 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

Hi Chris,

For Secure data, it can only be read by secure code. Secure code can only be execute by CPU in secure mode.

Below is the summary of Trustzone memory regions:

    1. Secure (S) - For Secure code/data

        −Secure data can only be read by secure code

        −Secure code can only be executed by CPU in secure mode

 2.  Non-Secure (NS) – For non-Secure code/data

       −NS Data can be accessed by both secure state and non-secure state CPU

      −Cannot be executed by Secure code

 3 Non-Secure Callable (NSC)

      −This is a special region for NS code to branch into and execute a Secure Gateway (SG) opcode.

Have a great day,
Jun Zhang

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

193 Views
chris18
Contributor II

Hi Jun,

Thanks for the response. Yes, in this case I was trying to read the memory via a debugger, *not* from code running on the MCU itself. While there are restrictions on the DAP side as well, as long as Secure Debug is Enabled (DHCSR.S_SDE), I believe the debugger should be able to read the memory. As I mentioned above, the issue I ran into looks like it was due to a bug in the SEGGER JLink software. The LinkServer appears to disable the SAU entirely which isn't good for testing either. I wound up using pyOCD GDBServer because I could do reads from secure and non-secure code/data & it didn't appear to mess with any of the MCU state.

0 Kudos

193 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

Thanks Chris,

To avoid any misunderstanding, can you make a video to show me the issue?

I will check it further. Thanks for your cooperation.

Have a nice day,

Jun Zhang

0 Kudos