- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Accessing FLEXCAN in secure user mode
Accessing FLEXCAN in secure user mode
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Accessing FLEXCAN in secure user mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
We have a bare-metal application (no Linux) that runs in "secure user" mode. The first access to the FELXCAN registers (a load) causes an abort. I have verified and the clocks are all set up properly, and memory mappings are all correct too.
I set a break-point on this problematic load instruction (which is the first access to the FLEXCAN peripheral). After the debugger hit the break-point, a single-step caused an abort of course. Then I rebooted the board and stopped on the same instruction again, manually changed the CPU mode to "secure system" through the JTAG debugger and then single-stepped, the load instruction executed correctly. This implied that "secure user" didn't have access to FLEXCAN.
Inspection of the CSU registers (CSU_CL0 in this case) showed that the value is set to 0x00330033, which according to the Security Reference Manual should permit RD+WR for secure user mode. The AIPSTZx_OPACx registers are all set to zero (and AIPSTZx_MPR gives access to all four masters), so the peripherals should not need supervisor privilege for access.
Out of curiosity, I performed two tests:
- Set CSU_CL0 to 0x00FF00FF to make it fully permissive (full RD+WR access in all modes), and accessing the register in secure user mode still caused a trap (wrong behaviour)
- Set CSU_CL0 to 0x00000000 to make it fully disallow access, and accessing the register even in secure system mode caused a trap (correct behaviour, proving that I am modifying the correct CSU register, and my modifications take effect)
Can anyone shed some light on this? To me it seems like a silicon errata, in which it doesn't allow access to FLEXCAN in secure user mode, no matter the security configuration. I'm have verified this on IMX6Q (SabreLite) and IMX6QPLUS (Nitrogen).
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Igor,
I think you are misunderstanding my question. What I'm asking is why the FLEXCAN device can be accessed in secure system mode, but not secure user mode, if the corresponding CSU register (according to the NXP manual itself) is set up to give access to both modes.
Regards,
Ali
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ali
this mode is specific TrustZone secure mode:
TrustZone (Secure) non-Privilege (User) Mode
there is no support trustzone in nxp bsps or bare metal examples,
suggest try arm examples on above link and try to get extended security support
using NXP Professional Services:
http://www.nxp.com/support/nxp-professional-services:PROFESSIONAL-SERVICE
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good luck in getting any further on this.
I went to download the "Security Reference Manual" to read it for myself, only to get a "24 to 48 hours approval" notice, which will probably fail given the (lack of) details in my Profile.
I would suggest you do some more investigation to see if you can narrow down the problem.
Can you perform this test on as many of the other peripherals as you can, so see if it is only FlexCAN with this problem, or whether it is a particular group of devices?
The Manuals have bugs in them. The register assignments may be wrong. So the bits you're changing in the CSU may not be the ones wired to FlexCAN. I would suggest enabling access for every device in the system through the CSU registers except for the ones documented to be for FlexCAN. If you can get to it then, try to find out which bits in the register actually control FlexCAN.
Is the FlexCAN core on the other side of a peripheral bridge that might also be participating in the security model? Same test as for the previous suggestion - turn everything else on and see if it works, then start turning things off until it doesn't. For instance "13.1.1 Features" mentions security settings for the "AHB to IP Bridge", detailed in the Security Reference Manual.
Let us know if you find anything.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the pointer to that manual. Not much use demanding registration for access to a manual when it is freely available there.
The documentation in that manual on which registers connect to what looks pretty bulletproof. I'd still try "enabling everything" to see if anything changes.
It is hard to find in the manual (and I can't find a diagram showing this), but the FlexCAN peripherals are on the "IPS Bus" and that is bridged through to the "AHB" via the AIPSTZ. And that has security override stuff in it, so I'd check its registers too. Section 1.9 in the Security Manual mentions this, and the register definitions look to be in the normal Reference Manual.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Tom. Tried "enabling everything else" and it didn't help.
And I had forgotten to mention that the AIPSTZx_OPACx registers are all set to zero (and AIPSTZx_MPR gives access to all four masters), so the peripherals should not need supervisor privilege for access. I'll add this to the original post.
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom
Security Reference Manual can be found on (though not latest version )
Q&A: How is mx6 PMIC_ON_REQ under SW control? | NXP Community
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Igor,
Thanks for your answer.
Quoting from the manual:
There are four security modes of operation in the system distinguished by security (TrustZone/non-TrustZone) and privilege (Supervisor/User) setting of the module. Below is the list of these security modes from the highest security level to the lowest:
1. TrustZone (Secure) Privilege (Supervisor) Mode - Highest Security Level
2. TrustZone (Secure) non-Privilege (User) Mode - Medium Security Level
3. non-TrustZone (Regular) Privilege (Supervisor) Mode - Medium Security Level
4. non-TrustZone (Regular) non-Privilege (User) Mode - Lowest Security Level
By "secure user mode" I was referring to the second level above, and by "secure system mode" I was referring to the first. The only difference that I was manually setting the processor mode to "system" instead of "supervisor":
System mode: Software executing in System mode executes at PL1. System mode has the same registers available as User mode, and is not entered by any exception.
The default CSU_CL0 value of 0x00330033 is supposed to provide RD+WR access for the first two security levels above, but doesn't seem to work for the second.
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ali
unfortunately nxp does not support trustzone in its bsps, however
one can try arm examples on below link
Best regards
igor
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ali
seems there is confusion regarding "secure user mode",
as vague defined mode. Could you provide documentation where it is
defined. Seems "secure system" as you described is secure mode used
in processor documentation.
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
