• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 33 subscribers
  • Views 250 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMDSCNCD263P: HsmClient_setFirewall hangs

Tobias Jäggi
Prodigy 50 points

Part Number: TMDSCNCD263P
Other Parts Discussed in Thread: SYSCONFIG

Hey TI forum,

I am working on ensuring exclusive access to  L2OCRAM BANK 0 for R5FSS0_0 using the MPU Firewall.

I modified the hsm_services example (examples/drivers/hsmclient/hsm_services) with an additional MPU region configuration so that only R5FSS0_0 has access to L2OCRAM BANK 0:

image.png

With this additional MPU region, the function HsmFirewallApp hangs on line 95 inside HsmClient_setFirewall (HsmClient_SendAndRecv never returns).

Restricting the other RAM banks to R5FSS0_0 works fine, only L2OCRAM BANK 0 causes HsmClient_setFirewall to hang.

What can cause HsmClient_setFirewall to hang?

Bonus question: What is the Region Number parameter in the sysconfig MPU Region Configuration used for? I was unable to find any documentation about it in both MCU+ SDK and TIFS-MCU docs.

Thanks for the help!

 

I used

  • AM263Px control card
  • MCU+ SDK for AM263Px 26.0.0.01
  • CCS 20.4.1.4__1.10.1
  • sbl null, the app is loaded into ram using the CCS debug option
  • 0
    TI__Guru* 89081 points

    Hi Tobias,

    Tobias Jäggi said:

    With this additional MPU region, the function HsmFirewallApp hangs on line 95 inside HsmClient_setFirewall (HsmClient_SendAndRecv never returns).

    Restricting the other RAM banks to R5FSS0_0 works fine, only L2OCRAM BANK 0 causes HsmClient_setFirewall to hang.

    Can you add HSM as well as priv ID and check if you are seeing this hang?

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 50 points

    Hi Nikhil
    Thanks for your reply.
    I do not understand what you mean with

    Nikhil Dasan said:
    Can you add HSM as well as priv ID and check if you are seeing this hang?

    Can you further describe the changes you want me to test?

    Thanks for the help
    Tobias

  • 0 in reply to Tobias Jäggi
    TI__Guru* 89081 points

    Hi,

    Sorry, I mean can you add HSM as well into the Priv IDs allowed section of the sysconfig? Currently it is only showing R5F0_0

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 50 points

    Hi Nikhil
    HSM is not an option in the Priv IDs Allowed drop down:

    Note that the HsmClient_setFirewall hangs even if I select all Priv IDs.

    Thanks for the help
    Tobias

  • +1
    TI__Prodigy 70 points

    Hi Tobias,

    To understand the issue of HsmClient_setFirewall hanging, we will start with the bonus question that you had asked.

    Tobias Jäggi said:
    What is the Region Number parameter in the sysconfig MPU Region Configuration used for?

     Each MPU firewall module contains multiple region descriptor registers that define independent memory protection rules. These region descriptors are indexed by a region number (also called region ID or region index). Each region is an independent hardware protection descriptor with its own address range, privilege ID mask, and permission
    attributes.

    For the L2OCRAM_BANK0_SLV, there are 8 regions, out of which the region 0 is configured by default, by the HSMRt during secure boot init, to enable system operation.

    (Image from TRM of System MPU/Firewalls Section)

    Here, this OCRAM_BANK0 (0x70000000 - 0x7007FFFF) is very crucial for SIPC which is used in communication between HSM Client and HSM Server. All the parameters of the SIPC_Notify calls stay in this region. Thus, it is very crucial for M4FSS0 core to have access to this region to process any HsmClient request.

    Now, when you try to add another firewall configuration on the same region 0 for L2OCRAM_BANK0_SLV, the existing configuration intialized by the HSMRt gets overwritten and thus, the access to the OCRAM is restricted for M4FSS0 core, as in the configuration, you have allowed only the R5FSS0_0 core. Thus, the HsmClient_setFirewall() function gets stuck.

    The easy fix, would be to use a region number other than 0 (you can try 2), this would not overwrite the initialization done by the HSMRt. Now, the M4 core still retains its access to OCRAM and thus, HsmClient_setFirewall() executes without getting stuck.



    Regards,
    Naren 

  • 0 in reply to Naren Siddharth M
    Prodigy 50 points

    Thank you Naren for the detailed explanation!
    I was able to recreate your results.