• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 99 subscribers
  • Views 1152 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM335x RTOS linker command file and MMU

Cazaban Laurence
Expert 1500 points
Other Parts Discussed in Thread: SYSBIOS

Hello everybody !

I'm working with the following software configuration:

    • Code Composer Studio version CCS 6.1.1.00022
    • SYS/BIOS 6.41.4.54 Real Time Operating System
    • XDC Tool 3.31.1.33_core
    • Compiler GNU v4.8.4 (Linaro)
    • NDK 2.24.3.35
    • Sysbios sdk 2.1.1.2

I have developped  the command of a motor that is implemented on a SITARA ARM3359.

At the moment, I have a hard issue on a security subject.

In fact, my ARM contains both fonctionnal code and security code (for example safety stop SS1).

In order to be in adequation with the conformity, I have to certifiate that the memory that is containing security code is well protected.

So my idea is to put the code and the data of my security functions in a well specified memory region and protect this region with MMU.

But I don't find how to do:

  • Where can I find The linker command file that is generating linker.cmd (it is written "This file was generated by linkcmd_bm_v7a.xdt from the gnu.target.arm  package" but I don't find where it is !
  • How can I put my security data and secuirty code in 2 specified regions?
  • How can I configure MMU to protect these regions ?

I will be very happy if someone could help me !

Thanks a lot.

Laurence

  • 0
    TI__Guru**** 393215 points
    The RTOS team have been notified. They will respond here.
  • 0
    TI__Guru** 116170 points

    Cazaban,

    SYSBIOS uses the platform definition provided under the path bios_6_x_x_x\packages\ti\platforms\evmAM3359\Platform.xdc. this defines the DDR section and the file iAM335x.xdc defines the SRAM and OCMC memory sections. If you need to place code in separate sections then you can do this in 2 ways.

    1. Create your own platform definition in SYSBIOS with partitioning of the DDR or OSMC memory sections and use this to build your project.  If you use this scheme then you can move your section of code in the secure code memory sections using the following syntax:

    Eg. Let us say you create a section OCMC_SEC_RAM1 in the platfom definition, and you create a section SECURE_DATA for secure data and SECURE_CODE for secure code, then you can place the code in that section using the following syntax

    Program.sectMap["SECURE_DATA"] = "OCMC_SEC_RAM1";

Program.sectMap["SECURE_CODE"] = "OCMC_SEC_RAM1";

    In your code use the following around the secure data you want to place in OCMC_SEC_RAM1

    const secure_data data[] __attribute__((section("SECURE_DATA"))) = {

}

void SecureFxnCfg(input1 , input2) __attribute__((section("SECURE_CODE")));

    for more eg:

    2. Change the length of the DDR or OCMC section in Platform.xdc and/or IAM335x.xdc and then add your own linker command file to the project with additional section definition where you want to place your secure code. In this case you can add the following in the linker command file.

    SECTIONS

{

SECURE_CODE :

{

. = ALIGN(4);

*(SECURE_CODE*)

} > OCMC_SEC_RAM1

SECURE_DATA :

{

. = ALIGN(4);

*(SECURE_DATA*)

} > OCMC_SEC_RAM1

}

    Hope this helps.

    Regards,

    Rahul

  • 0 in reply to Rahul Prabhu
    Expert 1500 points

    Hello Rahul,

    Thanks a lot for your help !

    Your informations allowed me to create un Security Zone in DDR3 named DDR3Secure

    Name             Origin             Length             Attributes
    SRAM_LO          0x402f0000         0x00000400         xrw
    SRAM_HI          0x402f0400         0x0000fc00         xrw
    OCMC_SRAM        0x40300000         0x00010000         xrw
    DDR3             0x80000000         0x03ff0000         xrw
    DDR3Secure       0x83ff0000         0x00010000         xrw

    And place my safety code and data in this zone:

    SECURE_CODE     0x83ff0000      0x6e0
                    0x83ff0000                . = ALIGN (0x4)
     *(SECURE_CODE*)
     SECURE_CODE    0x83ff0000      0x688 ./Axis/brakeSoft.o
                    0x83ff0000                resetBrakeSoft
                    0x83ff0090                initParamBrakeSoft
                    0x83ff0150                enableBrakeSoft
                    0x83ff0180                toggleBrakeSoft
                    0x83ff01a4                setBrakeMode
                    0x83ff0228                GetBrakeMode
                    0x83ff0238                runBrakeSoft
     SECURE_CODE.__stub
                    0x83ff0688       0x58 linker stubs


    SECURE_DATA     0x83ff06e0       0x3c
                    0x83ff06e0                . = ALIGN (0x4)
     *(SECURE_DATA*)
     SECURE_DATA    0x83ff06e0       0x3c ./Axis/brakeSoft.o
                    0x83ff06e0                startBrake
                    0x83ff06e1                functionEnable
                    0x83ff06e2                isEnabled
                    0x83ff06e4                cptMstBrake
                    0x83ff06e8                decelBrake
                    0x83ff06ec                pwmBrake
                    0x83ff06f0                nbrItMaitre
                    0x83ff06f4                cptItVerifSpeedBrake
                    0x83ff06f8                cptItBrake
                    0x83ff06fc                absSpeedBrake
                    0x83ff0700                oldAbsESpeedBrake
                    0x83ff0704                cptItVerifSpeedBrakeMax
                    0x83ff0708                decelFreinageLoopOff_brake
                    0x83ff070c                decelFreinageLoopOn_brake
                    0x83ff0710                cptTimeVuitonBrakeOver
                    0x83ff0714                cptDepassementFreinageVuiton

    Now I would like to protect DDR3Secure thanks to MMU but I don't find any document that explain How to do that !

    Is there everyone who can help me ?

     

    Thanks,


    Laurence

  • 0 in reply to Cazaban Laurence
    TI__Mastermind 44306 points
    Hi Laurence,

    I think this is not trivial and there is no direct support in Sys/Bios for protecting memory access. You may manage this on your own but I discussed this with a safety expert here and he recommended to look at dedicated safety RTOS from other vendors. Especially if you need to get your solution certified against a safety standard this might be the easier route. I am not a safety expert...
    TI also has dedicated devices for safety applications but current Sitara devices are not part of that.

    Regards,
  • 0 in reply to Cazaban Laurence
    TI__Guru** 116170 points
    Laurence,

    The SYSBIOS supported MMU configuration for Cortex A8 devices is documented here:
    software-dl.ti.com/.../Mmu.html

    But for general MMU configuration you need to access the ARM TRM for Cortex A8
    infocenter.arm.com/.../index.jsp

    Regards,
    Rahul
  • 0 in reply to Rahul Prabhu
    Expert 1500 points

    Hello Rahul,

    Thanks a lot for your help!

    In fact, it is really difficult to understand how does MMU function.... And the documentation is very technical and the examples are not really in adequation with what I want to do....

    To be more clear, I remidn you that I put all the code and data I want to protect in a special DD3 zone named DD3Secure. This zone starts at 0x83F00000 and its size is 0x00100000.

    A little precision on the protection: I have to prove the spatial integrity of the secure code and secure data; that is to say that n one can access to this data and corrupt the code.

    I had a look to all the example provided by TI and I tried to configure this zone.

    In the file ecat_appl_cnfg.h there is already an SYS_MU_ENTRY defined by Texas:

    SYS_MMU_ENTRY applMmuEntries[] =
    {
        {(void *)0x08000000, SYS_MMU_CACHEABLE | SYS_MMU_BUFFERABLE},   //NOR - bufferable| Cacheable
        {(void *)0x08100000, SYS_MMU_CACHEABLE | SYS_MMU_BUFFERABLE},   //NOR -bufferable| Cacheable
        {(void *)0x08200000, SYS_MMU_CACHEABLE | SYS_MMU_BUFFERABLE},   //NOR - bufferable| Cacheable
        {(void *)0x48300000, 0},   //PWM - Non bufferable| Non Cacheable
        {(void *)0x48200000, 0},   //INTCPS,MPUSS - Non Bufferable| Non Cacheable
        {(void *)0x48100000, 0},   //I2C2,McSPI1,UART3,UART4,UART5, GPIO2,GPIO3,MMC1 - Non bufferable| Non Cacheable
        {(void *)0x48000000, 0},   //UART1,UART2,I2C1,McSPI0,McASP0 CFG,McASP1 CFG,DMTIMER,GPIO1 -Non bufferable| Non Cacheable
        {(void *)0x44E00000, 0},   //Clock Module, PRM, GPIO0, UART0, I2C0, - Non bufferable| Non Cacheable
        {(void *)0x4A300000, SYS_MMU_SHAREABLE | SYS_MMU_BUFFERABLE},   //PRUSS1 -Bufferable| Non Cacheable | Shareable
        {(void *)0x49000000, 0},   //EDMA3 - Non bufferable| Non Cacheable
        {(void *)0x4A000000, 0},   //L4 FAST CFG- Non bufferable| Non Cacheable
        {(void *)0x4A100000, 0},   //CPSW - Non bufferable| Non Cacheable
        {(void *)0xFFFFFFFF, 0xFFFFFFFF}
    };


     In the same file, I have defined my own mmuRegion:

    mmuMemRegionConfig_t regionDdr3Secure =
                {
                    0x83F00000,
                    1U, /* Number of pages nb de pages: 0x100000 = 1048576 = 1 * 1024 * 1024*/
                    1U*MEM_SIZE_MB, /* Page size - 1MB */
                    MMU_MEM_ATTR_NORMAL_NON_SHAREABLE,
                    MMU_CACHE_POLICY_WB_WA, /* Inner */
                    MMU_CACHE_POLICY_WB_WA, /* Outer */
                    MMU_ACCESS_CTRL_PRV_RW_USR_RW,
                    FALSE /* Non Secure memory */
                };
    The problem is that I don't find any explanation about these attribute...

    Then, in the file tiescutil.c, in the common_main() function, after the call performed by Texas:

    SDKMMUInit(applMmuEntries);

    I have added a new configuration:

            /* config DDR3Secure*/
            /* Disable MMU */
            MMUDisable();

            /* Initialize the page table and MMU */
            MMUInit((uint32_t*)pageTable, MMU_PAGETABLE_NUM_ENTRY);

            /* Map the defined regions */
            MMUMemRegionMap(&regionDdr3Secure, (uint32_t*)pageTable);

            /* Now Safe to enable MMU */
            MMUEnable((uint32_t*)pageTable);

    Do you think this configuation is ok ?

    Do you think the attributes I use are good for the memory protection I want to reach ?

    How can verify this integrity ? Is there any interrupt that occurs if something corrupt my secure zone ?

    I will be very pleased If you could help me !

    Thanks a lot.

    Laurence