@@ -332,80 +332,186 @@ Steps to Create a SecureShield Application
332332- SECURE_SYMBOL_LIST (optional), the file of symbols need to be exported to
333333 normal application from secure binary
334334
335- 2. Container Memory Configuration File (secureshield_appl_config.h)
336-
337- secureshield_appl_config.h includes the application information to generate
338- the correct memory map
339-
340- - SECURE_REGION_CONTAINERS_ROM : the regions need to be generated in
341- NORMAL_ROM
342-
343- - SECURE_REGION_CONTAINERS_RAM : the regions need to be generated in
344- NORMAL_RAM
345-
346- - SECURE_REGION_CONTAINERS_SCURE_ROM : the regions need to be generated in
347- SECURE_ROM (secure containers only)
348-
349- - SECURE_REGION_CONTAINERS_SECURE_RAM : the regions need to be generated in
350- SECURE_RAM (secure containers only)
351-
335+ 2. Container Configuration File (secureshield_appl_config.json)
336+
337+ secureshield_appl_config.json includes the application information to generate
338+ the correct containers and memory map
339+
340+ - board: the board to build and run secureshield application on
341+
342+ - secureshield_version : the secureshield version
343+
344+ - address_alignment : the data structure of secureshield application need to be
345+ aligned on
346+
347+ - predefine : define PERIPHERAL_ADDR_BASE required by PINMUX, UART1 and GPIO0
348+
349+ - containers : define containers set-up and main application
350+
351+ - memory : memory map of a secureShield application
352+
353+ - shared_memory : resources are shared in memory map
354+
355+ .. code-block :: python
356+
357+ " board" " emsk"
358+ " secureshield_version" 2 ,
359+ " address_alignment" 2048 ,
360+ " predefine"
361+ { " define_name" " PERIPHERAL_ADDR_BASE"
362+ " define_value" " 0xf0000000"
363+ }
364+ ],
365+ " containers"
366+ {" container_name" " background_container"
367+ " is_background_container"
368+ " is_secure"
369+ " ac_list"
370+ { " para1" " PERIPHERAL_ADDR_BASE + REL_REGBASE_PINMUX"
371+ " para2" " 0x1000"
372+ " ac" " SECURESHIELD_ACDEF_UPERIPH"
373+ },
374+ { " para1" " PERIPHERAL_ADDR_BASE + REL_REGBASE_UART1"
375+ " para2" " 0x1000"
376+ " ac" " SECURESHIELD_ACDEF_UPERIPH"
377+ },
378+ { " para1" " PERIPHERAL_ADDR_BASE + REL_REGBASE_GPIO0"
379+ " para2" " 0x1000"
380+ " ac" " SECURESHIELD_ACDEF_UPERIPH"
381+ },
382+ { " para1" " default_interrupt_handler"
383+ " para2" " INTNO_GPIO"
384+ " ac" " SECURESHIELD_AC_IRQ"
385+ },
386+ { " para1" " default_interrupt_handler"
387+ " para2" " INTNO_UART1"
388+ " ac" " SECURESHIELD_AC_IRQ"
389+ },
390+ { " para1" " default_interrupt_handler"
391+ " para2" " INTNO_TIMER0"
392+ " ac" " SECURESHIELD_AC_IRQ"
393+ }
394+ ]
395+ },
396+ {" container_name" " container1"
397+ " is_background_container"
398+ " is_secure"
399+ " ac_list"
400+ { " para1" " init_secret"
401+ " para2" " 0"
402+ " ac" " SECURESHIELD_AC_INTERFACE"
403+ },
404+ { " para1" " operate_secret"
405+ " para2" " 3"
406+ " ac" " SECURESHIELD_AC_INTERFACE"
407+ },
408+ { " para1" " container12_shared"
409+ " para2" " SECRET_LEN"
410+ " ac" " shared_memory"
411+ }
412+ ],
413+ " stack_size" " 1024"
414+ },
415+ {" container_name" " container2"
416+ " is_background_container"
417+ " is_secure"
418+ " ac_list"
419+ { " para1" " trusted_ops"
420+ " para2" " 0"
421+ " ac" " SECURESHIELD_AC_INTERFACE"
422+ },
423+ { " para1" " container12_shared"
424+ " para2" " SECRET_LEN"
425+ " ac" " shared_memory"
426+ }
427+ ],
428+ " stack_size" " 1024"
429+ }
430+ ],
431+ " memory"
432+ { " region_name" " NORMAL_ROM_START"
433+ " region_size" " 0x11000000"
434+ },
435+ { " region_name" " NORMAL_ROM_SIZE"
436+ " region_size" " 0x00200000"
437+ },
438+ { " region_name" " NORMAL_RAM_START"
439+ " region_size" " 0x11400000"
440+ },
441+ { " region_name" " NORMAL_RAM_SIZE"
442+ " region_size" " 0x00100000"
443+ },
444+ { " region_name" " SECURE_ROM_START"
445+ " region_size" " 0x11200000"
446+ },
447+ { " region_name" " SECURE_ROM_SIZE"
448+ " region_size" " 0x00200000"
449+ },
450+ { " region_name" " SECURE_RAM_START"
451+ " region_size" " 0x11500000"
452+ },
453+ { " region_name" " SECURE_RAM_SIZE"
454+ " region_size" " 0x00100000"
455+ }
456+ ],
457+ " shared_memory"
458+ { " region_name" " container12_shared"
459+ " is_secure"
460+ " is_rom"
461+ ]
462+
463+
464+ script
352465
353466.. code-block :: c
354467
355- /* tell linker script template the rom region information of containers */
356- #define SECURESHIELD_REGION_CONTAINERS_ROM \
357- GEN_CONTAINER_ROM_SECTION(container1, 2048, *container1.o*)
358-
359- /* tell linker script template the ram region information of containers */
360- #define SECURESHIELD_REGION_CONTAINERS_RAM \
361- GEN_CONTAINER_RAM_SECTION(container1, 2048, *container1.o*)
362-
363-
364- script if LIB_SECURESHIELD_VERSION=2
365-
366- .. code-block :: c
367-
368- .rom.container1 ALIGN(128): {
369- _f_text_container1 = .;
370- *(.text.container1)
371- "*container1.o*"(TYPE text)
372- . = ALIGN(128);
373- _e_text_container1 = .;
374- _f_rodata_container1 = .;
375- *(.rodata.container1)
376- "*container1.o*"(TYPE lit)
377- . = ALIGN(128);
378- _e_rodata_container1 = .;
379- } > NORMAL_ROM
380- .ram.data.container1 ALIGN(128) : {
381- _f_data_container1 = .;
382- *(.data.container1)
383- "*container1.o*"(TYPE data)
384- _e_data_container1 = .;
385- } > NORMAL_RAM AT > NORMAL_ROM
386- .ram.bss.container1 : {
387- _f_bss_container1 = .;
388- *(.bss.container1)
389- "*container1.o*"(TYPE BSS)
390- . = ALIGN(128);
391- _e_bss_container1 = .;
392- } > NORMAL_RAM
393- _f_data_load_container1 = LOADADDR(.ram.data.container1);
394-
395-
396-
397- The container access control configuration is recommended to be in a specific
398- file named container_cfg.c
399-
400- 4. Coding
468+ .container1.ram.data ALIGN(32) : {
469+ _f_data_container1 = .;
470+ *(.container1.data .container1.data.*)
471+ _e_data_container1 = .;
472+ } > NORMAL_RAM AT > NORMAL_ROM
473+ .container1.ram.bss : {
474+ _f_bss_container1 = .;
475+ *(.container1.bss .container1.bss.*)
476+ _e_bss_container1 = ALIGN(32);
477+ } > NORMAL_RAM
478+ _f_data_load_container1 = LOADADDR(.container1.ram.data);
479+
480+ .container2.ram.data ALIGN(32) : {
481+ _f_data_container2 = .;
482+ *(.container2.data .container2.data.*)
483+ _e_data_container2 = .;
484+ } > NORMAL_RAM AT > NORMAL_ROM
485+ .container2.ram.bss : {
486+ _f_bss_container2 = .;
487+ *(.container2.bss .container2.bss.*)
488+ _e_bss_container2 = ALIGN(32);
489+ } > NORMAL_RAM
490+ _f_data_load_container2 = LOADADDR(.container2.ram.data);
491+
492+ .container12_shared.ram.data ALIGN(32) : {
493+ _f_data_container12_shared = .;
494+ *(.container12_shared.data .container12_shared.data.*)
495+ _e_data_container12_shared = .;
496+ } > NORMAL_RAM AT > NORMAL_ROM
497+ .container12_shared.ram.bss : {
498+ _f_bss_container12_shared = .;
499+ *(.container12_shared.bss .container12_shared.bss.*)
500+ _e_bss_container12_shared = ALIGN(32);
501+ } > NORMAL_RAM
502+ _f_data_load_container12_shared = LOADADDR(.container12_shared.ram.data);
503+
504+
401505
402506A recommended SecureShield application is :
403507
508+ - one configuration file `secureshield_appl_config.json `, with which to generate include file and link script by embARC CLI
509+
404510- one container, one source file or directory, e.g container1 in container1.c
405511
406512- files compiled with SecureShield runtime are in specific directory, e.g. secure
407513
408- 5 . Define the exported secure symbols
514+ 4 . Define the exported secure symbols
409515
410516secure_symbol.txt contains the symbols (container interface) exported to normal application from secure binary. This file is only required when normal application needs to call the symbol in secure binary. It also needs to be defined in makefile.
411517For example, the following container (container4) will be compiled and linked with secure binary, it has two interfaces:
@@ -424,7 +530,7 @@ Then the secure_symbol.txt should be:
424530 tst_func_sec1
425531 tst_func_sec2
426532
427- 6 . Compile and Debug
533+ 5 . Compile and Debug
428534
429535Upon compiling and linking, the following files will be generated:
430536
0 commit comments