mirror/pico-sdk
1
0
Fork 0
mirror of https://github.com/raspberrypi/pico-sdk.git synced 2026-03-14 21:19:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve secure call defines

Browse source
This commit is contained in:
William Vinnicombe 2025-11-12 10:11:51 +00:00
parent c606caf65e
commit 6ef5d37d99
3 changed files with 61 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
src/rp2_common/boot_bootrom_headers/include/boot/bootrom_constants.h
View file

@ -342,19 +342,41 @@ typedef struct cflash_flags {
#define CFLASH_OP_MAX _u(2)
#ifndef __riscv
#define BOOTROM_API_CALLBACK_stdio_out_chars 0
#define BOOTROM_API_CALLBACK_get_rand_64 1
#define BOOTROM_API_CALLBACK_dma_allocate_unused_channel_for_nonsecure 2
#define BOOTROM_API_CALLBACK_user_irq_claim_unused_for_nonsecure 3
#define BOOTROM_API_CALLBACK_clock_get_hz 4
#define BOOTROM_API_CALLBACK_pio_claim_unused_pio_for_nonsecure 5
#define BOOTROM_API_CALLBACK_pads_bank0_set_bits 6
#define BOOTROM_API_CALLBACK_pads_bank0_clear_bits 7
#define BOOTROM_API_CALLBACK_pads_bank0_write_masked 8
#define BOOTROM_API_CALLBACK_pads_bank0_read 9
#define BOOTROM_API_CALLBACK_reset_block_reg_mask 10
#define BOOTROM_API_CALLBACK_unreset_block_reg_mask 11
#define BOOTROM_API_CALLBACK_unreset_block_reg_mask_wait_blocking 12
/*! \brief Return a well known secure call code based on four ASCII characters
* \ingroup pico_bootrom
*
* These codes are used to call well known secure functions from non-secure code.
*
* NOTE: ASCII characters are all < 0x80, so will always start with `0b0xxx`, as required by the rom_secure_call() documentation.
*
* \param c1 the first character
* \param c2 the second character
* \param c3 the third character
* \param c4 the fourth character
* \return the 'code' to use in rom_secure_call(), and handled by rom_default_callback()
*/
#define SECURE_CALL_WELL_KNOWN_CODE(c1, c2, c3, c4) ((c1) | ((c2) << 8) | ((c3) << 16) | ((c4) << 24))
#define SECURE_CALL_stdio_out_chars SECURE_CALL_WELL_KNOWN_CODE('I', 'O', 'O', 'C')
#define SECURE_CALL_get_rand_64 SECURE_CALL_WELL_KNOWN_CODE('R', 'D', '6', '4')
#define SECURE_CALL_dma_allocate_unused_channel_for_nonsecure SECURE_CALL_WELL_KNOWN_CODE('D', 'A', 'C', 'H')
#define SECURE_CALL_user_irq_claim_unused_for_nonsecure SECURE_CALL_WELL_KNOWN_CODE('U', 'I', 'R', 'Q')
#define SECURE_CALL_clock_get_hz SECURE_CALL_WELL_KNOWN_CODE('C', 'K', 'G', 'H')
#define SECURE_CALL_pio_claim_unused_pio_for_nonsecure SECURE_CALL_WELL_KNOWN_CODE('P', 'I', 'O', 'C')
#define SECURE_CALL_pads_bank0_set_bits SECURE_CALL_WELL_KNOWN_CODE('P', '0', 'S', 'B')
#define SECURE_CALL_pads_bank0_clear_bits SECURE_CALL_WELL_KNOWN_CODE('P', '0', 'C', 'B')
#define SECURE_CALL_pads_bank0_write_masked SECURE_CALL_WELL_KNOWN_CODE('P', '0', 'W', 'M')
#define SECURE_CALL_pads_bank0_read SECURE_CALL_WELL_KNOWN_CODE('P', '0', 'R', 'D')
#define SECURE_CALL_reset_block_reg_mask SECURE_CALL_WELL_KNOWN_CODE('R', 'T', 'R', 'M')
#define SECURE_CALL_unreset_block_reg_mask SECURE_CALL_WELL_KNOWN_CODE('R', 'T', 'U', 'M')
#define SECURE_CALL_unreset_block_reg_mask_wait_blocking SECURE_CALL_WELL_KNOWN_CODE('R', 'T', 'U', 'W')
#endif
#endif

38
src/rp2_common/pico_bootrom/bootrom.c
View file

@ -294,7 +294,7 @@ int __noinline rom_secure_call(uint a, uint b, uint c, uint d, uint func) {
#if PICO_NONSECURE
static void stdio_nonsecure_out_chars(const char *buf, int length) {
rom_secure_call((uint32_t)buf, length, 0, 0, BOOTROM_API_CALLBACK_stdio_out_chars);
rom_secure_call((uint32_t)buf, length, 0, 0, SECURE_CALL_stdio_out_chars);
}
int stdio_nonsecure_in_chars(char *buf, int length) {
@ -332,7 +332,7 @@ PICO_RUNTIME_INIT_FUNC_RUNTIME(runtime_init_nonsecure_stdio, PICO_RUNTIME_INIT_N
#if PICO_NONSECURE
// override the weak definition
uint64_t get_rand_64(void) {
return rom_secure_call(0, 0, 0, 0, BOOTROM_API_CALLBACK_get_rand_64);
return rom_secure_call(0, 0, 0, 0, SECURE_CALL_get_rand_64);
}
#endif
#endif // PICO_ALLOW_NONSECURE_RAND
@ -355,7 +355,7 @@ static int dma_allocate_unused_channel_for_nonsecure(void) {
int dma_request_unused_channels_from_secure(int num_channels) {
int i;
for (i = 0; i < num_channels; i++) {
int chan = rom_secure_call(0, 0, 0, 0, BOOTROM_API_CALLBACK_dma_allocate_unused_channel_for_nonsecure);
int chan = rom_secure_call(0, 0, 0, 0, SECURE_CALL_dma_allocate_unused_channel_for_nonsecure);
if (chan < 0) break;
dma_channel_unclaim(chan);
}
@ -378,7 +378,7 @@ static int user_irq_claim_unused_for_nonsecure() {
int user_irq_request_unused_from_secure(int num_irqs) {
int i;
for (i = 0; i < num_irqs; i++) {
int irq = rom_secure_call(0, 0, 0, 0, BOOTROM_API_CALLBACK_user_irq_claim_unused_for_nonsecure);
int irq = rom_secure_call(0, 0, 0, 0, SECURE_CALL_user_irq_claim_unused_for_nonsecure);
if (irq < 0) break;
user_irq_unclaim(irq);
}
@ -433,7 +433,7 @@ static int pio_claim_unused_pio_for_nonsecure(void) {
}
#elif PICO_NONSECURE
int pio_request_unused_pio_from_secure(void) {
int pio = rom_secure_call(0, 0, 0, 0, BOOTROM_API_CALLBACK_pio_claim_unused_pio_for_nonsecure);
int pio = rom_secure_call(0, 0, 0, 0, SECURE_CALL_pio_claim_unused_pio_for_nonsecure);
if (pio < 0) return pio;
for (uint sm = 0; sm < NUM_PIO_STATE_MACHINES; sm++) {
pio_sm_unclaim(pio_get_instance(pio), sm);
@ -452,55 +452,55 @@ int pio_request_unused_pio_from_secure(void) {
int rom_default_callback(uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t fn) {
switch (fn) {
#if PICO_ALLOW_NONSECURE_STDIO
case BOOTROM_API_CALLBACK_stdio_out_chars: {
case SECURE_CALL_stdio_out_chars: {
stdio_put_string((char*)a, b, false, true);
stdio_flush();
return BOOTROM_OK;
}
#endif
#if PICO_ALLOW_NONSECURE_RAND
case BOOTROM_API_CALLBACK_get_rand_64: {
case SECURE_CALL_get_rand_64: {
return get_rand_64();
}
#endif
#if PICO_ALLOW_NONSECURE_DMA
case BOOTROM_API_CALLBACK_dma_allocate_unused_channel_for_nonsecure: {
case SECURE_CALL_dma_allocate_unused_channel_for_nonsecure: {
return dma_allocate_unused_channel_for_nonsecure();
}
#endif
#if PICO_ALLOW_NONSECURE_USER_IRQ
case BOOTROM_API_CALLBACK_user_irq_claim_unused_for_nonsecure: {
case SECURE_CALL_user_irq_claim_unused_for_nonsecure: {
return user_irq_claim_unused_for_nonsecure();
}
#endif
#if PICO_ALLOW_NONSECURE_PIO
case BOOTROM_API_CALLBACK_pio_claim_unused_pio_for_nonsecure: {
case SECURE_CALL_pio_claim_unused_pio_for_nonsecure: {
return pio_claim_unused_pio_for_nonsecure();
}
#endif
#if PICO_ADD_NONSECURE_PADS_HELPER
case BOOTROM_API_CALLBACK_pads_bank0_set_bits: {
case SECURE_CALL_pads_bank0_set_bits: {
if (accessctrl_hw->gpio_nsmask[a/32] & 1u << (a & 0x1fu)) {
return pads_bank0_set_bits(a, b);
} else {
return BOOTROM_ERROR_NOT_PERMITTED;
}
}
case BOOTROM_API_CALLBACK_pads_bank0_clear_bits: {
case SECURE_CALL_pads_bank0_clear_bits: {
if (accessctrl_hw->gpio_nsmask[a/32] & 1u << (a & 0x1fu)) {
return pads_bank0_clear_bits(a, b);
} else {
return BOOTROM_ERROR_NOT_PERMITTED;
}
}
case BOOTROM_API_CALLBACK_pads_bank0_write_masked: {
case SECURE_CALL_pads_bank0_write_masked: {
if (accessctrl_hw->gpio_nsmask[a/32] & 1u << (a & 0x1fu)) {
return pads_bank0_write_masked(a, b, c);
} else {
return BOOTROM_ERROR_NOT_PERMITTED;
}
}
case BOOTROM_API_CALLBACK_pads_bank0_read: {
case SECURE_CALL_pads_bank0_read: {
if (accessctrl_hw->gpio_nsmask[a/32] & 1u << (a & 0x1fu)) {
return pads_bank0_read(a);
} else {
@ -508,21 +508,21 @@ int rom_default_callback(uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_
}
}
#endif
case BOOTROM_API_CALLBACK_clock_get_hz: {
case SECURE_CALL_clock_get_hz: {
return clock_get_hz(a);
}
#if PICO_ALLOW_NONSECURE_RESETS
case BOOTROM_API_CALLBACK_reset_block_reg_mask: {
case SECURE_CALL_reset_block_reg_mask: {
if (b & ~PICO_ALLOW_NONSECURE_RESETS_MASK) return BOOTROM_ERROR_NOT_PERMITTED;
reset_block_reg_mask((volatile io_rw_32 *)a, b);
return BOOTROM_OK;
}
case BOOTROM_API_CALLBACK_unreset_block_reg_mask: {
case SECURE_CALL_unreset_block_reg_mask: {
if (b & ~PICO_ALLOW_NONSECURE_RESETS_MASK) return BOOTROM_ERROR_NOT_PERMITTED;
unreset_block_reg_mask((volatile io_rw_32 *)a, b);
return BOOTROM_OK;
}
case BOOTROM_API_CALLBACK_unreset_block_reg_mask_wait_blocking: {
case SECURE_CALL_unreset_block_reg_mask_wait_blocking: {
if (c & ~PICO_ALLOW_NONSECURE_RESETS_MASK) return BOOTROM_ERROR_NOT_PERMITTED;
unreset_block_reg_mask_wait_blocking((volatile io_rw_32 *)a, (const volatile io_ro_32 *)b, c);
return BOOTROM_OK;
@ -588,7 +588,7 @@ PICO_RUNTIME_INIT_FUNC_RUNTIME(runtime_init_nonsecure_claims, PICO_RUNTIME_INIT_
void __weak runtime_init_nonsecure_clocks() {
// Set all clocks to the reported frequency from the secure side
for (uint i = 0; i < CLK_COUNT; i++) {
uint32_t hz = rom_secure_call(i, 0, 0, 0, BOOTROM_API_CALLBACK_clock_get_hz);
uint32_t hz = rom_secure_call(i, 0, 0, 0, SECURE_CALL_clock_get_hz);
clock_set_reported_hz(i, hz);
}
}

14
src/rp2_common/pico_bootrom/include/pico/bootrom.h
View file

@ -1134,7 +1134,7 @@ int pio_request_unused_pio_from_secure(void);
*/
#if PICO_ADD_NONSECURE_PADS_HELPER && PICO_NONSECURE
static inline int pads_bank0_set_bits(uint gpio, uint bits) {
return rom_secure_call(gpio, bits, 0, 0, BOOTROM_API_CALLBACK_pads_bank0_set_bits);
return rom_secure_call(gpio, bits, 0, 0, SECURE_CALL_pads_bank0_set_bits);
}
#else
static inline int pads_bank0_set_bits(uint gpio, uint bits) {
@ -1151,7 +1151,7 @@ static inline int pads_bank0_set_bits(uint gpio, uint bits) {
*/
#if PICO_ADD_NONSECURE_PADS_HELPER && PICO_NONSECURE
static inline int pads_bank0_clear_bits(uint gpio, uint bits) {
return rom_secure_call(gpio, bits, 0, 0, BOOTROM_API_CALLBACK_pads_bank0_clear_bits);
return rom_secure_call(gpio, bits, 0, 0, SECURE_CALL_pads_bank0_clear_bits);
}
#else
static inline int pads_bank0_clear_bits(uint gpio, uint bits) {
@ -1169,7 +1169,7 @@ static inline int pads_bank0_clear_bits(uint gpio, uint bits) {
*/
#if PICO_ADD_NONSECURE_PADS_HELPER && PICO_NONSECURE
static inline int pads_bank0_write_masked(uint gpio, uint bits, uint mask) {
return rom_secure_call(gpio, bits, mask, 0, BOOTROM_API_CALLBACK_pads_bank0_write_masked);
return rom_secure_call(gpio, bits, mask, 0, SECURE_CALL_pads_bank0_write_masked);
}
#else
static inline int pads_bank0_write_masked(uint gpio, uint bits, uint mask) {
@ -1186,7 +1186,7 @@ static inline int pads_bank0_write_masked(uint gpio, uint bits, uint mask) {
*/
#if PICO_ADD_NONSECURE_PADS_HELPER && PICO_NONSECURE
static inline int pads_bank0_read(uint gpio) {
return rom_secure_call(gpio, 0, 0, 0, BOOTROM_API_CALLBACK_pads_bank0_read);
return rom_secure_call(gpio, 0, 0, 0, SECURE_CALL_pads_bank0_read);
}
#else
static inline int pads_bank0_read(uint gpio) {
@ -1217,13 +1217,13 @@ static inline int pads_bank0_read(uint gpio) {
#if PICO_ALLOW_NONSECURE_RESETS && PICO_NONSECURE
static inline int reset_block_reg_mask(io_rw_32 *reset, uint32_t mask) {
return rom_secure_call(reset, mask, 0, 0, BOOTROM_API_CALLBACK_reset_block_reg_mask);
return rom_secure_call(reset, mask, 0, 0, SECURE_CALL_reset_block_reg_mask);
}
static inline int unreset_block_reg_mask(io_rw_32 *reset, uint32_t mask) {
return rom_secure_call(reset, mask, 0, 0, BOOTROM_API_CALLBACK_unreset_block_reg_mask);
return rom_secure_call(reset, mask, 0, 0, SECURE_CALL_unreset_block_reg_mask);
}
static inline int unreset_block_reg_mask_wait_blocking(io_rw_32 *reset, io_ro_32 *reset_done, uint32_t mask) {
return rom_secure_call(reset, reset_done, mask, 0, BOOTROM_API_CALLBACK_unreset_block_reg_mask_wait_blocking);
return rom_secure_call(reset, reset_done, mask, 0, SECURE_CALL_unreset_block_reg_mask_wait_blocking);
}
#endif