diff --git a/src/rp2_common/pico_secure/CMakeLists.txt b/src/rp2_common/pico_secure/CMakeLists.txt index 1e7114ae..d1f426d8 100644 --- a/src/rp2_common/pico_secure/CMakeLists.txt +++ b/src/rp2_common/pico_secure/CMakeLists.txt @@ -79,12 +79,16 @@ if (NOT TARGET pico_secure) # - SCRATCH_EACH : Secure using start of main SRAM plus scratch X as stack, NonSecure using end of main SRAM plus scratch Y as stack # - SECURE_SCRATCH : Secure using start of main SRAM plus all of scratch, NonSecure using end of main SRAM # + # Additional options are: + # - NO_FLASH: Assumes NS VTOR is at start of it's SRAM region, rather than at the start of flash + # # \param\ SECURE_TARGET The secure target # \param\ NONSECURE_TARGET The non-secure target # \param\ OPTIONS The options to set function(pico_set_security_ram_split SECURE_TARGET NONSECURE_TARGET) + set(options NO_FLASH) set(multiValueArgs SIMPLE SCRATCH_EACH SECURE_SCRATCH) - cmake_parse_arguments(PARSE_ARGV 2 OPTS "" "" "${multiValueArgs}") + cmake_parse_arguments(PARSE_ARGV 2 OPTS "${options}" "" "${multiValueArgs}") set(HAS_SPLIT_TYPE FALSE) foreach(arg IN LISTS multiValueArgs) @@ -146,5 +150,11 @@ if (NOT TARGET pico_secure) target_compile_definitions(${SECURE_TARGET} PRIVATE PICO_SECURITY_SPLIT_CONFIGURED=1) + if (OPTS_NO_FLASH) + target_compile_definitions(${SECURE_TARGET} PRIVATE PICO_SECURITY_SPLIT_NO_FLASH=1) + else() + target_compile_definitions(${SECURE_TARGET} PRIVATE PICO_SECURITY_SPLIT_NO_FLASH=0) + endif() + endfunction() endif() diff --git a/src/rp2_common/pico_secure/secure.c b/src/rp2_common/pico_secure/secure.c index 6c6ec429..7b447d03 100644 --- a/src/rp2_common/pico_secure/secure.c +++ b/src/rp2_common/pico_secure/secure.c @@ -61,43 +61,53 @@ void secure_sau_set_enabled(bool enabled) { #if defined(PICO_SECURITY_SPLIT_CONFIGURED) +static uint32_t nonsecure_ram_start = 0; + void secure_sau_configure_split() { -#if defined(PICO_SECURITY_SPLIT_SIMPLE) +#if !PICO_SECURITY_SPLIT_NO_FLASH // XIP is NS Code secure_sau_configure_region(0, XIP_BASE, XIP_END, true, false); +#endif + +#if defined(PICO_SECURITY_SPLIT_SIMPLE) // SRAM after secure stack is NS data extern uint32_t __StackTop; secure_sau_configure_region(1, (uint32_t)&__StackTop, SRAM_END, true, false); + nonsecure_ram_start = (uint32_t)&__StackTop; #elif defined(PICO_SECURITY_SPLIT_SCRATCH_EACH) - // XIP is NS Code - secure_sau_configure_region(0, XIP_BASE, XIP_END, true, false); // Main SRAM after secure scratch X is NS data extern uint32_t __StackOneTop; secure_sau_configure_region(1, (uint32_t)&__StackOneTop, SRAM_STRIPED_END, true, false); + nonsecure_ram_start = (uint32_t)&__StackOneTop; // Scratch after secure stack in NS stack extern uint32_t __StackTop; secure_sau_configure_region(2, (uint32_t)&__StackTop, SRAM_END, true, false); #elif defined(PICO_SECURITY_SPLIT_SECURE_SCRATCH) - // XIP is NS Code - secure_sau_configure_region(0, XIP_BASE, XIP_END, true, false); // Main SRAM after secure heap is NS data extern uint32_t __HeapLimit; secure_sau_configure_region(1, (uint32_t)&__HeapLimit, SRAM_STRIPED_END, true, false); + nonsecure_ram_start = (uint32_t)&__HeapLimit; #endif } void __attribute__((noreturn)) secure_launch_nonsecure_binary_default() { +#if PICO_SECURITY_SPLIT_NO_FLASH + uint32_t nonsecure_vtor = nonsecure_ram_start; +#else + uint32_t nonsecure_vtor = XIP_BASE; +#endif + #if defined(PICO_SECURITY_SPLIT_SIMPLE) // Nonsecure running from XIP, stack limit is bottom of scratch - secure_launch_nonsecure_binary(XIP_BASE, SRAM_SCRATCH_X_BASE); + secure_launch_nonsecure_binary(nonsecure_vtor, SRAM_SCRATCH_X_BASE); #elif defined(PICO_SECURITY_SPLIT_SCRATCH_EACH) // Nonsecure running from XIP, stack limit is bottom of scratch Y - secure_launch_nonsecure_binary(XIP_BASE, SRAM_SCRATCH_Y_BASE); + secure_launch_nonsecure_binary(nonsecure_vtor, SRAM_SCRATCH_Y_BASE); #elif defined(PICO_SECURITY_SPLIT_SECURE_SCRATCH) // Nonsecure running from XIP, stack limit is secure heap limit extern uint32_t __HeapLimit; - secure_launch_nonsecure_binary(XIP_BASE, (uint32_t)&__HeapLimit); + secure_launch_nonsecure_binary(nonsecure_vtor, (uint32_t)&__HeapLimit); #endif } #endif