I have trouble grasping setting up Secure/Non-secure separation on the RP2350.
On an MCU such as the STM32U585 I do:
There are two ROM functions, 'secure_call' and 'set_rom_callback' -- are they together supposed to play the role of the standard NSC veneers?
Any insight is highly appreciated, thanks.
On an MCU such as the STM32U585 I do:
- Compile and link the Secure (Secure compilation) and the Non-secure programs. I now have:
a) a Secure program image with the correct procedure prologues, register sanitation, etc.;
b) a Non-secure Callable (NSC) image with the veneers;
c) a Non-secure program image.
The programs are linked with their actual run-time addresses in physical memory, taking Secure/Non-secure aliasing in to account. - Configure flash memory using non-volatile option bytes to get Secure and Non-Secure sections (flash controller).
- Load the three images into flash memory using two or three ELF files.
- Upon restart, the Secure code executes (privileged), and configures the Secure/Non-secure isolation:
a) configure SRAM using volatile registers in GTZC to get Secure and Non-Secure sections;
b) configure peripheral devices as Secure or Non-secure
c) configure the SAU to get the corresponding Secure, Non-secure, and NSC regions in flash, SRAM, and peripherals. - Then the Secure code starts the Non-secure program:
a) read the initial SP and entry address from the Non-secure image;
b) set the Non-secure MSP;
c) clear bit 0 of the Non-secure entry address;
d) start the Non-secure program. - The Non-secure program can call Secure code via the NSC veneers.
There are two ROM functions, 'secure_call' and 'set_rom_callback' -- are they together supposed to play the role of the standard NSC veneers?
Any insight is highly appreciated, thanks.
Statistics: Posted by ygrayne — Mon Feb 02, 2026 8:55 pm — Replies 0 — Views 3