8.4. FAQ - C7x : non-secure mode configuration¶
8.4.1. Background¶
By default the sysbios on C7x operates in secure mode. While operating in secure mode, SW hosted on C7x will would have un-restricted access to most of the resources on SoC. TI architecture envisions hosting C7x hosting SW, whose access to system resources are to be restricted.
With sysbios v6.82.01.19 and later non-secure mode-of operation is enabled and PDK/SDK configures to use the same.
8.4.2. OS Configuration updates¶
The changes show below depicts configuring OS to operate in non-secure mode
In file <PDK Install Directory>/packages/ti/build/j721e/sysbios_c7x.cfg
var HwiC7x = xdc.useModule('ti.sysbios.family.c7x.Hwi');
HwiC7x.bootToNonSecure = true;
8.4.3. OS Entry point for non-secure mode¶
The OS’s non-secure entry point different from normal entry point. _c_int00_secure
This can be specified in the linker command file, e.g. <PDK Install Directory>/packages/ti/build/j721e/linker_c7x.lds specifies the same as
- Specifies entry point -e _c_int00_secure
- Place the function in memory .text:_c_int00_secure > C7X_DDR_SPACE ALIGN(0x200000)
Note
This configuration to use non-standard entry point, flags an compilation warning. This could be suppressed as we have explicitly configured to use non-standard entry point
Suppressed by including –diag_suppress=10063
Refer <PDK Install Directory>/packages/ti/build/makerules/rules_71.mk
8.4.4. Configure to allow access to CLEC in non-secure mode¶
Since the OS is configured to operate in non-secure, we will have to ensure CLEC of C7x is accessible in non-secure mode. This has to be configured well before sysbios OS is initialized.
In PDK, all inputs to CLEC is configured to allow access/reconfig in non-secure mode and setup along with configuration of MMU. Please refer <PDK Install Directory>/packages/ti/osal/soc/j721e/bios_mmu.c
Function OsalCfgClecAccessCtrl () in particular
8.4.5. Setup / Re Configure to allow memory access in non-secure mode¶
Check if all the required memory sections have access enabled non-secure mode also. In the PDK example, all sections are accessible in both non-secure and secure modes.
Refer <PDK Install Directory>/packages/ti/osal/soc/j721e/bios_mmu.c for more details
8.4.6. Initialize SCI Client in non-secure mode¶
Whiel initializing the SciClient, it should be configured to operate in non-secure mode. This can be achieved by
Sciclient_configPrmsInit(&sciClientCfg);
sciClientCfg.isSecureMode = 0U;
retVal = Sciclient_init(&sciClientCfg);
8.4.7. Operating C7x in secure mode¶
The changes highlighted above details the changes required to operate C7x in non-secure mode. To enable C7x in secure mode,
- By default sysbios is configured to operate in secure more. Don’t configure sysbios for non-secure mode as highlighted in OS Configuration updates
- Don’t have to to over-ride sysbios entry point as highlighted in OS Entry point for non-secure mode
- Don’t have to to CLEC access as highlighted in Configure to allow access to CLEC in non-secure mode
- Will have to initialize SciClient in secure mode, as shown below
Sciclient_configPrmsInit(&sciClientCfg);
sciClientCfg.isSecureMode = 1U;
retVal = Sciclient_init(&sciClientCfg);
Warning
When operating in secure mode, C7x would have un-restricted access to most of the resources on the SoC. SW hosted on C7x could potentially compromise the safety goals of the system (e.g. by writing to non-owned memory locations, DMA into non-owned memory location, etc...)
To ensure safety goals of the system is not compromised, SW hosted on C7x is mandated to be qualified to be used in safety systems.
As C7x is expected to host Algorithm or Deep Learning SW, the Algorithm or Deep Learning SW will have to be qualified to be used in a safety system.