Security Features of CC13x4 and CC26x4 Devices¶
Table of contents
Debugging TFM-examples¶
The Trusted Firmware M examples can be debugged using code composer studio. There are a few details that need to be taken care of which are covered in this section.
Building and Running¶
These examples need the secure image provided in the SDK to be flashed along with the application executable themselves.
The secure image(tfm_s.axf or tfm_s.hex) is found in the path
SDK_ROOT\tfm_s\build\cc26x4\production_full\Release\outputs.
This secure image and the generated application .out file can be flashed in any order
using UniFlash. They can be flashed in any order.
Debugging¶
To debug the Trusted Firmware M examples, symbols from both the non secure application and the secure image must be loaded. You can do the following in CCS.
Launch the CCS debug session.
Select Tools -> Debugger Options -> Auto Run and Launch Options. Disable Auto Run Option “On a program load or restart”. Set “Remember My Settings” to allow this setting to persist for subsequent debug sessions.
Figure 172. Autorun and Launch Options¶
Exit and relaunch the debug session. Execution should be paused at _c_int00(). Steps 2 & 3 can be skipped for subsequent debug sessions.
Figure 173. Execution paused at _c_int00()¶
Select Run -> Load -> Load Program. Select
tfm_s.axf. This will overwrite the non secure application symbols.
Figure 174. Load Secure Image¶
Add the non secure application symbols.
Figure 175. Add Non-Secure Image Symbols¶
Set breakpoints if desired and resume execution to run the example.
Warning
Due to a known issue in the symbol management of CCS, you may be disallowed from placing a breakpoint in the application. In this case, load the non secure application symbols first, then add the secure image symbols. This sequence of loading non secure symbols and adding secure image symbols, forces CCS to use the correct symbol manager.
Debug single-step over non-secure PSA API¶
When using the CCS Debugger to single-step in your non-secure program, special care must be taken when stepping over the following PSA API functions:
psa_connect()
psa_call()
psa_close()
These functions must be executed with interrupts enabled. They depend on the Secure Partition Environment’s PendSV interrupt handler being invoked. The PendSV interrupt is used by the secure library to context switch into the Secure Partition.
By default, the CCS debugger is configured to:
Disable interrupts while single-stepping at the assembly level, causing PSA functions to misbehave if you step over them at the assembly level
Not disable interrupts when single-stepping at the C source code level, safely permitting the user to step over PSA functions at the C source level
The single-step behavior of the debugger can be modified by the following steps.
Tools > Debugger Options > Program/Memory Load Options
Disable interrupts
When assembly stepping > Select
When source stepping > Unselect
When running > Unselect
Figure 176. Disable interrupts when assembly stepping¶
In many cases, it is simplest to set a breakpoint after the PSA API and then run to the breakpoint.
Runtime Object View (ROV)¶
Runtime Object View can be used with the Trusted Firmware M examples just like you would use with any other non-secure examples. It must be noted that the ROV session opens up with the latest symbols or program that is loaded. Adding the symbols does not affect the ROV context. For example, loading the secure image symbols after starting the debug session will result in ROV starting up in the secure image context.
Figure 177. ROV when secure image symbols are loaded last¶
To open the ROV in the context of the non-secure application. Load the non-secure application symbols.
Figure 178. ROV when non-secure application symbols are loaded last¶