├── .clang-format ├── .gitignore ├── .travis.yml ├── CONTRIBUTING.md ├── LICENSE ├── LICENSE-BSD.txt ├── Makefile ├── README.md ├── SECURE_CODING.md ├── api ├── .gitignore ├── inc │ ├── api.h │ ├── box_config.h │ ├── box_id.h │ ├── box_init.h │ ├── cmsis_nvic_virtual.h │ ├── cmsis_vectab_virtual.h │ ├── context_exports.h │ ├── debug_exports.h │ ├── disabled.h │ ├── error.h │ ├── halt_exports.h │ ├── interrupts.h │ ├── ipc.h │ ├── ipc_exports.h │ ├── lib_hook_exports.h │ ├── linker_exports.h │ ├── magic_exports.h │ ├── page_allocator.h │ ├── page_allocator_exports.h │ ├── pool_queue_exports.h │ ├── priv_sys_hooks_exports.h │ ├── register_gateway.h │ ├── register_gateway_exports.h │ ├── rpc.h │ ├── rpc_exports.h │ ├── rpc_gateway.h │ ├── rpc_gateway_exports.h │ ├── secure_access.h │ ├── svc_exports.h │ ├── unsupported.h │ ├── uvisor-lib.h │ ├── uvisor_deprecation.h │ ├── uvisor_exports.h │ ├── uvisor_semaphore.h │ ├── uvisor_semaphore_exports.h │ ├── uvisor_spinlock_exports.h │ ├── virq_exports.h │ ├── vmpu.h │ └── vmpu_exports.h ├── rtx │ ├── inc │ │ ├── rtx_box_index.h │ │ └── secure_allocator.h │ └── src │ │ ├── box_init.c │ │ ├── rtx_malloc_wrapper.c │ │ ├── secure_allocator.c │ │ ├── tz_context.c │ │ ├── unsupported_malloc.c │ │ ├── unsupported_page_allocator.c │ │ └── uvisor_semaphore.c └── src │ ├── .gitignore │ ├── box_id.c │ ├── disabled.c │ ├── ipc.c │ ├── lib_hooks.c │ ├── pool_queue.c │ ├── rpc.c │ ├── unsupported.c │ ├── uvisor-header.S │ ├── uvisor-input.S │ ├── uvisor-lib.c │ └── uvisor_spinlock.c ├── core ├── cmsis │ └── inc │ │ ├── arm_common_tables.h │ │ ├── arm_const_structs.h │ │ ├── arm_math.h │ │ ├── cmsis_armcc.h │ │ ├── cmsis_armclang.h │ │ ├── cmsis_compiler.h │ │ ├── cmsis_gcc.h │ │ ├── core_armv8mbl.h │ │ ├── core_armv8mml.h │ │ ├── core_cm0.h │ │ ├── core_cm0plus.h │ │ ├── core_cm23.h │ │ ├── core_cm3.h │ │ ├── core_cm33.h │ │ ├── core_cm4.h │ │ ├── core_cm7.h │ │ ├── core_cmFunc.h │ │ ├── core_cmInstr.h │ │ ├── core_cmSecureAccess.h │ │ ├── core_cmSimd.h │ │ ├── core_generic.h │ │ ├── core_sc000.h │ │ ├── core_sc300.h │ │ ├── hardware_support.h │ │ ├── mpu_kinetis.h │ │ ├── rt_OsEventObserver.h │ │ └── tz_context.h ├── debug │ ├── inc │ │ └── debug.h │ └── src │ │ ├── core_armv7m │ │ ├── debug_box_armv7m.c │ │ ├── mpu_armv7m │ │ │ └── debug_armv7m.c │ │ └── mpu_kinetis │ │ │ └── debug_kinetis.c │ │ ├── core_armv8m │ │ ├── debug_box_armv8m.c │ │ └── mpu_armv8m │ │ │ └── debug_armv8m.c │ │ ├── debug.c │ │ └── debug_box.c ├── lib │ └── printf │ │ ├── inc │ │ └── tfp_printf.h │ │ └── src │ │ └── tfp_printf.c ├── linker │ └── default.h ├── system │ ├── inc │ │ ├── box_init.h │ │ ├── context.h │ │ ├── core_armv7m │ │ │ ├── priv_sys_hooks.h │ │ │ └── svc_v7m.h │ │ ├── core_armv8m │ │ │ ├── secure_transitions.h │ │ │ └── svc_v8m.h │ │ ├── exc_return.h │ │ ├── halt.h │ │ ├── iot-error.h │ │ ├── ipc.h │ │ ├── linker.h │ │ ├── page_allocator.h │ │ ├── page_allocator_config.h │ │ ├── page_allocator_faults.h │ │ ├── register_gateway.h │ │ ├── rpc.h │ │ ├── scheduler.h │ │ ├── semaphore.h │ │ ├── svc.h │ │ ├── system.h │ │ ├── thread.h │ │ └── virq.h │ └── src │ │ ├── api.c │ │ ├── box_init.c │ │ ├── context.c │ │ ├── core_armv7m │ │ ├── box_init_v7m.c │ │ ├── priv_sys_hooks.c │ │ ├── svc.c │ │ └── virq.c │ │ ├── core_armv8m │ │ ├── scheduler.c │ │ ├── unused.c │ │ └── virq.c │ │ ├── halt.c │ │ ├── ipc.c │ │ ├── main.c │ │ ├── page_allocator.c │ │ ├── page_allocator_faults.c │ │ ├── pool_queue.c │ │ ├── register_gateway.c │ │ ├── rpc.c │ │ ├── semaphore.c │ │ ├── spinlock.c │ │ ├── stdlib.c │ │ ├── system.c │ │ └── thread.c ├── uvisor-config.h ├── uvisor.h └── vmpu │ ├── inc │ ├── vmpu.h │ ├── vmpu_kinetis.h │ ├── vmpu_kinetis_aips.h │ ├── vmpu_kinetis_map.h │ ├── vmpu_kinetis_mem.h │ ├── vmpu_mpu.h │ └── vmpu_unpriv_access.h │ └── src │ ├── mpu_armv7m │ ├── vmpu_armv7m.c │ └── vmpu_armv7m_mpu.c │ ├── mpu_armv8m │ ├── vmpu_armv8m.c │ ├── vmpu_armv8m_mpu.c │ └── vmpu_armv8m_unpriv_access.c │ ├── mpu_kinetis │ ├── vmpu_kinetis.c │ ├── vmpu_kinetis_aips.c │ ├── vmpu_kinetis_mem.c │ └── vmpu_kinetis_mpu.c │ └── vmpu.c ├── docs ├── README.md ├── core │ ├── DEVELOPING_LOCALLY.md │ └── PORTING.md ├── img │ ├── ULINKpro.PNG │ ├── jlink_cfg_debugger.png │ ├── jlink_cfg_startup.png │ ├── memory_layout.png │ ├── memory_layout.svg │ ├── new_pyocd_cfg.png │ ├── pyocd_cfg_debugger.png │ ├── pyocd_cfg_main.png │ └── pyocd_cfg_startup.png ├── index.md └── lib │ ├── API.md │ ├── DEBUGGING.md │ ├── INTRO.md │ ├── QUICKSTART.md │ └── manual │ ├── .gitignore │ ├── Flash.md │ ├── Makefile │ ├── README.md │ ├── Technical.md │ ├── UseCases.md │ ├── example.md │ ├── images │ ├── memory_layout.png │ └── memory_layout.svg │ └── template │ └── pandoc-template.docx ├── mkdocs.yml ├── platform ├── armv8mml │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── beetle │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── efm32 │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── kinetis │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── m451 │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── m480 │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h ├── nuc472 │ ├── Makefile.configurations │ └── inc │ │ ├── config.h │ │ └── configurations.h └── stm32 │ ├── Makefile.configurations │ └── inc │ ├── config.h │ └── configurations.h └── tools ├── coverity └── models.c ├── docker ├── README.md ├── base │ ├── Dockerfile │ ├── Makefile │ └── mbed-gitconfig ├── build │ ├── Dockerfile │ ├── Makefile │ └── sudoers └── ssh │ ├── Dockerfile │ ├── Makefile │ └── boot.sh ├── eclipse_prj_helper ├── Makefile.template ├── README.rst └── generate_prj.py ├── license_check.sh ├── test_commit_range.sh └── uvisor-tests.txt /.clang-format: -------------------------------------------------------------------------------- 1 | # http://clang.llvm.org/docs/ClangFormatStyleOptions.html 2 | --- 3 | Language: Cpp 4 | BasedOnStyle: Google 5 | AccessModifierOffset: -2 6 | AlignAfterOpenBracket: Align 7 | AlignConsecutiveAssignments: false 8 | AlignConsecutiveDeclarations: false 9 | AlignEscapedNewlinesLeft: true 10 | AlignOperands: true 11 | AlignTrailingComments: true 12 | AllowAllParametersOfDeclarationOnNextLine: true 13 | AllowShortBlocksOnASingleLine: false 14 | AllowShortCaseLabelsOnASingleLine: false 15 | AllowShortFunctionsOnASingleLine: Empty 16 | AllowShortIfStatementsOnASingleLine: false 17 | AllowShortLoopsOnASingleLine: false 18 | AlwaysBreakAfterDefinitionReturnType: None 19 | AlwaysBreakAfterReturnType: None 20 | AlwaysBreakBeforeMultilineStrings: false 21 | AlwaysBreakTemplateDeclarations: false 22 | BinPackArguments: false 23 | BinPackParameters: false 24 | BraceWrapping: 25 | AfterClass: true 26 | AfterControlStatement: false 27 | AfterEnum: false 28 | AfterFunction: true 29 | AfterNamespace: true 30 | AfterObjCDeclaration: false 31 | AfterStruct: false 32 | AfterUnion: false 33 | BeforeCatch: false 34 | BeforeElse: false 35 | IndentBraces: false 36 | BreakBeforeBinaryOperators: None 37 | BreakBeforeBraces: Linux 38 | BreakBeforeTernaryOperators: false 39 | BreakConstructorInitializersBeforeComma: false 40 | BreakAfterJavaFieldAnnotations: false 41 | BreakStringLiterals: true 42 | ColumnLimit: 120 43 | CommentPragmas: '' 44 | ConstructorInitializerAllOnOneLineOrOnePerLine: false 45 | ConstructorInitializerIndentWidth: 4 46 | ContinuationIndentWidth: 4 47 | Cpp11BracedListStyle: false 48 | DerivePointerBinding: false 49 | DisableFormat: false 50 | ExperimentalAutoDetectBinPacking: false 51 | ForEachMacros: [ foreach, BOOST_FOREACH ] 52 | # TODO 53 | #IncludeCategories: 54 | # - Regex: '^"(uvisor|uvisor-lib)/' 55 | # Priority: 2 56 | # - Regex: '^(<|"(gtest|isl|json)/)' 57 | # Priority: 3 58 | # - Regex: '.*' 59 | # Priority: 1 60 | IncludeIsMainRegex: '$' 61 | IndentCaseLabels: true 62 | IndentWidth: 4 63 | IndentWrappedFunctionNames: false 64 | KeepEmptyLinesAtTheStartOfBlocks: true 65 | MacroBlockBegin: '' 66 | MacroBlockEnd: '' 67 | MaxEmptyLinesToKeep: 2 68 | NamespaceIndentation: None 69 | ObjCBlockIndentWidth: 2 70 | ObjCSpaceAfterProperty: false 71 | ObjCSpaceBeforeProtocolList: true 72 | PenaltyBreakBeforeFirstCallParameter: 19 73 | PenaltyBreakComment: 300 74 | PenaltyBreakFirstLessLess: 120 75 | PenaltyBreakString: 1000 76 | PenaltyExcessCharacter: 1000000 77 | PenaltyReturnTypeOnItsOwnLine: 60 78 | PointerAlignment: Middle 79 | ReflowComments: true 80 | # TODO Enable this only after IncludeCategories is how we like it 81 | #SortIncludes: true 82 | SpaceAfterCStyleCast: true 83 | SpaceBeforeAssignmentOperators: true 84 | SpaceBeforeParens: ControlStatements 85 | SpaceInEmptyParentheses: false 86 | SpacesBeforeTrailingComments: 1 87 | SpacesInAngles: false 88 | SpacesInContainerLiterals: true 89 | SpacesInCStyleCastParentheses: false 90 | SpacesInParentheses: false 91 | SpacesInSquareBrackets: false 92 | Standard: Cpp03 93 | TabWidth: 4 94 | UseTab: Never 95 | JavaScriptQuotes: Leave 96 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.elf 3 | *.map 4 | *.asm 5 | *.bin 6 | *.hex 7 | *.axf 8 | *.linker 9 | *.s 10 | gdb.script 11 | jlink.flash 12 | JLink.log 13 | *.c.tags 14 | .geanyprj 15 | *.swo 16 | *.swp 17 | *.swn 18 | *~ 19 | .DS_Store 20 | .custom.vim 21 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | os: linux 3 | dist: trusty 4 | language: c 5 | 6 | before_install: 7 | - sudo add-apt-repository -y ppa:team-gcc-arm-embedded/ppa 8 | - sudo apt-get update -qq 9 | - sudo apt-get install -qq gcc-arm-embedded --force-yes 10 | 11 | install: 12 | - arm-none-eabi-gcc --version 13 | 14 | script: make 15 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ARM mbed OS is an open source project. We welcome contributions and [bug reports](../../issues). 2 | 3 | - If you want to submit a bug report, please follow our [reporting guidelines](https://docs.mbed.com/docs/mbed-os-handbook/en/latest/cont/contributing/#reporting-and-fixing-bugs). 4 | 5 | - If you want to submit a patch, please read the [contribution guide](https://docs.mbed.com/docs/mbed-os-handbook/en/latest/cont/contributing/). Note that we have a [Contributor Agreement](http://developer.mbed.org/contributor_agreement/) that you must agree to before we can merge your contributions. To agree to the contributor agreement, you need to have a [developer.mbed.org](https://developer.mbed.org/account/signup/) account and be logged in. **We only accept [bug reports](../../issues) and pull requests [via GitHub](../../)**. 6 | 7 | - If you have a question about how to use mbed OS, please search the [mbed forums](http://forums.mbed.com/c/mbed-os), and if you still need help, post a new topic there. 8 | 9 | - Before contributing an enhancement (such as a new feature or port), please start by [discussing it on the forums](http://forums.mbed.com/c/mbed-os) to avoid duplication of work. This will help streamline your pull request for a quick merge. 10 | 11 | - If you work for an [mbed Partner company](http://www.mbed.com/en/partners/our-partners/), the partner manager assigned to you can help you navigate the process and get the most out of your partnership. 12 | 13 | Thanks! :heart: 14 | 15 | mbed Team @ ARM 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2016 ARM Limited 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | License Exceptions: 16 | 17 | - 3-clause BSD License (see LICENSE-BSD.txt): 18 | 19 | - core/cmsis/inc/arm* and core/cmsis/inc/core*: 20 | Copyright (c) 2009-2016 ARM Limited 21 | 22 | - core/cmsis/inc/mpu_kinetis.h: 23 | Copyright (c) 1997-2014 Freescale Semiconductor, Inc 24 | 25 | - core/lib/printf: 26 | Copyright (c) 2004, 2012 Kustaa Nyholm / SpareTimeLabs 27 | -------------------------------------------------------------------------------- /LICENSE-BSD.txt: -------------------------------------------------------------------------------- 1 | Redistribution and use in source and binary forms, with or without 2 | modification, are permitted provided that the following conditions are 3 | met: 4 | 5 | 1. Redistributions of source code must retain the above copyright notice, 6 | this list of conditions and the following disclaimer. 7 | 8 | 2. Redistributions in binary form must reproduce the above copyright 9 | notice, this list of conditions and the following disclaimer in the 10 | documentation and/or other materials provided with the distribution. 11 | 12 | 3. Neither the name of the copyright holder nor the names of its 13 | contributors may be used to endorse or promote products derived from this 14 | software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 17 | IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 18 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 | PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 20 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | 28 | -------------------------------------------------------------------------------- /SECURE_CODING.md: -------------------------------------------------------------------------------- 1 | ## Secure Coding Style in uVisor 2 | 3 | This document collects uVisor-sepcific coding guidelines for security-aware programming. A good introduction into safe and secure programming is the [MISRA-C standard](http://www.misra.org.uk/?TabId=57#label-c3) and the [The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities](http://www.amazon.com/dp/B004XVIWU2). 4 | 5 | Here's a list of highlights and uVisor-specific rules: 6 | 7 | * Security critical checks are done with `HALT_ERROR` to ensure that uVisor stops on critical errors. 8 | * Understand that "asserts" are ignored in release builds. 9 | * Use asserts only for checking architecture axioms and not dynamic values. 10 | * Use `HALT_ERROR` for everything else: debug texts are removed for release builds, but code still stops and presents meaningful blink error. 11 | * Avoid using pointer dereferencing to access unprivileged memories like stacks. 12 | * Easy to create code that reads data from the user without full sanity checks: hard to spot. 13 | * By using [unprivileged reads](https://github.com/ARMmbed/uvisor/blob/master/core/system/inc/mpu/vmpu_unpriv_access.h) instead, the CPU pretends access to be unprivileged - even from privileged code. 14 | * Later versions of uVisor can hook into these function to instrument and log unprivilegd access for detecting secuity flaws during fuzzing attacks. 15 | * Use more brackets or prepare to be [doomed to fail](http://www.dwheeler.com/essays/apple-goto-fail.html). 16 | -------------------------------------------------------------------------------- /api/.gitignore: -------------------------------------------------------------------------------- 1 | /lib/* -------------------------------------------------------------------------------- /api/inc/box_id.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_BOX_ID_H__ 18 | #define __UVISOR_API_BOX_ID_H__ 19 | 20 | #include "api/inc/api.h" 21 | 22 | UVISOR_EXTERN_C_BEGIN 23 | 24 | /* Return the numeric box ID of the current box. */ 25 | int uvisor_box_id_self(void); 26 | 27 | /* Return the numeric box ID of the box that is calling through the most recent 28 | * secure gateway. Return -1 if there is no secure gateway calling box. */ 29 | int uvisor_box_id_caller(void) UVISOR_DEPRECATED; 30 | 31 | /* Copy the box namespace of the specified box ID to the memory provided by 32 | * box_namespace. The box_namespace's length must be at least 33 | * MAX_BOX_NAMESPACE_LENGTH bytes. Return how many bytes were copied into 34 | * box_namespace. Return UVISOR_ERROR_INVALID_BOX_ID if the provided box ID is 35 | * invalid. Return UVISOR_ERROR_BUFFER_TOO_SMALL if the provided box_namespace 36 | * is too small to hold MAX_BOX_NAMESPACE_LENGTH bytes. Return 37 | * UVISOR_ERROR_BOX_NAMESPACE_ANONYMOUS if the box is anonymous. */ 38 | static UVISOR_FORCEINLINE int uvisor_box_namespace(int box_id, char *box_namespace, size_t length) 39 | { 40 | return uvisor_api.box_namespace(box_id, box_namespace, length); 41 | } 42 | 43 | static UVISOR_FORCEINLINE int uvisor_box_id_for_namespace(int * const box_id, const char * const box_namespace) 44 | { 45 | return uvisor_api.box_id_for_namespace(box_id, box_namespace); 46 | } 47 | 48 | UVISOR_EXTERN_C_END 49 | 50 | #endif /* __UVISOR_API_BOX_ID_H__ */ 51 | -------------------------------------------------------------------------------- /api/inc/box_init.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_BOX_INIT_H__ 18 | #define __UVISOR_API_BOX_INIT_H__ 19 | 20 | #include "api/inc/uvisor-lib.h" 21 | 22 | UVISOR_EXTERN void __uvisor_lib_box_init(void * lib_config); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /api/inc/cmsis_nvic_virtual.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_NVIC_VIRTUAL_H__ 18 | #define __UVISOR_API_NVIC_VIRTUAL_H__ 19 | 20 | #include "api/inc/interrupts.h" 21 | #include "api/inc/virq_exports.h" 22 | 23 | /* The NVIC APIs are only wrapped on ARMv7-M. */ 24 | #if !defined(ARCH_CORE_ARMv8M) && !defined(TARGET_M33) 25 | 26 | #define NVIC_SetPriorityGrouping __NVIC_SetPriorityGrouping 27 | #define NVIC_GetPriorityGrouping __NVIC_GetPriorityGrouping 28 | #define NVIC_EnableIRQ vIRQ_EnableIRQ 29 | #define NVIC_DisableIRQ vIRQ_DisableIRQ 30 | #define NVIC_GetPendingIRQ vIRQ_GetPendingIRQ 31 | #define NVIC_SetPendingIRQ vIRQ_SetPendingIRQ 32 | #define NVIC_ClearPendingIRQ vIRQ_ClearPendingIRQ 33 | #define NVIC_GetActive __NVIC_GetActive 34 | #define NVIC_SetPriority vIRQ_SetPriority 35 | #define NVIC_GetPriority vIRQ_GetPriority 36 | #define NVIC_SystemReset() vIRQ_SystemReset(RESET_REASON_NO_REASON) 37 | 38 | #else 39 | 40 | #define NVIC_SetPriorityGrouping __NVIC_SetPriorityGrouping 41 | #define NVIC_GetPriorityGrouping __NVIC_GetPriorityGrouping 42 | #define NVIC_EnableIRQ __NVIC_EnableIRQ 43 | #define NVIC_DisableIRQ __NVIC_DisableIRQ 44 | #define NVIC_GetPendingIRQ __NVIC_GetPendingIRQ 45 | #define NVIC_SetPendingIRQ __NVIC_SetPendingIRQ 46 | #define NVIC_ClearPendingIRQ __NVIC_ClearPendingIRQ 47 | #define NVIC_GetActive __NVIC_GetActive 48 | #define NVIC_SetPriority __NVIC_SetPriority 49 | #define NVIC_GetPriority __NVIC_GetPriority 50 | #define NVIC_SystemReset() __NVIC_SystemReset() 51 | 52 | #endif 53 | 54 | #endif /* __UVISOR_API_NVIC_VIRTUAL_H__ */ 55 | -------------------------------------------------------------------------------- /api/inc/cmsis_vectab_virtual.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_VECTAB_VIRTUAL_H__ 18 | #define __UVISOR_API_VECTAB_VIRTUAL_H__ 19 | 20 | #include "api/inc/interrupts.h" 21 | 22 | /* The NVIC APIs are only wrapped on ARMv7-M. */ 23 | #if !defined(ARCH_CORE_ARMv8M) && !defined(TARGET_M33) 24 | 25 | #define NVIC_SetVector vIRQ_SetVector 26 | #define NVIC_GetVector vIRQ_GetVector 27 | 28 | #else 29 | 30 | #define NVIC_SetVector __NVIC_SetVector 31 | #define NVIC_GetVector __NVIC_GetVector 32 | 33 | #endif 34 | 35 | #endif /* __UVISOR_API_VECTAB_VIRTUAL_H__ */ 36 | -------------------------------------------------------------------------------- /api/inc/context_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_CONTEX_EXPORTS_H__ 18 | #define __UVISOR_CONTEX_EXPORTS_H__ 19 | 20 | /** Maximum number of nested context switches. 21 | * 22 | * The same state stack is kept for all kinds of context switches that are bound 23 | * to a function, for which uVisor keeps an internal state. */ 24 | #define UVISOR_CONTEXT_MAX_DEPTH 16 25 | 26 | #endif /* __UVISOR_CONTEX_EXPORTS_H__ */ 27 | -------------------------------------------------------------------------------- /api/inc/debug_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_DEBUG_EXPORTS_H__ 18 | #define __UVISOR_API_DEBUG_EXPORTS_H__ 19 | 20 | #include "api/inc/halt_exports.h" 21 | #include 22 | #include "api/inc/vmpu_exports.h" 23 | 24 | 25 | #define UVISOR_DEBUG_BOX_VERSION (1) 26 | 27 | 28 | /* Debug box driver 29 | * A constant instance of this struct must be instantiated by the unprivileged 30 | * code to setup a debug box.*/ 31 | typedef struct TUvisorDebugDriver { 32 | const uint32_t magic; 33 | const uint32_t version; 34 | const UvisorBoxConfig * const box_cfg_ptr; 35 | void (*halt_error)(THaltError, const THaltInfo *); 36 | } TUvisorDebugDriver; 37 | 38 | /* Number of handlers in the debug box driver */ 39 | #define DEBUG_BOX_HANDLERS_NUMBER (sizeof(TUvisorDebugDriver) / sizeof(void *)) 40 | 41 | #endif /* __UVISOR_API_DEBUG_EXPORTS_H__ */ 42 | -------------------------------------------------------------------------------- /api/inc/disabled.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_DISABLED_H__ 18 | #define __UVISOR_API_DISABLED_H__ 19 | 20 | #include "api/inc/uvisor_exports.h" 21 | #include 22 | 23 | UVISOR_EXTERN void uvisor_disabled_switch_in(const uint32_t *dst_box_cfgtbl_ptr); 24 | UVISOR_EXTERN void uvisor_disabled_switch_out(void); 25 | 26 | /* The host OS can override the implementations of these functions in case a 27 | * different handling of IRQs is required when uVisor is disabled. */ 28 | UVISOR_EXTERN void uvisor_disabled_set_vector(uint32_t irqn, uint32_t vector); 29 | UVISOR_EXTERN uint32_t uvisor_disabled_get_vector(uint32_t irqn); 30 | 31 | #endif /* __UVISOR_API_DISABLED_H__ */ 32 | -------------------------------------------------------------------------------- /api/inc/error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_ERROR_H__ 18 | #define __UVISOR_API_ERROR_H__ 19 | 20 | #include "api/inc/halt_exports.h" 21 | #include "api/inc/uvisor_exports.h" 22 | #include "api/inc/api.h" 23 | 24 | UVISOR_EXTERN_C_BEGIN 25 | 26 | static UVISOR_FORCEINLINE void uvisor_error(THaltUserError reason) 27 | { 28 | uvisor_api.error(reason); 29 | } 30 | 31 | UVISOR_EXTERN_C_END 32 | 33 | #endif /* __UVISOR_API_ERROR_H__ */ 34 | -------------------------------------------------------------------------------- /api/inc/ipc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2017, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_IPC_H__ 18 | #define __UVISOR_API_IPC_H__ 19 | 20 | #include "api/inc/ipc_exports.h" 21 | #include "api/inc/uvisor_exports.h" 22 | #include 23 | #include 24 | 25 | 26 | /** Wait for any of the specified IPC operations to complete. 27 | * 28 | * @note This function currently spins, burning through power. 29 | * 30 | * @param[in] wait_tokens a bitfield of tokens to wait on 31 | * @param[out] done_tokens a bitfield which tokens completed 32 | * @param[in] timeout_ms how long to wait (in ms) for an IPC operation 33 | * before returning. 0 means don't wait at all. Any 34 | * other value means wait forever. 35 | * @return 0 on success, non-zero error code otherwise 36 | */ 37 | UVISOR_EXTERN int ipc_waitforany(uint32_t wait_tokens, uint32_t * done_tokens, uint32_t timeout_ms); 38 | 39 | /** Wait for all of the specified IPC operations to complete. 40 | * 41 | * @note This function currently spins, burning through power. 42 | * 43 | * @param[in] wait_tokens a bitfield of tokens to wait on 44 | * @param[out] done_tokens a bitfield which tokens completed 45 | * @param[in] timeout_ms how long to wait (in ms) for an IPC operation 46 | * before returning. 0 means don't wait at all. 47 | * Any other value means wait forever. 48 | * @return 0 on success, non-zero error code otherwise 49 | */ 50 | UVISOR_EXTERN int ipc_waitforall(uint32_t wait_tokens, uint32_t * done_tokens, uint32_t timeout_ms); 51 | 52 | /** Asynchronously send an IPC message 53 | * 54 | * @note The memory used for receiving the message (pointed to by msg) and the 55 | * IPC descriptor (pointed to by desc) must be valid until after the send is 56 | * complete. In addition, each IPC message should use its own IPC descriptor. 57 | * Reusing an IPC descriptor will lead to unpredictable behaviours. 58 | * 59 | * @param[inout] desc an IPC descriptor for the message 60 | * @param[in] msg the message to send 61 | * 62 | * @return 0 on success, non-zero error code otherwise 63 | * */ 64 | UVISOR_EXTERN int ipc_send(uvisor_ipc_desc_t * desc, const void * msg); 65 | 66 | /** Asynchronously receive an IPC message 67 | * 68 | * @note The memory used for receiving the message (pointed to by msg) and the 69 | * IPC descriptor (pointed to by desc) must be valid until after the receive is 70 | * complete. In addition, each IPC message should use its own IPC descriptor. 71 | * Reusing an IPC descriptor will lead to unpredictable behaviours. 72 | * 73 | * @param[inout] desc an IPC descriptor for the message 74 | * @param[out] msg the memory to copy the message to 75 | * 76 | * @return 0 on success, non-zero error code otherwise 77 | */ 78 | UVISOR_EXTERN int ipc_recv(uvisor_ipc_desc_t * desc, void * msg); 79 | 80 | #endif /* __UVISOR_API_IPC_H__ */ 81 | -------------------------------------------------------------------------------- /api/inc/lib_hook_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_LIB_HOOK_EXPORTS_H__ 18 | #define __UVISOR_API_LIB_HOOK_EXPORTS_H__ 19 | 20 | #include 21 | 22 | /* Predeclaration */ 23 | typedef struct uvisor_semaphore UvisorSemaphore; 24 | 25 | /* 26 | * uVisor library hooks 27 | * 28 | * All functions that uVisor needs to call that are implemented in uvisor-lib. 29 | * These functions will be run by unprivileged code only. */ 30 | typedef struct { 31 | void (*box_init)(void * lib_config); 32 | int (*semaphore_init)(UvisorSemaphore * semaphore, uint32_t initial_count, uint32_t max_count); 33 | int (*semaphore_pend)(UvisorSemaphore * semaphore, uint32_t timeout_ms); 34 | } UvisorLibHooks; 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /api/inc/linker_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2017, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_LINKER_EXPORTS_H__ 18 | #define __UVISOR_API_LINKER_EXPORTS_H__ 19 | 20 | /* FIXME Consider supporting other aliasing schemes. This is dependent on the 21 | * IDAU implementation. Not all aliasing is guaranteed to work the same way. We 22 | * currently only support a 1-bit MSB IDAU. */ 23 | #if defined (ARCH_CORE_ARMv8M) || defined (TARGET_M33) 24 | # define SECURE_ALIAS_OFFSET 0x10000000 25 | #else 26 | # define SECURE_ALIAS_OFFSET 0 27 | #endif 28 | 29 | /** @returns the non-secure alias of the input address. */ 30 | #define UVISOR_GET_NS_ALIAS(addr) ((typeof(addr)) ((uint32_t) (addr) & ~SECURE_ALIAS_OFFSET)) 31 | /** @returns the secure alias of the input address. */ 32 | #define UVISOR_GET_S_ALIAS(addr) ((typeof(addr)) ((uint32_t) (addr) | SECURE_ALIAS_OFFSET)) 33 | /** @returns `true` if address is a secure alias. */ 34 | #define UVISOR_IS_S_ALIAS(addr) ((uint32_t) (addr) & SECURE_ALIAS_OFFSET) 35 | /** @returns an address targeting the non-secure state. */ 36 | #define UVISOR_GET_NS_ADDRESS(addr) ((addr) & ~1UL) 37 | 38 | /** @returns the secure alias of the input address for uVisor core builds, and 39 | * the non-secure alias for non-uVisor core builds. 40 | * This is useful for code shared across secure and non-secure aliases. */ 41 | #if UVISOR_CORE_BUILD 42 | #define UVISOR_AUTO_ALIAS(addr) UVISOR_GET_S_ALIAS(addr) 43 | #else 44 | #define UVISOR_AUTO_ALIAS(addr) UVISOR_GET_NS_ALIAS(addr) 45 | #endif 46 | 47 | /** @returns the secure alias of the input address for uVisor core builds, and 48 | * assumes the addr supplied is already a non-secure alias for non-uVisor core builds. 49 | * This is useful for code shared across secure and non-secure aliases. */ 50 | #if UVISOR_CORE_BUILD 51 | #define UVISOR_AUTO_NS_ALIAS(addr) UVISOR_GET_S_ALIAS(addr) 52 | #else 53 | #define UVISOR_AUTO_NS_ALIAS(addr) addr 54 | #endif 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /api/inc/magic_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_MAGIC_EXPORTS_H__ 18 | #define __UVISOR_API_MAGIC_EXPORTS_H__ 19 | 20 | #include 21 | 22 | /* udf imm16 23 | * UDF - ARMv7M ARM section A7.7.191 24 | * 111 1;0 111;1111; ; 1 01 0; (Encoding T2) 25 | */ 26 | #define UDF_OPCODE(imm16) \ 27 | ((uint32_t) (0xA000F7F0UL | (((uint32_t) (imm16) & 0xFFFU) << 16U) | (((uint32_t) (imm16) & 0xF000UL) >> 12))) 28 | 29 | /** Magics 30 | * 31 | * The following magics are used to verify various things within uVisor.The 32 | * magics are chosen to be one of the explicitly undefined Thumb-2 33 | * instructions. 34 | */ 35 | #if defined(__thumb__) && defined(__thumb2__) 36 | #define UVISOR_RPC_GATEWAY_MAGIC_ASYNC UDF_OPCODE(0x07C2) 37 | #define UVISOR_RPC_GATEWAY_MAGIC_SYNC UDF_OPCODE(0x07C3) 38 | #define UVISOR_POOL_MAGIC UDF_OPCODE(0x07C4) 39 | #define UVISOR_POOL_QUEUE_MAGIC UDF_OPCODE(0x07C5) 40 | #define UVISOR_DEBUG_BOX_MAGIC UDF_OPCODE(0x07C6) 41 | #else 42 | #error "Unsupported instruction set. The ARM Thumb-2 instruction set must be supported." 43 | #endif /* __thumb__ && __thumb2__ */ 44 | 45 | 46 | #endif /* __UVISOR_API_MAGIC_EXPORTS_H__ */ 47 | -------------------------------------------------------------------------------- /api/inc/page_allocator.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_PAGE_ALLOCATOR_H__ 18 | #define __UVISOR_API_PAGE_ALLOCATOR_H__ 19 | 20 | #include "api/inc/uvisor_exports.h" 21 | #include "api/inc/page_allocator_exports.h" 22 | #include "api/inc/api.h" 23 | #include 24 | 25 | UVISOR_EXTERN_C_BEGIN 26 | 27 | /* Allocate a number of requested pages with the requested page size. 28 | * @param table.page_size[in] Must be equal to the current page size 29 | * @param table.page_count[in] The number of pages to be allocated 30 | * @param table.page_origins[out] Pointers to the page origins. The table must be large enough to hold page_count entries. 31 | * @returns Non-zero on failure with failure class `UVISOR_ERROR_CLASS_PAGE`. See `UVISOR_ERROR_PAGE_*`. 32 | */ 33 | static UVISOR_FORCEINLINE int uvisor_page_malloc(UvisorPageTable * const table) 34 | { 35 | return uvisor_api.page_malloc(table); 36 | } 37 | 38 | /* Free the pages associated with the table, only if it passes validation. 39 | * @returns Non-zero on failure with failure class `UVISOR_ERROR_CLASS_PAGE`. See `UVISOR_ERROR_PAGE_*`. 40 | */ 41 | static UVISOR_FORCEINLINE int uvisor_page_free(const UvisorPageTable * const table) 42 | { 43 | return uvisor_api.page_free(table); 44 | } 45 | 46 | /* @returns the active page size for one page. */ 47 | static UVISOR_FORCEINLINE uint32_t uvisor_get_page_size(void) 48 | { 49 | return __uvisor_page_size; 50 | } 51 | 52 | UVISOR_EXTERN_C_END 53 | 54 | #endif /* __UVISOR_API_PAGE_ALLOCATOR_H__ */ 55 | -------------------------------------------------------------------------------- /api/inc/page_allocator_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ 18 | #define __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ 19 | 20 | #include "api/inc/halt_exports.h" 21 | #include 22 | #include 23 | 24 | 25 | #define UVISOR_ERROR_PAGE_OK (0) 26 | #define UVISOR_ERROR_PAGE_OUT_OF_MEMORY (UVISOR_ERROR_CLASS_PAGE + 1) 27 | #define UVISOR_ERROR_PAGE_INVALID_PAGE_TABLE (UVISOR_ERROR_CLASS_PAGE + 2) 28 | #define UVISOR_ERROR_PAGE_INVALID_PAGE_SIZE (UVISOR_ERROR_CLASS_PAGE + 3) 29 | #define UVISOR_ERROR_PAGE_INVALID_PAGE_ORIGIN (UVISOR_ERROR_CLASS_PAGE + 4) 30 | #define UVISOR_ERROR_PAGE_INVALID_PAGE_OWNER (UVISOR_ERROR_CLASS_PAGE + 5) 31 | #define UVISOR_ERROR_PAGE_INVALID_PAGE_COUNT (UVISOR_ERROR_CLASS_PAGE + 6) 32 | 33 | /* Contains the uVisor page size. 34 | * @warning Do not read directly, instead use `uvisor_get_page_size()` accessor! */ 35 | UVISOR_EXTERN const uint32_t __uvisor_page_size; 36 | 37 | typedef struct { 38 | uint32_t page_size; /* The page size in bytes. Must be multiple of `UVISOR_PAGE_SIZE`! */ 39 | uint32_t page_count; /* The number of pages in the page table. */ 40 | void * page_origins[1]; /* Table of pointers to the origin of each page. */ 41 | } UvisorPageTable; 42 | 43 | #endif /* __UVISOR_API_PAGE_ALLOCATOR_EXPORTS_H__ */ 44 | -------------------------------------------------------------------------------- /api/inc/priv_sys_hooks_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_PRIV_SYS_HOOK_EXPORTS_H__ 18 | #define __UVISOR_API_PRIV_SYS_HOOK_EXPORTS_H__ 19 | 20 | /* Predeclaration */ 21 | typedef struct uvisor_semaphore UvisorSemaphore; 22 | 23 | /* 24 | * Privileged system hooks 25 | * 26 | * In this version of uVisor, uVisor lives alongside an RTOS that requires 27 | * running privileged code. In order for the RTOS to run any privileged code, 28 | * uVisor must allow the RTOS to handle a subset of privileged system 29 | * interrupts or system calls. Only the following system interrupts and system 30 | * calls are hookable. Code called by these hooks circumvents uVisor security. 31 | * HANDLE WITH CARE. */ 32 | typedef struct { 33 | void (*priv_svc_0)(void); 34 | void (*priv_pendsv)(void); 35 | void (*priv_systick)(void); 36 | int32_t (*priv_os_suspend)(void); 37 | int (*priv_uvisor_semaphore_post)(UvisorSemaphore * semaphore); 38 | } UvisorPrivSystemHooks; 39 | 40 | /* Use this macro to register privileged system IRQ hooks. If you don't want to 41 | * register a particular privileged system IRQ hook, you can supply NULL for 42 | * that hook parameter. */ 43 | #define UVISOR_SET_PRIV_SYS_HOOKS(priv_svc_0_, priv_pendsv_, priv_systick_, priv_os_suspend_, priv_uvisor_semaphore_post_) \ 44 | UVISOR_EXTERN_C_BEGIN \ 45 | const UvisorPrivSystemHooks __uvisor_priv_sys_hooks = { \ 46 | .priv_svc_0 = priv_svc_0_, \ 47 | .priv_pendsv = priv_pendsv_, \ 48 | .priv_systick = priv_systick_, \ 49 | .priv_os_suspend = priv_os_suspend_, \ 50 | .priv_uvisor_semaphore_post = priv_uvisor_semaphore_post_, \ 51 | }; \ 52 | UVISOR_EXTERN_C_END 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /api/inc/rpc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_RPC_H__ 18 | #define __UVISOR_API_RPC_H__ 19 | 20 | #include "api/inc/rpc_exports.h" 21 | #include "api/inc/uvisor_exports.h" 22 | #include 23 | #include 24 | 25 | 26 | /** Wait for incoming RPC. 27 | * 28 | * @param fn_ptr_array an array of RPC function targets that this call to 29 | * `rpc_fncall_waitfor` should handle RPC to 30 | * @param fn_count the number of function targets in this array 31 | * @param box_id_caller[out] a memory location to store the box ID of the 32 | * calling box (the source box of the RPC). This is 33 | * set before the RPC is dispatched, so that the RPC 34 | * target function can read from this location to 35 | * determine the calling box ID. Optional. 36 | * @param timeout_ms specifies how long to wait (in ms) for an incoming 37 | * RPC message before returning 38 | */ 39 | UVISOR_EXTERN int rpc_fncall_waitfor(const TFN_Ptr fn_ptr_array[], size_t fn_count, int * box_id_caller, uint32_t timeout_ms); 40 | 41 | /** Wait for an outgoing RPC to finish. 42 | * 43 | * Wait for the result of a previously started asynchronous RPC. After this 44 | * call, ret will contain the return value of the RPC. The return value of this 45 | * function may indicate that there was an error or a timeout with non-zero. 46 | * 47 | * @param result[in] The token to wait on for the result of an asynchronous RPC 48 | * @param timeout_ms[in] How long to wait (in ms) for the asynchronous RPC 49 | * message to finish before returning 50 | * @param ret[out] The return value resulting from the finished RPC to 51 | * the target function 52 | * @returns Non-zero on error or timeout, zero on successful wait 53 | */ 54 | UVISOR_EXTERN int rpc_fncall_wait(uvisor_rpc_result_t result, uint32_t timeout_ms, uint32_t * ret); 55 | 56 | #endif /* __UVISOR_API_RPC_H__ */ 57 | -------------------------------------------------------------------------------- /api/inc/rpc_gateway_exports.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016, ARM Limited, All Rights Reserved 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | #ifndef __UVISOR_API_RPC_GATEWAY_EXPORTS_H__ 18 | #define __UVISOR_API_RPC_GATEWAY_EXPORTS_H__ 19 | 20 | #include "api/inc/uvisor_exports.h" 21 | #include "api/inc/magic_exports.h" 22 | #include 23 | 24 | /* ldr pc, [pc, #