Building Secure and Non-secure images
ACLE provides tools allow you to build images that run in the Secure state of the ARMv8-M Security Extensions. You can also create an import library package that developers of Non-secure images must have for those images to call the Secure image.
For example, using amclang:
an image that runs in the Secure state you must include the
<arm_cmse.h> header in your code, and compile using the
-mcmse armclang command-line option. Doing this makes the following
- The Test Target,
- Non-secure function pointer intrinsics.
At startup, your Secure code must set up the Secure Attribution Unit (SAU) and call the Non-secure startup code.
Calling a Secure image from a Non-secure image using veneers
Calling a Secure image from a Non-secure image requires a transition from Non-secure to Secure state. A transition is initiated through Secure gateway veneers. Secure gateway veneers decouple the addresses from the rest of the Secure code.
An entry point in the Secure image,
The calling sequence is as follows:
- The Non-secure image uses the branch BL instruction to call the Secure gateway veneer for the required entry function in the Secure image:
- The Secure gateway veneer consists of the
SGinstruction and a call to the entry function in the Secure image using the
entryname SG B.W __acle_se_entryname
- The Secure image returns from the entry function using the
The following figure is a graphical representation of the calling sequence, but for clarity, the return from the entry function is not shown:
Import library package
An import library package identifies the entry functions available in a Secure image. The import library package contains:
- An interface header file, for
example h. You manually create this file using any text editor.
- An import library, for example o. armlink generates this library during the link stage for a Secure image.
You must have separate compile and link stages:
- To create an import library when building a Secure image.
- To use an import library when building a Non-secure image.