| ARM Trusted Firmware Interrupt Management Design guide |
| ====================================================== |
| |
| Contents : |
| |
| 1. [Introduction](#1-introduction) |
| * [Concepts](#11-concepts) |
| - [Interrupt Types](#111-interrupt-types) |
| - [Routing Model](#112-routing-model) |
| - [Valid Routing Models](#113-valid-routing-models) |
| + [Secure-EL1 Interrupts](#1131-secure-el1-interrupts) |
| + [Non-secure Interrupts](#1132-non-secure-interrupts) |
| + [EL3 interrupts](#1133-el3-interrupts) |
| - [Mapping of Interrupt Type to Signal](#114-mapping-of-interrupt-type-to-signal) |
| + [Effect of mapping of several interrupt types to one signal](#1141-effect-of-mapping-of-several-interrupt-types-to-one-signal) |
| - [Assumptions in Interrupt Management Framework](#12-assumptions-in-interrupt-management-framework) |
| |
| 2. [Interrupt Management](#2-interrupt-management) |
| * [Software Components](#21-software-components) |
| * [Interrupt Registration](#22-interrupt-registration) |
| - [EL3 Runtime Firmware](#221-el3-runtime-firmware) |
| - [Secure Payload Dispatcher](#222-secure-payload-dispatcher) |
| + [Test Secure Payload Dispatcher behavior](#2221-test-secure-payload-dispatcher-behavior) |
| - [Secure Payload](#223-secure-payload) |
| + [Secure Payload IHF design w.r.t Secure-EL1 interrupts](#2231-secure-payload-ihf-design-wrt-secure-el1-interrupts) |
| + [Secure Payload IHF design w.r.t Non-secure interrupts](#2232-secure-payload-ihf-design-wrt-non-secure-interrupts) |
| + [Test Secure Payload behavior](#2233-test-secure-payload-behavior) |
| * [Interrupt Handling](#23-interrupt-handling) |
| - [EL3 Runtime Firmware](#231-el3-runtime-firmware) |
| - [Secure Payload Dispatcher](#232-secure-payload-dispatcher) |
| + [Interrupt Entry](#2321-interrupt-entry) |
| + [Interrupt Exit](#2322-interrupt-exit) |
| + [Test secure payload dispatcher Secure-EL1 interrupt handling](#2323-test-secure-payload-dispatcher-secure-el1-interrupt-handling) |
| + [Test secure payload dispatcher non-secure interrupt handling](#2324-test-secure-payload-dispatcher-non-secure-interrupt-handling) |
| - [Secure Payload](#233-secure-payload) |
| + [Test Secure Payload behavior](#2331-test-secure-payload-behavior) |
| |
| 3. [Other considerations](#3-other-considerations) |
| * [Implication of preempted SMC on Non-Secure Software](#31-implication-of-preempted-smc-on-non-secure-software) |
| |
| |
| 1. Introduction |
| ---------------- |
| This document describes the design of the Interrupt management framework in ARM |
| Trusted Firmware. This section briefly describes the requirements from this |
| framework. It also briefly explains some concepts and assumptions. They will |
| help in understanding the implementation of the framework explained in |
| subsequent sections. |
| |
| This framework is responsible for managing interrupts routed to EL3. It also |
| allows EL3 software to configure the interrupt routing behavior. Its main |
| objective is to implement the following two requirements. |
| |
| 1. It should be possible to route interrupts meant to be handled by secure |
| software (Secure interrupts) to EL3, when execution is in non-secure state |
| (normal world). The framework should then take care of handing control of |
| the interrupt to either software in EL3 or Secure-EL1 depending upon the |
| software configuration and the GIC implementation. This requirement ensures |
| that secure interrupts are under the control of the secure software with |
| respect to their delivery and handling without the possibility of |
| intervention from non-secure software. |
| |
| 2. It should be possible to route interrupts meant to be handled by |
| non-secure software (Non-secure interrupts) to the last executed exception |
| level in the normal world when the execution is in secure world at |
| exception levels lower than EL3. This could be done with or without the |
| knowledge of software executing in Secure-EL1/Secure-EL0. The choice of |
| approach should be governed by the secure software. This requirement |
| ensures that non-secure software is able to execute in tandem with the |
| secure software without overriding it. |
| |
| ### 1.1 Concepts |
| |
| #### 1.1.1 Interrupt types |
| The framework categorises an interrupt to be one of the following depending upon |
| the exception level(s) it is handled in. |
| |
| 1. Secure EL1 interrupt. This type of interrupt can be routed to EL3 or |
| Secure-EL1 depending upon the security state of the current execution |
| context. It is always handled in Secure-EL1. |
| |
| 2. Non-secure interrupt. This type of interrupt can be routed to EL3, |
| Secure-EL1, Non-secure EL1 or EL2 depending upon the security state of the |
| current execution context. It is always handled in either Non-secure EL1 |
| or EL2. |
| |
| 3. EL3 interrupt. This type of interrupt can be routed to EL3 or Secure-EL1 |
| depending upon the security state of the current execution context. It is |
| always handled in EL3. |
| |
| The following constants define the various interrupt types in the framework |
| implementation. |
| |
| #define INTR_TYPE_S_EL1 0 |
| #define INTR_TYPE_EL3 1 |
| #define INTR_TYPE_NS 2 |
| |
| |
| #### 1.1.2 Routing model |
| A type of interrupt can be either generated as an FIQ or an IRQ. The target |
| exception level of an interrupt type is configured through the FIQ and IRQ bits |
| in the Secure Configuration Register at EL3 (`SCR_EL3.FIQ` and `SCR_EL3.IRQ` |
| bits). When `SCR_EL3.FIQ`=1, FIQs are routed to EL3. Otherwise they are routed |
| to the First Exception Level (FEL) capable of handling interrupts. When |
| `SCR_EL3.IRQ`=1, IRQs are routed to EL3. Otherwise they are routed to the |
| FEL. This register is configured independently by EL3 software for each security |
| state prior to entry into a lower exception level in that security state. |
| |
| A routing model for a type of interrupt (generated as FIQ or IRQ) is defined as |
| its target exception level for each security state. It is represented by a |
| single bit for each security state. A value of `0` means that the interrupt |
| should be routed to the FEL. A value of `1` means that the interrupt should be |
| routed to EL3. A routing model is applicable only when execution is not in EL3. |
| |
| The default routing model for an interrupt type is to route it to the FEL in |
| either security state. |
| |
| |
| #### 1.1.3 Valid routing models |
| The framework considers certain routing models for each type of interrupt to be |
| incorrect as they conflict with the requirements mentioned in Section 1. The |
| following sub-sections describe all the possible routing models and specify |
| which ones are valid or invalid. EL3 interrupts are currently supported only |
| for GIC version 3.0 (ARM GICv3) and only the Secure-EL1 and Non-secure interrupt |
| types are supported for GIC version 2.0 (ARM GICv2) (See 1.2). The terminology |
| used in the following sub-sections is explained below. |
| |
| 1. __CSS__. Current Security State. `0` when secure and `1` when non-secure |
| |
| 2. __TEL3__. Target Exception Level 3. `0` when targeted to the FEL. `1` when |
| targeted to EL3. |
| |
| |
| ##### 1.1.3.1 Secure-EL1 interrupts |
| |
| 1. __CSS=0, TEL3=0__. Interrupt is routed to the FEL when execution is in |
| secure state. This is a valid routing model as secure software is in |
| control of handling secure interrupts. |
| |
| 2. __CSS=0, TEL3=1__. Interrupt is routed to EL3 when execution is in secure |
| state. This is a valid routing model as secure software in EL3 can |
| handover the interrupt to Secure-EL1 for handling. |
| |
| 3. __CSS=1, TEL3=0__. Interrupt is routed to the FEL when execution is in |
| non-secure state. This is an invalid routing model as a secure interrupt |
| is not visible to the secure software which violates the motivation behind |
| the ARM Security Extensions. |
| |
| 4. __CSS=1, TEL3=1__. Interrupt is routed to EL3 when execution is in |
| non-secure state. This is a valid routing model as secure software in EL3 |
| can handover the interrupt to Secure-EL1 for handling. |
| |
| |
| ##### 1.1.3.2 Non-secure interrupts |
| |
| 1. __CSS=0, TEL3=0__. Interrupt is routed to the FEL when execution is in |
| secure state. This allows the secure software to trap non-secure |
| interrupts, perform its book-keeping and hand the interrupt to the |
| non-secure software through EL3. This is a valid routing model as secure |
| software is in control of how its execution is preempted by non-secure |
| interrupts. |
| |
| 2. __CSS=0, TEL3=1__. Interrupt is routed to EL3 when execution is in secure |
| state. This is a valid routing model as secure software in EL3 can save |
| the state of software in Secure-EL1/Secure-EL0 before handing the |
| interrupt to non-secure software. This model requires additional |
| coordination between Secure-EL1 and EL3 software to ensure that the |
| former's state is correctly saved by the latter. |
| |
| 3. __CSS=1, TEL3=0__. Interrupt is routed to FEL when execution is in |
| non-secure state. This is an valid routing model as a non-secure interrupt |
| is handled by non-secure software. |
| |
| 4. __CSS=1, TEL3=1__. Interrupt is routed to EL3 when execution is in |
| non-secure state. This is an invalid routing model as there is no valid |
| reason to route the interrupt to EL3 software and then hand it back to |
| non-secure software for handling. |
| |
| |
| ##### 1.1.3.3 EL3 interrupts |
| |
| 1. __CSS=0, TEL3=0__. Interrupt is routed to the FEL when execution is in |
| Secure-EL1/Secure-EL0. This is a valid routing model as secure software |
| in Secure-EL1/Secure-EL0 is in control of how its execution is preempted |
| by EL3 interrupt and can handover the interrupt to EL3 for handling. |
| |
| 2. __CSS=0, TEL3=1__. Interrupt is routed to EL3 when execution is in |
| Secure-EL1/Secure-EL0. This is a valid routing model as secure software |
| in EL3 can handle the interrupt. |
| |
| 3. __CSS=1, TEL3=0__. Interrupt is routed to the FEL when execution is in |
| non-secure state. This is an invalid routing model as a secure interrupt |
| is not visible to the secure software which violates the motivation behind |
| the ARM Security Extensions. |
| |
| 4. __CSS=1, TEL3=1__. Interrupt is routed to EL3 when execution is in |
| non-secure state. This is a valid routing model as secure software in EL3 |
| can handle the interrupt. |
| |
| |
| #### 1.1.4 Mapping of interrupt type to signal |
| The framework is meant to work with any interrupt controller implemented by a |
| platform. A interrupt controller could generate a type of interrupt as either an |
| FIQ or IRQ signal to the CPU depending upon the current security state. The |
| mapping between the type and signal is known only to the platform. The framework |
| uses this information to determine whether the IRQ or the FIQ bit should be |
| programmed in `SCR_EL3` while applying the routing model for a type of |
| interrupt. The platform provides this information through the |
| `plat_interrupt_type_to_line()` API (described in the [Porting |
| Guide]). For example, on the FVP port when the platform uses an ARM GICv2 |
| interrupt controller, Secure-EL1 interrupts are signaled through the FIQ signal |
| while Non-secure interrupts are signaled through the IRQ signal. This applies |
| when execution is in either security state. |
| |
| |
| ##### 1.1.4.1 Effect of mapping of several interrupt types to one signal |
| It should be noted that if more than one interrupt type maps to a single |
| interrupt signal, and if any one of the interrupt type sets __TEL3=1__ for a |
| particular security state, then interrupt signal will be routed to EL3 when in |
| that security state. This means that all the other interrupt types using the |
| same interrupt signal will be forced to the same routing model. This should be |
| borne in mind when choosing the routing model for an interrupt type. |
| |
| For example, in ARM GICv3, when the execution context is Secure-EL1/ |
| Secure-EL0, both the EL3 and the non secure interrupt types map to the FIQ |
| signal. So if either one of the interrupt type sets the routing model so |
| that __TEL3=1__ when __CSS=0__, the FIQ bit in `SCR_EL3` will be programmed to |
| route the FIQ signal to EL3 when executing in Secure-EL1/Secure-EL0, thereby |
| effectively routing the other interrupt type also to EL3. |
| |
| |
| ### 1.2 Assumptions in Interrupt Management Framework |
| The framework makes the following assumptions to simplify its implementation. |
| |
| 1. Although the framework has support for 2 types of secure interrupts (EL3 |
| and Secure-EL1 interrupt), only interrupt controller architectures |
| like ARM GICv3 has architectural support for EL3 interrupts in the form of |
| Group 0 interrupts. In ARM GICv2, all secure interrupts are assumed to be |
| handled in Secure-EL1. They can be delivered to Secure-EL1 via EL3 but they |
| cannot be handled in EL3. |
| |
| 2. Interrupt exceptions (`PSTATE.I` and `F` bits) are masked during execution |
| in EL3. |
| |
| |
| 2. Interrupt management |
| ----------------------- |
| The following sections describe how interrupts are managed by the interrupt |
| handling framework. This entails: |
| |
| 1. Providing an interface to allow registration of a handler and specification |
| of the routing model for a type of interrupt. |
| |
| 2. Implementing support to hand control of an interrupt type to its registered |
| handler when the interrupt is generated. |
| |
| Both aspects of interrupt management involve various components in the secure |
| software stack spanning from EL3 to Secure-EL1. These components are described |
| in the section 2.1. The framework stores information associated with each type |
| of interrupt in the following data structure. |
| |
| ``` |
| typedef struct intr_type_desc { |
| interrupt_type_handler_t handler; |
| uint32_t flags; |
| uint32_t scr_el3[2]; |
| } intr_type_desc_t; |
| ``` |
| |
| The `flags` field stores the routing model for the interrupt type in |
| bits[1:0]. Bit[0] stores the routing model when execution is in the secure |
| state. Bit[1] stores the routing model when execution is in the non-secure |
| state. As mentioned in Section 1.2.2, a value of `0` implies that the interrupt |
| should be targeted to the FEL. A value of `1` implies that it should be targeted |
| to EL3. The remaining bits are reserved and SBZ. The helper macro |
| `set_interrupt_rm_flag()` should be used to set the bits in the `flags` |
| parameter. |
| |
| The `scr_el3[2]` field also stores the routing model but as a mapping of the |
| model in the `flags` field to the corresponding bit in the `SCR_EL3` for each |
| security state. |
| |
| The framework also depends upon the platform port to configure the interrupt |
| controller to distinguish between secure and non-secure interrupts. The platform |
| is expected to be aware of the secure devices present in the system and their |
| associated interrupt numbers. It should configure the interrupt controller to |
| enable the secure interrupts, ensure that their priority is always higher than |
| the non-secure interrupts and target them to the primary CPU. It should also |
| export the interface described in the [Porting Guide] to enable |
| handling of interrupts. |
| |
| In the remainder of this document, for the sake of simplicity a ARM GICv2 system |
| is considered and it is assumed that the FIQ signal is used to generate Secure-EL1 |
| interrupts and the IRQ signal is used to generate non-secure interrupts in either |
| security state. EL3 interrupts are not considered. |
| |
| |
| ### 2.1 Software components |
| Roles and responsibilities for interrupt management are sub-divided between the |
| following components of software running in EL3 and Secure-EL1. Each component is |
| briefly described below. |
| |
| 1. EL3 Runtime Firmware. This component is common to all ports of the ARM |
| Trusted Firmware. |
| |
| 2. Secure Payload Dispatcher (SPD) service. This service interfaces with the |
| Secure Payload (SP) software which runs in Secure-EL1/Secure-EL0 and is |
| responsible for switching execution between secure and non-secure states. |
| A switch is triggered by a Secure Monitor Call and it uses the APIs |
| exported by the Context management library to implement this functionality. |
| Switching execution between the two security states is a requirement for |
| interrupt management as well. This results in a significant dependency on |
| the SPD service. ARM Trusted firmware implements an example Test Secure |
| Payload Dispatcher (TSPD) service. |
| |
| An SPD service plugs into the EL3 runtime firmware and could be common to |
| some ports of the ARM Trusted Firmware. |
| |
| 3. Secure Payload (SP). On a production system, the Secure Payload corresponds |
| to a Secure OS which runs in Secure-EL1/Secure-EL0. It interfaces with the |
| SPD service to manage communication with non-secure software. ARM Trusted |
| Firmware implements an example secure payload called Test Secure Payload |
| (TSP) which runs only in Secure-EL1. |
| |
| A Secure payload implementation could be common to some ports of the ARM |
| Trusted Firmware just like the SPD service. |
| |
| |
| ### 2.2 Interrupt registration |
| This section describes in detail the role of each software component (see 2.1) |
| during the registration of a handler for an interrupt type. |
| |
| |
| #### 2.2.1 EL3 runtime firmware |
| This component declares the following prototype for a handler of an interrupt type. |
| |
| typedef uint64_t (*interrupt_type_handler_t)(uint32_t id, |
| uint32_t flags, |
| void *handle, |
| void *cookie); |
| |
| The `id` is parameter is reserved and could be used in the future for passing |
| the interrupt id of the highest pending interrupt only if there is a foolproof |
| way of determining the id. Currently it contains `INTR_ID_UNAVAILABLE`. |
| |
| The `flags` parameter contains miscellaneous information as follows. |
| |
| 1. Security state, bit[0]. This bit indicates the security state of the lower |
| exception level when the interrupt was generated. A value of `1` means |
| that it was in the non-secure state. A value of `0` indicates that it was |
| in the secure state. This bit can be used by the handler to ensure that |
| interrupt was generated and routed as per the routing model specified |
| during registration. |
| |
| 2. Reserved, bits[31:1]. The remaining bits are reserved for future use. |
| |
| The `handle` parameter points to the `cpu_context` structure of the current CPU |
| for the security state specified in the `flags` parameter. |
| |
| Once the handler routine completes, execution will return to either the secure |
| or non-secure state. The handler routine should return a pointer to |
| `cpu_context` structure of the current CPU for the target security state. It |
| should treat all error conditions as critical errors and take appropriate action |
| within its implementation e.g. use assertion failures. |
| |
| The runtime firmware provides the following API for registering a handler for a |
| particular type of interrupt. A Secure Payload Dispatcher service should use |
| this API to register a handler for Secure-EL1 and optionally for non-secure |
| interrupts. This API also requires the caller to specify the routing model for |
| the type of interrupt. |
| |
| int32_t register_interrupt_type_handler(uint32_t type, |
| interrupt_type_handler handler, |
| uint64_t flags); |
| |
| |
| The `type` parameter can be one of the three interrupt types listed above i.e. |
| `INTR_TYPE_S_EL1`, `INTR_TYPE_NS` & `INTR_TYPE_EL3`. The `flags` parameter |
| is as described in Section 2. |
| |
| The function will return `0` upon a successful registration. It will return |
| `-EALREADY` in case a handler for the interrupt type has already been |
| registered. If the `type` is unrecognised or the `flags` or the `handler` are |
| invalid it will return `-EINVAL`. |
| |
| Interrupt routing is governed by the configuration of the `SCR_EL3.FIQ/IRQ` bits |
| prior to entry into a lower exception level in either security state. The |
| context management library maintains a copy of the `SCR_EL3` system register for |
| each security state in the `cpu_context` structure of each CPU. It exports the |
| following APIs to let EL3 Runtime Firmware program and retrieve the routing |
| model for each security state for the current CPU. The value of `SCR_EL3` stored |
| in the `cpu_context` is used by the `el3_exit()` function to program the |
| `SCR_EL3` register prior to returning from the EL3 exception level. |
| |
| uint32_t cm_get_scr_el3(uint32_t security_state); |
| void cm_write_scr_el3_bit(uint32_t security_state, |
| uint32_t bit_pos, |
| uint32_t value); |
| |
| `cm_get_scr_el3()` returns the value of the `SCR_EL3` register for the specified |
| security state of the current CPU. `cm_write_scr_el3()` writes a `0` or `1` to |
| the bit specified by `bit_pos`. `register_interrupt_type_handler()` invokes |
| `set_routing_model()` API which programs the `SCR_EL3` according to the routing |
| model using the `cm_get_scr_el3()` and `cm_write_scr_el3_bit()` APIs. |
| |
| It is worth noting that in the current implementation of the framework, the EL3 |
| runtime firmware is responsible for programming the routing model. The SPD is |
| responsible for ensuring that the routing model has been adhered to upon |
| receiving an interrupt. |
| |
| |
| #### 2.2.2 Secure payload dispatcher |
| A SPD service is responsible for determining and maintaining the interrupt |
| routing model supported by itself and the Secure Payload. It is also responsible |
| for ferrying interrupts between secure and non-secure software depending upon |
| the routing model. It could determine the routing model at build time or at |
| runtime. It must use this information to register a handler for each interrupt |
| type using the `register_interrupt_type_handler()` API in EL3 runtime firmware. |
| |
| If the routing model is not known to the SPD service at build time, then it must |
| be provided by the SP as the result of its initialisation. The SPD should |
| program the routing model only after SP initialisation has completed e.g. in the |
| SPD initialisation function pointed to by the `bl32_init` variable. |
| |
| The SPD should determine the mechanism to pass control to the Secure Payload |
| after receiving an interrupt from the EL3 runtime firmware. This information |
| could either be provided to the SPD service at build time or by the SP at |
| runtime. |
| |
| |
| #### 2.2.2.1 Test secure payload dispatcher behavior |
| The TSPD only handles Secure-EL1 interrupts and is provided with the following |
| routing model at build time. |
| |
| * Secure-EL1 interrupts are routed to EL3 when execution is in non-secure |
| state and are routed to the FEL when execution is in the secure state |
| i.e __CSS=0, TEL3=0__ & __CSS=1, TEL3=1__ for Secure-EL1 interrupts |
| |
| * When the build flag `TSP_NS_INTR_ASYNC_PREEMPT` is zero, the default routing |
| model is used for non-secure interrupts. They are routed to the FEL in |
| either security state i.e __CSS=0, TEL3=0__ & __CSS=1, TEL3=0__ for |
| Non-secure interrupts. |
| |
| * When the build flag `TSP_NS_INTR_ASYNC_PREEMPT` is defined to 1, then the |
| non secure interrupts are routed to EL3 when execution is in secure state |
| i.e __CSS=0, TEL3=1__ for non-secure interrupts. This effectively preempts |
| Secure-EL1. The default routing model is used for non secure interrupts in |
| non-secure state. i.e __CSS=1, TEL3=0__. |
| |
| It performs the following actions in the `tspd_init()` function to fulfill the |
| requirements mentioned earlier. |
| |
| 1. It passes control to the Test Secure Payload to perform its |
| initialisation. The TSP provides the address of the vector table |
| `tsp_vectors` in the SP which also includes the handler for Secure-EL1 |
| interrupts in the `sel1_intr_entry` field. The TSPD passes control to the TSP at |
| this address when it receives a Secure-EL1 interrupt. |
| |
| The handover agreement between the TSP and the TSPD requires that the TSPD |
| masks all interrupts (`PSTATE.DAIF` bits) when it calls |
| `tsp_sel1_intr_entry()`. The TSP has to preserve the callee saved general |
| purpose, SP_EL1/Secure-EL0, LR, VFP and system registers. It can use |
| `x0-x18` to enable its C runtime. |
| |
| 2. The TSPD implements a handler function for Secure-EL1 interrupts. This |
| function is registered with the EL3 runtime firmware using the |
| `register_interrupt_type_handler()` API as follows |
| |
| /* Forward declaration */ |
| interrupt_type_handler tspd_secure_el1_interrupt_handler; |
| int32_t rc, flags = 0; |
| set_interrupt_rm_flag(flags, NON_SECURE); |
| rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, |
| tspd_secure_el1_interrupt_handler, |
| flags); |
| if (rc) |
| panic(); |
| |
| 3. When the build flag `TSP_NS_INTR_ASYNC_PREEMPT` is defined to 1, the TSPD |
| implements a handler function for non-secure interrupts. This function is |
| registered with the EL3 runtime firmware using the |
| `register_interrupt_type_handler()` API as follows |
| |
| /* Forward declaration */ |
| interrupt_type_handler tspd_ns_interrupt_handler; |
| int32_t rc, flags = 0; |
| set_interrupt_rm_flag(flags, SECURE); |
| rc = register_interrupt_type_handler(INTR_TYPE_NS, |
| tspd_ns_interrupt_handler, |
| flags); |
| if (rc) |
| panic(); |
| |
| |
| #### 2.2.3 Secure payload |
| A Secure Payload must implement an interrupt handling framework at Secure-EL1 |
| (Secure-EL1 IHF) to support its chosen interrupt routing model. Secure payload |
| execution will alternate between the below cases. |
| |
| 1. In the code where IRQ, FIQ or both interrupts are enabled, if an interrupt |
| type is targeted to the FEL, then it will be routed to the Secure-EL1 |
| exception vector table. This is defined as the __asynchronous mode__ of |
| handling interrupts. This mode applies to both Secure-EL1 and non-secure |
| interrupts. |
| |
| 2. In the code where both interrupts are disabled, if an interrupt type is |
| targeted to the FEL, then execution will eventually migrate to the |
| non-secure state. Any non-secure interrupts will be handled as described |
| in the routing model where __CSS=1 and TEL3=0__. Secure-EL1 interrupts |
| will be routed to EL3 (as per the routing model where __CSS=1 and |
| TEL3=1__) where the SPD service will hand them to the SP. This is defined |
| as the __synchronous mode__ of handling interrupts. |
| |
| The interrupt handling framework implemented by the SP should support one or |
| both these interrupt handling models depending upon the chosen routing model. |
| |
| The following list briefly describes how the choice of a valid routing model |
| (See 1.2.3) effects the implementation of the Secure-EL1 IHF. If the choice of |
| the interrupt routing model is not known to the SPD service at compile time, |
| then the SP should pass this information to the SPD service at runtime during |
| its initialisation phase. |
| |
| As mentioned earlier, a ARM GICv2 system is considered and it is assumed that |
| the FIQ signal is used to generate Secure-EL1 interrupts and the IRQ signal |
| is used to generate non-secure interrupts in either security state. |
| |
| |
| ##### 2.2.3.1 Secure payload IHF design w.r.t secure-EL1 interrupts |
| 1. __CSS=0, TEL3=0__. If `PSTATE.F=0`, Secure-EL1 interrupts will be |
| triggered at one of the Secure-EL1 FIQ exception vectors. The Secure-EL1 |
| IHF should implement support for handling FIQ interrupts asynchronously. |
| |
| If `PSTATE.F=1` then Secure-EL1 interrupts will be handled as per the |
| synchronous interrupt handling model. The SP could implement this scenario |
| by exporting a separate entrypoint for Secure-EL1 interrupts to the SPD |
| service during the registration phase. The SPD service would also need to |
| know the state of the system, general purpose and the `PSTATE` registers |
| in which it should arrange to return execution to the SP. The SP should |
| provide this information in an implementation defined way during the |
| registration phase if it is not known to the SPD service at build time. |
| |
| 2. __CSS=1, TEL3=1__. Interrupts are routed to EL3 when execution is in |
| non-secure state. They should be handled through the synchronous interrupt |
| handling model as described in 1. above. |
| |
| 3. __CSS=0, TEL3=1__. Secure-EL1 interrupts are routed to EL3 when execution |
| is in secure state. They will not be visible to the SP. The `PSTATE.F` bit |
| in Secure-EL1/Secure-EL0 will not mask FIQs. The EL3 runtime firmware will |
| call the handler registered by the SPD service for Secure-EL1 interrupts. |
| Secure-EL1 IHF should then handle all Secure-EL1 interrupt through the |
| synchronous interrupt handling model described in 1. above. |
| |
| |
| ##### 2.2.3.2 Secure payload IHF design w.r.t non-secure interrupts |
| 1. __CSS=0, TEL3=0__. If `PSTATE.I=0`, non-secure interrupts will be |
| triggered at one of the Secure-EL1 IRQ exception vectors . The Secure-EL1 |
| IHF should co-ordinate with the SPD service to transfer execution to the |
| non-secure state where the interrupt should be handled e.g the SP could |
| allocate a function identifier to issue a SMC64 or SMC32 to the SPD |
| service which indicates that the SP execution has been preempted by a |
| non-secure interrupt. If this function identifier is not known to the SPD |
| service at compile time then the SP could provide it during the |
| registration phase. |
| |
| If `PSTATE.I=1` then the non-secure interrupt will pend until execution |
| resumes in the non-secure state. |
| |
| 2. __CSS=0, TEL3=1__. Non-secure interrupts are routed to EL3. They will not |
| be visible to the SP. The `PSTATE.I` bit in Secure-EL1/Secure-EL0 will |
| have not effect. The SPD service should register a non-secure interrupt |
| handler which should save the SP state correctly and resume execution in |
| the non-secure state where the interrupt will be handled. The Secure-EL1 |
| IHF does not need to take any action. |
| |
| 3. __CSS=1, TEL3=0__. Non-secure interrupts are handled in the FEL in |
| non-secure state (EL1/EL2) and are not visible to the SP. This routing |
| model does not affect the SP behavior. |
| |
| A Secure Payload must also ensure that all Secure-EL1 interrupts are correctly |
| configured at the interrupt controller by the platform port of the EL3 runtime |
| firmware. It should configure any additional Secure-EL1 interrupts which the EL3 |
| runtime firmware is not aware of through its platform port. |
| |
| |
| #### 2.2.3.3 Test secure payload behavior |
| The routing model for Secure-EL1 and non-secure interrupts chosen by the TSP is |
| described in Section 2.2.2. It is known to the TSPD service at build time. |
| |
| The TSP implements an entrypoint (`tsp_sel1_intr_entry()`) for handling Secure-EL1 |
| interrupts taken in non-secure state and routed through the TSPD service |
| (synchronous handling model). It passes the reference to this entrypoint via |
| `tsp_vectors` to the TSPD service. |
| |
| The TSP also replaces the default exception vector table referenced through the |
| `early_exceptions` variable, with a vector table capable of handling FIQ and IRQ |
| exceptions taken at the same (Secure-EL1) exception level. This table is |
| referenced through the `tsp_exceptions` variable and programmed into the |
| VBAR_EL1. It caters for the asynchronous handling model. |
| |
| The TSP also programs the Secure Physical Timer in the ARM Generic Timer block |
| to raise a periodic interrupt (every half a second) for the purpose of testing |
| interrupt management across all the software components listed in 2.1 |
| |
| |
| ### 2.3 Interrupt handling |
| This section describes in detail the role of each software component (see |
| Section 2.1) in handling an interrupt of a particular type. |
| |
| |
| #### 2.3.1 EL3 runtime firmware |
| The EL3 runtime firmware populates the IRQ and FIQ exception vectors referenced |
| by the `runtime_exceptions` variable as follows. |
| |
| 1. IRQ and FIQ exceptions taken from the current exception level with |
| `SP_EL0` or `SP_EL3` are reported as irrecoverable error conditions. As |
| mentioned earlier, EL3 runtime firmware always executes with the |
| `PSTATE.I` and `PSTATE.F` bits set. |
| |
| 2. The following text describes how the IRQ and FIQ exceptions taken from a |
| lower exception level using AArch64 or AArch32 are handled. |
| |
| When an interrupt is generated, the vector for each interrupt type is |
| responsible for: |
| |
| 1. Saving the entire general purpose register context (x0-x30) immediately |
| upon exception entry. The registers are saved in the per-cpu `cpu_context` |
| data structure referenced by the `SP_EL3`register. |
| |
| 2. Saving the `ELR_EL3`, `SP_EL0` and `SPSR_EL3` system registers in the |
| per-cpu `cpu_context` data structure referenced by the `SP_EL3` register. |
| |
| 3. Switching to the C runtime stack by restoring the `CTX_RUNTIME_SP` value |
| from the per-cpu `cpu_context` data structure in `SP_EL0` and |
| executing the `msr spsel, #0` instruction. |
| |
| 4. Determining the type of interrupt. Secure-EL1 interrupts will be signaled |
| at the FIQ vector. Non-secure interrupts will be signaled at the IRQ |
| vector. The platform should implement the following API to determine the |
| type of the pending interrupt. |
| |
| uint32_t plat_ic_get_interrupt_type(void); |
| |
| It should return either `INTR_TYPE_S_EL1` or `INTR_TYPE_NS`. |
| |
| 5. Determining the handler for the type of interrupt that has been generated. |
| The following API has been added for this purpose. |
| |
| interrupt_type_handler get_interrupt_type_handler(uint32_t interrupt_type); |
| |
| It returns the reference to the registered handler for this interrupt |
| type. The `handler` is retrieved from the `intr_type_desc_t` structure as |
| described in Section 2. `NULL` is returned if no handler has been |
| registered for this type of interrupt. This scenario is reported as an |
| irrecoverable error condition. |
| |
| 6. Calling the registered handler function for the interrupt type generated. |
| The `id` parameter is set to `INTR_ID_UNAVAILABLE` currently. The id along |
| with the current security state and a reference to the `cpu_context_t` |
| structure for the current security state are passed to the handler function |
| as its arguments. |
| |
| The handler function returns a reference to the per-cpu `cpu_context_t` |
| structure for the target security state. |
| |
| 7. Calling `el3_exit()` to return from EL3 into a lower exception level in |
| the security state determined by the handler routine. The `el3_exit()` |
| function is responsible for restoring the register context from the |
| `cpu_context_t` data structure for the target security state. |
| |
| |
| #### 2.3.2 Secure payload dispatcher |
| |
| ##### 2.3.2.1 Interrupt entry |
| The SPD service begins handling an interrupt when the EL3 runtime firmware calls |
| the handler function for that type of interrupt. The SPD service is responsible |
| for the following: |
| |
| 1. Validating the interrupt. This involves ensuring that the interrupt was |
| generating according to the interrupt routing model specified by the SPD |
| service during registration. It should use the security state of the |
| exception level (passed in the `flags` parameter of the handler) where |
| the interrupt was taken from to determine this. If the interrupt is not |
| recognised then the handler should treat it as an irrecoverable error |
| condition. |
| |
| A SPD service can register a handler for Secure-EL1 and/or Non-secure |
| interrupts. A non-secure interrupt should never be routed to EL3 from |
| from non-secure state. Also if a routing model is chosen where Secure-EL1 |
| interrupts are routed to S-EL1 when execution is in Secure state, then a |
| S-EL1 interrupt should never be routed to EL3 from secure state. The handler |
| could use the security state flag to check this. |
| |
| 2. Determining whether a context switch is required. This depends upon the |
| routing model and interrupt type. For non secure and S-EL1 interrupt, |
| if the security state of the execution context where the interrupt was |
| generated is not the same as the security state required for handling |
| the interrupt, a context switch is required. The following 2 cases |
| require a context switch from secure to non-secure or vice-versa: |
| |
| 1. A Secure-EL1 interrupt taken from the non-secure state should be |
| routed to the Secure Payload. |
| |
| 2. A non-secure interrupt taken from the secure state should be routed |
| to the last known non-secure exception level. |
| |
| The SPD service must save the system register context of the current |
| security state. It must then restore the system register context of the |
| target security state. It should use the `cm_set_next_eret_context()` API |
| to ensure that the next `cpu_context` to be restored is of the target |
| security state. |
| |
| If the target state is secure then execution should be handed to the SP as |
| per the synchronous interrupt handling model it implements. A Secure-EL1 |
| interrupt can be routed to EL3 while execution is in the SP. This implies |
| that SP execution can be preempted while handling an interrupt by a |
| another higher priority Secure-EL1 interrupt or a EL3 interrupt. The SPD |
| service should be able to handle this preemption or manage secure interrupt |
| priorities before handing control to the SP. |
| |
| 3. Setting the return value of the handler to the per-cpu `cpu_context` if |
| the interrupt has been successfully validated and ready to be handled at a |
| lower exception level. |
| |
| The routing model allows non-secure interrupts to interrupt Secure-EL1 when in |
| secure state if it has been configured to do so. The SPD service and the SP |
| should implement a mechanism for routing these interrupts to the last known |
| exception level in the non-secure state. The former should save the SP context, |
| restore the non-secure context and arrange for entry into the non-secure state |
| so that the interrupt can be handled. |
| |
| |
| ##### 2.3.2.2 Interrupt exit |
| When the Secure Payload has finished handling a Secure-EL1 interrupt, it could |
| return control back to the SPD service through a SMC32 or SMC64. The SPD service |
| should handle this secure monitor call so that execution resumes in the |
| exception level and the security state from where the Secure-EL1 interrupt was |
| originally taken. |
| |
| |
| ##### 2.3.2.3 Test secure payload dispatcher Secure-EL1 interrupt handling |
| The example TSPD service registers a handler for Secure-EL1 interrupts taken |
| from the non-secure state. During execution in S-EL1, the TSPD expects that the |
| Secure-EL1 interrupts are handled in S-EL1 by TSP. Its handler |
| `tspd_secure_el1_interrupt_handler()` expects only to be invoked for Secure-EL1 |
| originating from the non-secure state. It takes the following actions upon being |
| invoked. |
| |
| 1. It uses the security state provided in the `flags` parameter to ensure |
| that the secure interrupt originated from the non-secure state. It asserts |
| if this is not the case. |
| |
| 2. It saves the system register context for the non-secure state by calling |
| `cm_el1_sysregs_context_save(NON_SECURE);`. |
| |
| 3. It sets the `ELR_EL3` system register to `tsp_sel1_intr_entry` and sets the |
| `SPSR_EL3.DAIF` bits in the secure CPU context. It sets `x0` to |
| `TSP_HANDLE_SEL1_INTR_AND_RETURN`. If the TSP was preempted earlier by a non |
| secure interrupt during `standard` SMC processing, save the registers that |
| will be trashed, which is the `ELR_EL3` and `SPSR_EL3`, in order to be able |
| to re-enter TSP for Secure-EL1 interrupt processing. It does not need to |
| save any other secure context since the TSP is expected to preserve it |
| (see Section 2.2.2.1). |
| |
| 4. It restores the system register context for the secure state by calling |
| `cm_el1_sysregs_context_restore(SECURE);`. |
| |
| 5. It ensures that the secure CPU context is used to program the next |
| exception return from EL3 by calling `cm_set_next_eret_context(SECURE);`. |
| |
| 6. It returns the per-cpu `cpu_context` to indicate that the interrupt can |
| now be handled by the SP. `x1` is written with the value of `elr_el3` |
| register for the non-secure state. This information is used by the SP for |
| debugging purposes. |
| |
| The figure below describes how the interrupt handling is implemented by the TSPD |
| when a Secure-EL1 interrupt is generated when execution is in the non-secure |
| state. |
| |
| ![Image 1](diagrams/sec-int-handling.png?raw=true) |
| |
| The TSP issues an SMC with `TSP_HANDLED_S_EL1_INTR` as the function identifier to |
| signal completion of interrupt handling. |
| |
| The TSPD service takes the following actions in `tspd_smc_handler()` function |
| upon receiving an SMC with `TSP_HANDLED_S_EL1_INTR` as the function identifier: |
| |
| 1. It ensures that the call originated from the secure state otherwise |
| execution returns to the non-secure state with `SMC_UNK` in `x0`. |
| |
| 2. It restores the saved `ELR_EL3` and `SPSR_EL3` system registers back to |
| the secure CPU context (see step 3 above) in case the TSP had been preempted |
| by a non secure interrupt earlier. |
| |
| 3. It restores the system register context for the non-secure state by |
| calling `cm_el1_sysregs_context_restore(NON_SECURE)`. |
| |
| 4. It ensures that the non-secure CPU context is used to program the next |
| exception return from EL3 by calling `cm_set_next_eret_context(NON_SECURE)`. |
| |
| 5. `tspd_smc_handler()` returns a reference to the non-secure `cpu_context` |
| as the return value. |
| |
| |
| ##### 2.3.2.4 Test secure payload dispatcher non-secure interrupt handling |
| The TSP in Secure-EL1 can be preempted by a non-secure interrupt during |
| `standard` SMC processing or by a higher priority EL3 interrupt during |
| Secure-EL1 interrupt processing. Currently only non-secure interrupts can |
| cause preemption of TSP since there are no EL3 interrupts in the |
| system. |
| |
| It should be noted that while TSP is preempted, the TSPD only allows entry into |
| the TSP either for Secure-EL1 interrupt handling or for resuming the preempted |
| `standard` SMC in response to the `TSP_FID_RESUME` SMC from the normal world. |
| (See Section 3). |
| |
| The non-secure interrupt triggered in Secure-EL1 during `standard` SMC processing |
| can be routed to either EL3 or Secure-EL1 and is controlled by build option |
| `TSP_NS_INTR_ASYNC_PREEMPT` (see Section 2.2.2.1). If the build option is set, |
| the TSPD will set the routing model for the non-secure interrupt to be routed to |
| EL3 from secure state i.e. __TEL3=1, CSS=0__ and registers |
| `tspd_ns_interrupt_handler()` as the non-secure interrupt handler. The |
| `tspd_ns_interrupt_handler()` on being invoked ensures that the interrupt |
| originated from the secure state and disables routing of non-secure interrupts |
| from secure state to EL3. This is to prevent further preemption (by a non-secure |
| interrupt) when TSP is reentered for handling Secure-EL1 interrupts that |
| triggered while execution was in the normal world. The |
| `tspd_ns_interrupt_handler()` then invokes `tspd_handle_sp_preemption()` for |
| further handling. |
| |
| If the `TSP_NS_INTR_ASYNC_PREEMPT` build option is zero (default), the default |
| routing model for non-secure interrupt in secure state is in effect |
| i.e. __TEL3=0, CSS=0__. During `standard` SMC processing, the IRQ |
| exceptions are unmasked i.e. `PSTATE.I=0`, and a non-secure interrupt will |
| trigger at Secure-EL1 IRQ exception vector. The TSP saves the general purpose |
| register context and issues an SMC with `TSP_PREEMPTED` as the function |
| identifier to signal preemption of TSP. The TSPD SMC handler, |
| `tspd_smc_handler()`, ensures that the SMC call originated from the |
| secure state otherwise execution returns to the non-secure state with |
| `SMC_UNK` in `x0`. It then invokes `tspd_handle_sp_preemption()` for |
| further handling. |
| |
| The `tspd_handle_sp_preemption()` takes the following actions upon being |
| invoked: |
| |
| 1. It saves the system register context for the secure state by calling |
| `cm_el1_sysregs_context_save(SECURE)`. |
| |
| 2. It restores the system register context for the non-secure state by |
| calling `cm_el1_sysregs_context_restore(NON_SECURE)`. |
| |
| 3. It ensures that the non-secure CPU context is used to program the next |
| exception return from EL3 by calling `cm_set_next_eret_context(NON_SECURE)`. |
| |
| 4. `SMC_PREEMPTED` is set in x0 and return to non secure state after |
| restoring non secure context. |
| |
| The Normal World is expected to resume the TSP after the `standard` SMC preemption |
| by issuing an SMC with `TSP_FID_RESUME` as the function identifier (see section 3). |
| The TSPD service takes the following actions in `tspd_smc_handler()` function |
| upon receiving this SMC: |
| |
| 1. It ensures that the call originated from the non secure state. An |
| assertion is raised otherwise. |
| |
| 2. Checks whether the TSP needs a resume i.e check if it was preempted. It |
| then saves the system register context for the non-secure state by calling |
| `cm_el1_sysregs_context_save(NON_SECURE)`. |
| |
| 3. Restores the secure context by calling |
| `cm_el1_sysregs_context_restore(SECURE)` |
| |
| 4. It ensures that the secure CPU context is used to program the next |
| exception return from EL3 by calling `cm_set_next_eret_context(SECURE)`. |
| |
| 5. `tspd_smc_handler()` returns a reference to the secure `cpu_context` as the |
| return value. |
| |
| The figure below describes how the TSP/TSPD handle a non-secure interrupt when |
| it is generated during execution in the TSP with `PSTATE.I` = 0 when the |
| `TSP_NS_INTR_ASYNC_PREEMPT` build flag is 0. |
| |
| ![Image 2](diagrams/non-sec-int-handling.png?raw=true) |
| |
| |
| #### 2.3.3 Secure payload |
| The SP should implement one or both of the synchronous and asynchronous |
| interrupt handling models depending upon the interrupt routing model it has |
| chosen (as described in 2.2.3). |
| |
| In the synchronous model, it should begin handling a Secure-EL1 interrupt after |
| receiving control from the SPD service at an entrypoint agreed upon during build |
| time or during the registration phase. Before handling the interrupt, the SP |
| should save any Secure-EL1 system register context which is needed for resuming |
| normal execution in the SP later e.g. `SPSR_EL1, `ELR_EL1`. After handling the |
| interrupt, the SP could return control back to the exception level and security |
| state where the interrupt was originally taken from. The SP should use an SMC32 |
| or SMC64 to ask the SPD service to do this. |
| |
| In the asynchronous model, the Secure Payload is responsible for handling |
| non-secure and Secure-EL1 interrupts at the IRQ and FIQ vectors in its exception |
| vector table when `PSTATE.I` and `PSTATE.F` bits are 0. As described earlier, |
| when a non-secure interrupt is generated, the SP should coordinate with the SPD |
| service to pass control back to the non-secure state in the last known exception |
| level. This will allow the non-secure interrupt to be handled in the non-secure |
| state. |
| |
| |
| ##### 2.3.3.1 Test secure payload behavior |
| The TSPD hands control of a Secure-EL1 interrupt to the TSP at the |
| `tsp_sel1_intr_entry()`. The TSP handles the interrupt while ensuring that the |
| handover agreement described in Section 2.2.2.1 is maintained. It updates some |
| statistics by calling `tsp_update_sync_sel1_intr_stats()`. It then calls |
| `tsp_common_int_handler()` which. |
| |
| 1. Checks whether the interrupt is the secure physical timer interrupt. It |
| uses the platform API `plat_ic_get_pending_interrupt_id()` to get the |
| interrupt number. If it is not the secure physical timer interrupt, then |
| that means that a higher priority interrupt has preempted it. Invoke |
| `tsp_handle_preemption()` to handover control back to EL3 by issuing |
| an SMC with `TSP_PREEMPTED` as the function identifier. |
| |
| 2. Handles the secure timer interrupt interrupt by acknowledging it using the |
| `plat_ic_acknowledge_interrupt()` platform API, calling |
| `tsp_generic_timer_handler()` to reprogram the secure physical generic |
| timer and calling the `plat_ic_end_of_interrupt()` platform API to signal |
| end of interrupt processing. |
| |
| The TSP passes control back to the TSPD by issuing an SMC64 with |
| `TSP_HANDLED_S_EL1_INTR` as the function identifier. |
| |
| The TSP handles interrupts under the asynchronous model as follows. |
| |
| 1. Secure-EL1 interrupts are handled by calling the `tsp_common_int_handler()` |
| function. The function has been described above. |
| |
| 2. Non-secure interrupts are handled by by calling the `tsp_common_int_handler()` |
| function which ends up invoking `tsp_handle_preemption()` and issuing an |
| SMC64 with `TSP_PREEMPTED` as the function identifier. Execution resumes at |
| the instruction that follows this SMC instruction when the TSPD hands |
| control to the TSP in response to an SMC with `TSP_FID_RESUME` as the |
| function identifier from the non-secure state (see section 2.3.2.4). |
| |
| |
| 3. Other considerations |
| ----------------------- |
| |
| ### 3.1 Implication of preempted SMC on Non-Secure Software |
| A `standard` SMC call to Secure payload can be preempted by a non-secure |
| interrupt and the execution can return to the non-secure world for handling |
| the interrupt (For details on `standard` SMC refer [SMC calling convention]). |
| In this case, the SMC call has not completed its execution and the execution |
| must return back to the secure payload to resume the preempted SMC call. |
| This can be achieved by issuing an SMC call which instructs to resume the |
| preempted SMC. |
| |
| A `fast` SMC cannot be preempted and hence this case will not happen for |
| a fast SMC call. |
| |
| In the Test Secure Payload implementation, `TSP_FID_RESUME` is designated |
| as the resume SMC FID. It is important to note that `TSP_FID_RESUME` is a |
| `standard` SMC which means it too can be be preempted. The typical non |
| secure software sequence for issuing a `standard` SMC would look like this, |
| assuming `P.STATE.I=0` in the non secure state : |
| |
| int rc; |
| rc = smc(TSP_STD_SMC_FID, ...); /* Issue a Standard SMC call */ |
| /* The pending non-secure interrupt is handled by the interrupt handler |
| and returns back here. */ |
| while (rc == SMC_PREEMPTED) { /* Check if the SMC call is preempted */ |
| rc = smc(TSP_FID_RESUME); /* Issue resume SMC call */ |
| } |
| |
| The `TSP_STD_SMC_FID` is any `standard` SMC function identifier and the smc() |
| function invokes a SMC call with the required arguments. The pending non-secure |
| interrupt causes an IRQ exception and the IRQ handler registered at the |
| exception vector handles the non-secure interrupt and returns. The return value |
| from the SMC call is tested for `SMC_PREEMPTED` to check whether it is |
| preempted. If it is, then the resume SMC call `TSP_FID_RESUME` is issued. The |
| return value of the SMC call is tested again to check if it is preempted. |
| This is done in a loop till the SMC call succeeds or fails. If a `standard` |
| SMC is preempted, until it is resumed using `TSP_FID_RESUME` SMC and |
| completed, the current TSPD prevents any other SMC call from re-entering |
| TSP by returning `SMC_UNK` error. |
| |
| |
| - - - - - - - - - - - - - - - - - - - - - - - - - - |
| |
| _Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved._ |
| |
| [Porting Guide]: ./porting-guide.md |
| [SMC calling convention]: http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html "SMC Calling Convention PDD (ARM DEN 0028A)" |