samples: add sample to show how ARC TEE works

* this is a simple sample to show how
 secure applicaiton and non-secure application work
 together. More details are in README.rst

Signed-off-by: Wayne Ren <[email protected]>

Author: Wayne Ren

samples/boards/arc_secure_services/CMakeLists.txt

@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: Apache-2.0
+
+cmake_minimum_required(VERSION 3.8.2)
+
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(arc_secure_services)
+
+target_sources(app PRIVATE src/main.c)

samples/boards/arc_secure_services/README.rst

@@ -0,0 +1,126 @@
+.. _arc_secure_service:
+
+ARC Secure Service
+##################
+
+Overview
+********
+
+This sample implements a simple secure service based on ARC SecureShield to
+demonstrate how a secure zephyr application runs together with a normal
+Zephyr application.
+
+In this sample:
+
+* Secure application will be in the secure memory space defined in
+  ``arc_mpu_regions.c``. Half of RAM and ROM is allocated to secure world,
+  the other half is allocated to normal world.
+
+* Memory not allocated to the secure application is allocated to
+  the normal application.
+
+* By default, all the peripheral space is normal mode accessible, i.e.,
+  the peripherals are shared between normal mode and secure mode. If some
+  peripherals are required by secure world, it can be done by adding static
+  mpu entry in ``arc_mpu_regions.c``.
+
+* The interrupts of two internal timers are configure as normal interrupts,
+  so the normal zephyr's kernel tick can work correctly.
+
+* Secure interrupts priority > secure threads priority > normal interrupts
+  priority > normal threads priority.
+
+
+Requirements
+************
+
+To use this sample, ARC processor should be equipped with ARC SecureShield. In
+Zephyr, the following board configurations are supported:
+
+* em_starterkit_em7d
+  * secure application: em_starterkit_em7d_secure
+  * normal application: em_starterkit_em7d_normal
+* nsim_sem
+  * secure application: nsim_sem
+  * normal application: nsim_sem_normal
+
+Building and Running
+********************
+
+Building
+========
+
+Secure application
+^^^^^^^^^^^^^^^^^^
+
+First, you should build the secure application.
+
+.. zephyr-app-commands::
+   :zephyr-app: samples/boards/arc_secure_services
+   :board: em_starterkit_em7d_secure nsim_sem
+   :goals: build
+   :compact:
+
+Normal application
+^^^^^^^^^^^^^^^^^^
+
+Currently, in normal application, MPU is not accessible, so no user space and
+mpu-based stack checking.
+
+Here,take :ref:'dining-philosophers-sample' as an example for normal
+application.
+
+.. zephyr-app-commands::
+   :zephyr-app: samples/philosophers
+   :board: em_starterkit_em7d_normal nsim_sem_normal
+   :goals: build
+   :compact:
+
+Running
+=======
+
+* Run using the bootloader
+
+The bootloader should load the secure and normal application into the correct place,
+then jump to the entry of the secure application. The entry of normal application
+is hardcoded in secure application. Secure application will boot normal application.
+
+* Run using the debugger (recommended)
+
+Use the gdb debugger to load and run the two applications.
+
+For em starter kit, run the following commands
+
+.. code-block:: console
+
+    # load secure application first
+    $ cd samples/boards/arc_secure_services/build
+    $ west debug
+    # load normal application
+    $ monitor load_image ../../../philosophers/build/zepher/zephyr.elf
+    $ c
+
+For nsim sem, you need two consoles: one for application output, and one for
+debugger.
+
+In the console for output:
+
+.. code-block:: console
+
+    # open debug server
+    $ cd samples/boards/arc_secure_services/build
+    $ west debugserver
+
+In the console for debugger:
+
+.. code-block:: console
+
+    # open debug server
+    $ cd samples/boards/arc_secure_services/build
+    $ arc-elf32-gdb zephyr/zephyr.elf
+    $ target remote :3333
+    # load normal application
+    $ load ../../../philosophers/build/zepher/zephyr.elf
+    # load secure application
+    $ load
+    $ c

samples/boards/arc_secure_services/prj.conf

@@ -0,0 +1,8 @@
+sample:
+  description: Sample application to verify the secure monitor for
+     Designware ARC SecureShiled.
+  name: Designware ARC Secure monitor
+tests:
+  test:
+    platform_whitelist: nsim_sem em_starterkit_em7d_secure
+    tags: secure

samples/boards/arc_secure_services/sample.yaml

@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2018 Synopsys.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr.h>
+#include <misc/printk.h>
+#include <soc.h>
+
+#if defined(CONFIG_SOC_NSIM_SEM)
+#define NORMAL_FIRMWARE_ENTRY 0x40000
+#elif defined(CONFIG_SOC_EMSK)
+#define NORMAL_FIRMWARE_ENTRY 0x20000
+#endif
+
+
+#define STACKSIZE 1024
+#define PRIORITY 7
+#define SLEEPTIME 1000
+
+
+void threadA(void *dummy1, void *dummy2, void *dummy3)
+{
+	ARG_UNUSED(dummy1);
+	ARG_UNUSED(dummy2);
+	ARG_UNUSED(dummy3);
+
+
+	printk("Go to normal application\n");
+
+	arc_go_to_normal(*((u32_t *)(NORMAL_FIRMWARE_ENTRY)));
+
+	printk("should not come here\n");
+
+}
+
+K_THREAD_DEFINE(thread_a, STACKSIZE, threadA, NULL, NULL, NULL,
+		PRIORITY, 0, K_NO_WAIT);
+
+
+void main(void)
+{
+	/* necessary configuration before go to normal */
+	s32_t i = 0;
+
+	/* allocate timer 0 and timer1 to normal mode */
+	z_arc_v2_irq_uinit_secure_set(IRQ_TIMER0, 0);
+	z_arc_v2_irq_uinit_secure_set(IRQ_TIMER1, 0);
+
+	/* disable the secure interrupts for debug purpose*/
+	/* _arc_v2_irq_unit_int_disable(IRQ_S_TIMER0); */
+
+	while (1) {
+		printk("I am the %s thread in secure world: %d\n",
+				 __func__, i++);
+		k_sleep(SLEEPTIME);
+	}
+}