arch: arc: let zephyr run in normal mode of arc

[vonhust]

This PR is initial implementation of some kind of TEE support for ARC.

As the TEE design/framework in zephyr matures, more work will be needed.

It includes necessary commits to let zephyr run in normal mode of
arc processors equipped with SecureShield.

In this PR, zephyr can be built into:

1. imgage for secure mode (CONFIG_ARC_SECURE_FIRMWARE <- TRUSTED_EXECUTION_SECURE)
   • full access to system resource
   • full zephyr features are supported, USERSPACE, stack protection
2. image for normal mode (CONFIG_ARC_NORMAL_FIRMWARE)

• no mpu support in normal mode, i.e., no USERSPACE
• to run this normal image, it requires a secure bootloader or secure zephyr application to
  boot, as when processor is reset, it's secure mode.

To show how normal zephyr application works with secure zephyr applicaiton, an example is provided in samples/boards/arc_secure_services, more details, pls go to the README.rst of this example.

[ruuddw]

I think it's actually ok to read ERSEC_STAT from Normal mode as well - fields without access will be 0 (IOW/RAZ)

[vonhust]

read is ok, but no write. It will make codes simpler

[ruuddw]

I assume this is a temporary, minimal initialization for Secure Mode when Zephyr runs in Normal mode. To be replaced later with a Secure firmware that can be extended to provide more functions as well.

[vonhust]

It's removed in latest codes

[ruuddw]

maybe add comment that these are initialized in Secure mode initialization code instead.

[vonhust]

done

[ruuddw]

See earlier remark on ERSEC_STAT, I think it's ok to access from Normal mode as well.

[ruuddw]

Is reading the current contents best way to initialize the SEC_STAT in the initial context? Can't it be some constant value?

[vonhust]

It could be a constan value. I will consider to change it later.

[ruuddw]

Assume this is for the temporary secure initialization code, it's not really 'logical' to declare secure stuff in a 'NORMAL_FIRMWARE' conditional section. (maybe add a 'TODO' note)

[ruuddw]

not sure we cover all combination of options, looks like HAS_SECURE implies we also have USERSPACE - no support for Secure but no userspace?

[vonhust]

if no userspace, no need to save and restore USER/KERNEL_SP realted aux regs.

[ruuddw]

Missing case for HAS_SECURE and NORMAL_FIRMWARE?

[vonhust]

fixed

[ruuddw]

not sure an sjli call would be required here, this setup is only done once and could be done by Secure firmware before switching to Normal Zephyr.

[ruuddw]

copy/paste typo: this should be nsim_sem_normal

[ruuddw]

maybe suspend/resume functionality should have different overall implementation, Secure firmware should probably also support suspend/resume for this to work.

[ruuddw]

All interrupts either Secure or Normal is probably too strong, some should be allocated to Secure and some to Normal depending on application. For now ok, but add a note (or issue) to support configuration/allocation of interrupts to Secure or Normal.

[vonhust]

It requires a mechinism to tell which interrupts are secure, which are normal

[nashif]

@vonhust @ruuddw can you please rebase and drive to closure? thanks.

[nashif]

@ruuddw are you ok with this?

[ruuddw]

@nashif still work in progress, I've marked it DNM for now.

[nashif]

@nashif still work in progress, I've marked it DNM for now.

ok

[zephyrbot]

All checks are passing now.

Review history of this comment for details about previous failed status.
Note that some checks might have not completed yet.

[dbkinder]

Ping me when there's documentation to review...

[vonhust]

pls review the documentation.

[dbkinder]

Unless we're referring to the repo name, use an upper case Z on Zephyr.

[vonhust]

Fixed

[dbkinder]

let's change this to:

... runs together with a normal Zephyr application.

[vonhust]

Fixed

[dbkinder]

Start the sentence with an upper-case letter, The secure application ...

[vonhust]

fixed

[dbkinder]

Capitalize acronyms: RAM, ROM

[vonhust]

fixed

[dbkinder]

Change to:

* Memory not allocated to the secure application is allocated to
  the normal application.

[vonhust]

fixed

[dbkinder]

Change this to:

Run using the bootloader
   The bootloader should load the secure and normal application into the correct place,
   then jump to the entry of the secure application.

Run using the debugger (recommended)
   Use the gdb debugger to load and run the two applications.

[vonhust]

Fixed

[dbkinder]

delete please

[vonhust]

Fixed

[dbkinder]

Change to:

For nsim sem, you need two consoles: one for
application output, and one for the debugger.

[vonhust]

Fixed

[dbkinder]

do you need to specify the path of the secure application, or is that on line 120?

[vonhust]

means any zephyr image built in line 73, i will make it more clarified

[ruuddw]

There's remaining work to do, but this is a good start for people that want to experiment with this on ARC.
Let's get it into v2.0.

[ioannisg]

There's remaining work to do, but this is a good start for people that want to experiment with this on ARC.
Let's get it into v2.0.

@vonhust have you addressed the latest feedback by @dbkinder ?

[dbkinder]

I see you mention my comments were "fixed", but I don't see the changes actually pushed.

[vonhust]

, but I don't see the changes actually pushed.

I made a force push, could you check that again?

[ioannisg]

Seems to me the fixes were pushed (but might be missing something @dkinder).

[vonhust]

better to merge after PR #18079 and #18142

[ioannisg]

better to merge after PR #18079 and #18142

@vonhust please resolve the conflicts, after merging the above PRs.
Note that the review needs to conclude today, if this is to get to 2.0 release.

[vonhust]

better to merge after PR #18079 and #18142

@vonhust please resolve the conflicts, after merging the above PRs.
Note that the review needs to conclude today, if this is to get to 2.0 release.

confilct fixed, ok to merge

[ioannisg]

better to merge after PR #18079 and #18142

@vonhust please resolve the conflicts, after merging the above PRs.
Note that the review needs to conclude today, if this is to get to 2.0 release.

confilct fixed, ok to merge

There is still a request-for-changes by @dbkinder.
@vonhust can this PR go into 2.0.0 regardless of what happens with #17767?

all feedbacks are addressed, neeto merge for zephyr 2.0

[vonhust]

better to merge after PR #18079 and #18142

@vonhust please resolve the conflicts, after merging the above PRs.
Note that the review needs to conclude today, if this is to get to 2.0 release.

confilct fixed, ok to merge

There is still a request-for-changes by @dbkinder.
@vonhust can this PR go into 2.0.0 regardless of what happens with #17767?

There is no relation between this PR and #17767. I just dismissed dbkinder's request as i addressed his feedbacks. Let's go for merge

[ioannisg]

better to merge after PR #18079 and #18142

@vonhust please resolve the conflicts, after merging the above PRs.
Note that the review needs to conclude today, if this is to get to 2.0 release.

confilct fixed, ok to merge

There is still a request-for-changes by @dbkinder.
@vonhust can this PR go into 2.0.0 regardless of what happens with #17767?

There is no relation between this PR and #17767. I just dismissed dbkinder's request as i addressed his feedbacks. Let's go for merge

Yes. @dbkinder if there are still imperfections in documentation, we can definitely address them during the stabilization period.