diff --git a/README.md b/README.md index 6888241..61f444b 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,11 @@ This is a simple example to show how to write a uVisor-secured threaded applicat Supported devices: -| Target | Toolchain | Baud rate | -|--------|-----------|-----------| -| `K64F` | `GCC_ARM` | 9600 | +| Target | Toolchain | Baud rate | +|-------------------|-----------|-----------| +| `K64F` | `GCC_ARM` | 9600 | +| `DISCO_F429ZI` | `GCC_ARM` | 9600 | +| `EFM32GG_STK3700` | `GCC_ARM` | 9600 | Latest release: [mbed-os-5.4.x](https://github.com/ARMmbed/mbed-os-example-uvisor/releases/latest). Tested with [mbed-cli v1.0.0](https://github.com/ARMmbed/mbed-cli/releases/tag/1.0.0). diff --git a/mbed-os.lib b/mbed-os.lib index 706b7ae..628d333 100644 --- a/mbed-os.lib +++ b/mbed-os.lib @@ -1 +1 @@ -https://github.com/ARMmbed/mbed-os/#fc1836545dcc2fc86f03b01292b62bf2089f67c3 +https://github.com/ARMmbed/mbed-os/#92fbf2a9b3988d430482fc25a6077f2462e2a634 diff --git a/source/led1.cpp b/source/led1.cpp index 835c2d5..38edd69 100644 --- a/source/led1.cpp +++ b/source/led1.cpp @@ -18,7 +18,7 @@ static void led1_main(const void *); * We do not need large stacks in either the main nor the interrupt thread, as * we do not do anything special in them. */ UVISOR_BOX_NAMESPACE(NULL); -UVISOR_BOX_HEAPSIZE(3 * 1024); +UVISOR_BOX_HEAPSIZE(2 * 1024); UVISOR_BOX_MAIN(led1_main, osPriorityNormal, 512); UVISOR_BOX_CONFIG(box_led1, acl, 512, box_context); @@ -39,6 +39,6 @@ static void led1_main(const void *) led1 = !led1; ++uvisor_ctx->heartbeat; alloc_fill_wait_verify_free(size, seed, 211); - specific_alloc_fill_wait_verify_free(alloc, 5 * kB, seed, 107); + specific_alloc_fill_wait_verify_free(alloc, 1 * kB, seed, 107); } } diff --git a/source/led2.cpp b/source/led2.cpp index 123d645..c79c18a 100644 --- a/source/led2.cpp +++ b/source/led2.cpp @@ -18,7 +18,7 @@ static void led2_main(const void *); * We do not need large stacks in either the main nor the interrupt thread, as * we do not do anything special in them. */ UVISOR_BOX_NAMESPACE(NULL); -UVISOR_BOX_HEAPSIZE(3 * 1024); +UVISOR_BOX_HEAPSIZE(2 * 1024); UVISOR_BOX_MAIN(led2_main, osPriorityNormal, 512); UVISOR_BOX_CONFIG(box_led2, acl, 512, box_context); @@ -38,13 +38,13 @@ static void led2_main(const void *) * page heap! */ /* Allocate one page. */ - alloc = secure_allocator_create_with_pages(4 * kB, 1 * kB); + alloc = secure_allocator_create_with_pages(2 * kB, 1 * kB); /* Allocate another page. */ - SecureAllocator alloc2 = secure_allocator_create_with_pages(4 * kB, 1 * kB); + SecureAllocator alloc2 = secure_allocator_create_with_pages(8 * kB, 1 * kB); /* Deallocate alloc1 page, creating a hole. */ secure_allocator_destroy(alloc); /* Allocate two pages. */ - alloc = secure_allocator_create_with_pages(uvisor_get_page_size() + 3 * kB, 6 * kB); + alloc = secure_allocator_create_with_pages(4 * kB, 1 * kB); /* Deallocate alloc2 page, creating another hole. */ secure_allocator_destroy(alloc2); @@ -57,9 +57,9 @@ static void led2_main(const void *) alloc_fill_wait_verify_free(size, seed, 311); /* Allocate in first page */ - specific_alloc_fill_wait_verify_free(alloc, 6 * kB, seed, 0); + specific_alloc_fill_wait_verify_free(alloc, 1 * kB, seed, 0); /* Allocate in second page */ - specific_alloc_fill_wait_verify_free(alloc, 6 * kB, seed, 101); + specific_alloc_fill_wait_verify_free(alloc, 1 * kB, seed, 101); } } diff --git a/source/led3.cpp b/source/led3.cpp index 01e41dd..77a61b2 100644 --- a/source/led3.cpp +++ b/source/led3.cpp @@ -18,7 +18,7 @@ static void led3_main(const void *); * We need at least 1kB in the main thread as we use printf in it. The interrupt * stack size can be smaller as we do not do anything special in them. */ UVISOR_BOX_NAMESPACE(NULL); -UVISOR_BOX_HEAPSIZE(3 * 1024); +UVISOR_BOX_HEAPSIZE(2 * 1024); UVISOR_BOX_MAIN(led3_main, osPriorityNormal, 1024); UVISOR_BOX_CONFIG(box_led3, acl, 512, box_context); @@ -59,13 +59,6 @@ static void led3_main(const void *) uvisor_error(USER_NOT_ALLOWED); } - Thread thread2(osPriorityNormal, 512, NULL); - status = thread2.start(run_3); - if (status != osOK) { - printf("Could not start box_led3 thread2.\r\n"); - uvisor_error(USER_NOT_ALLOWED); - } - /* Create page-backed allocator. */ const uint32_t kB = 1024; SecureAllocator alloc = secure_allocator_create_with_pages(4 * kB, 1 * kB); diff --git a/source/main-hw.h b/source/main-hw.h index 02ae91b..1ba4764 100644 --- a/source/main-hw.h +++ b/source/main-hw.h @@ -45,13 +45,13 @@ {SPI0, sizeof(*SPI0), UVISOR_TACLDEF_PERIPH}, \ } -#elif defined (TARGET_EFM32GG_STK3700) +#elif defined(TARGET_EFM32GG_STK3700) #define MAIN_LED LED1 #define SECURE_LED LED2 #define LED_ON true #define LED_OFF false -#define SECURE_SWITCH SW2 +#define SECURE_SWITCH SW0 #define SECURE_SWITCH_PULL PullUp #define MAIN_ACL(acl_list_name) \ @@ -65,6 +65,36 @@ {(void *) 0x42000000, 0x2000000, UVISOR_TACLDEF_PERIPH}, \ } +#elif defined(TARGET_DISCO_F429ZI) + +#define MAIN_LED LED1 +#define SECURE_LED LED2 +#define LED_ON true +#define LED_OFF false +#define SECURE_SWITCH USER_BUTTON +#define SECURE_SWITCH_PULL PullDown + +#define MAIN_ACL(acl_list_name) \ + static const UvisorBoxAclItem acl_list_name[] = { \ + {GPIOA, sizeof(*GPIOA), UVISOR_TACLDEF_PERIPH}, \ + {GPIOB, sizeof(*GPIOB), UVISOR_TACLDEF_PERIPH}, \ + {GPIOC, sizeof(*GPIOC), UVISOR_TACLDEF_PERIPH}, \ + {GPIOD, sizeof(*GPIOD), UVISOR_TACLDEF_PERIPH}, \ + {GPIOE, sizeof(*GPIOE), UVISOR_TACLDEF_PERIPH}, \ + {RTC, sizeof(*RTC), UVISOR_TACLDEF_PERIPH}, \ + {TIM5, sizeof(*TIM5), UVISOR_TACLDEF_PERIPH}, \ + {USART1, sizeof(*USART1), UVISOR_TACLDEF_PERIPH}, \ + {I2C1, sizeof(*I2C1), UVISOR_TACLDEF_PERIPH}, \ + {SPI1, sizeof(*SPI1), UVISOR_TACLDEF_PERIPH}, \ + {RCC, sizeof(*RCC), UVISOR_TACLDEF_PERIPH}, \ + {FLASH, sizeof(*FLASH), UVISOR_TACLDEF_PERIPH}, \ + {PWR, sizeof(*PWR), UVISOR_TACLDEF_PERIPH}, \ + {EXTI, sizeof(*EXTI), UVISOR_TACLDEF_PERIPH}, \ + {GPIOG, sizeof(*GPIOG), UVISOR_TACLDEF_PERIPH}, \ + {SYSCFG, sizeof(*SYSCFG), UVISOR_TACLDEF_PERIPH}, \ + {(void *) 0x42000000, 0x01000000, UVISOR_TACLDEF_PERIPH}, \ + } + #else /* Target-specific settings */ #error "Unsupported target. Checkout the README.md file for the list of supported targets for this app." diff --git a/source/main.cpp b/source/main.cpp index 2fd2feb..05b1e7e 100644 --- a/source/main.cpp +++ b/source/main.cpp @@ -25,7 +25,13 @@ MAIN_ACL(g_main_acl); /* Enable uVisor. */ UVISOR_SET_MODE_ACL(UVISOR_ENABLED, g_main_acl); -UVISOR_SET_PAGE_HEAP(8 * 1024, 5); +UVISOR_SET_PAGE_HEAP(2 * 1024, 8); + +/* Targets with an ARMv7-M MPU needs this space adjustment to prevent a runtime + * memory overflow error. The code below has been output directly by uVisor. */ +#if defined(TARGET_EFM32GG_STK3700) || defined(TARGET_DISCO_F429ZI) +uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) __boxes_overhead[32640]; +#endif static void main_alloc(void) { @@ -35,7 +41,7 @@ static void main_alloc(void) while (1) { alloc_fill_wait_verify_free(50, seed, 577); - specific_alloc_fill_wait_verify_free(alloc, 5 * kB, seed, 97); + specific_alloc_fill_wait_verify_free(alloc, 1 * kB, seed, 97); seed++; } } diff --git a/test/filters.json b/test/filters.json index 055b5c0..9c5cf04 100644 --- a/test/filters.json +++ b/test/filters.json @@ -1,6 +1,6 @@ { "blacklist" : [ { - "platforms" : ["DISCO_F429ZI"] + "platforms" : [] } ] }