首页 > 其他分享 >SMC

SMC

时间:2024-03-21 09:33:07浏览次数:23  
标签:32 value call SMC ID must

SMC

In the ARM architecture, synchronous control is transferred between the normal Non-secure state to Secure state through System Monitor Call(SMC) exceptions.
SMC exceptions are genrated by SMC instructions and handled by the Secure Monitor.

SMC Calling Conventions

2 types of calls are defined:

  1. Fast Calls to execute secure operations
  2. Standard Calls to start pre-emptible secure operations

2 calling conventions are defined:

  1. SMC32: can be used by 32bit/64bit client code, passes up to 6 32-bit arguments
  2. SMC64: can only be used by 64bit client code, passes up to 6 64-bit arguments

SMC Function Identifier

SMC Function Identifier(32bits, passed into every SMC call in register R0/W0) defines:

  1. The call type in use
  2. The calling convention in use (SMC32/SMC64)
  3. The secure function to be invoked

Table-1 Bit Usage of SMC Function Identifier

Bit Number Description
31 0: Standard Call (pre-emptible)
1: Fast Call (atomic)
30 0: SMC32 calling convention
1: SMC64 calling convention
29-24 0: ARM architecture calls
1: CPU service calls
2: SIP service calls
3: OEM service calls
4: Standard service calls
5-47: Reserved for future use
48-49: Trusted Application calls
50-63: Trusted OS calls
23-16 Must be zero for all Fast calls(when bit31 is 1)
15-0 Function number within the range call type defined by bits 29-24

SMC32 argument passing

When SMC32 convention is used, SMC instructions take up to 7 32-bit arguments in registers and can return up to 4 32-bit values in registers.

When SMC32 call is made from AArch32:

  • arguments are passed in registers R0-R6
  • Results are return in R0-R3
  • Registers R4-R14 are callee-saved and must be preserved over the SMC call

When SMC32 call is made from AArch64:

  • arguments are passed in registers W0-W6
  • Results are return in W0-W3
  • Registers X18-X30 and stack pointers SP_EL0, SP_ELx are callee-saved and must be preserved over the SMC call

When SMC64 call is made from AArch64:

  • arguments are passed in registers X0-X6
  • Results are return in X0-X3
  • Registers X18-X30 and stack pointers SP_EL0, SP_ELx are callee-saved and must be preserved over the SMC call

SMC immediate value

It's time consuming for 32-bit Secure Monitor code to access the immediate value???. Consequently

  • An SMC immediate value of Zero must be used.
  • All other SMC immediate value are reserved.

Hypervisor Client ID

If an implementation includes a hypervisor or similar supervisory software executing at EL2 then it may be necessary to identify which client operating system the SMC call originated from.

  • A 32-bit hypervisor client ID parameter is defined for SMC calls.
  • In AArch32, the hypervisor client ID is passed in the R7 register.
  • In AArch64, the hypervisor client ID is passed in the W7 register.
  • 0x00000000 is designated for SMC calls from hypervisor itself.
    All SMC calls generated by software executing at EL1 should be trapped by the hypervisor. Identification information should be inserted into R7/W7 before forwarding any SMC call on to the Secure Monitor.
    (Hypervisor Client ID is created within the hypervisor and used to register, reference and de-register client operating systems to a Trusted OS, not corresponding to VMIDs used by the MMU)

(Optional) Trusted OS Session ID

To support multiple sessions within the Trusted OS, it may be necessary to identify multiple instances of the same SMC call.

  • An optional 32-bit Session ID is defined for SMC calls.
  • In AArch32, the Session ID is passed in the R6 register.
  • In AArch64, the Session ID is passed in the W6 register.
    It's expected that the session ID is provided by the Trusted OS, and is used by its clients in subsequent calls.

Tips

  • The working size of the register is identified by its name:
    • Xn All 64-bits used.
    • Wn Lower 32-bits used, upper 32-bits are Zero.

SMC Standard Results

Unknown SMC Function Identifier

The Unknown SMC Function Identifier is 0xFFFFFFFF returned in R0, same for SMC32 and SMC64 calls.
An implementation must return this value when it receives an:

  • SMC call with an unkonwn funciton identifier
  • SMC call for a removed funciton identifier
  • SMC64 call from AArch32 state.

Unique Identification(UID) format

This value identifies the owner of a particular sub-range of the API, and therefore who controls the actions of SMCs in that sub-range. (Folliwng UUID standard, 16-byte string)

UIDs are returned as a single 128-bit value using SMC32 calling convention, in R0-R3(AArch32)/W0-W3(AArch64) registers.(Byte15 is the highest-order byte and stored in R3/W3).

Note: UID's with the first 32 bits set to 0xFFFFFFFF(the value in R0/W0) shall be avoided as they are indistinguishable from Unknown SMC Function ID.

Revision information format

The revision information for a sub-range is defined by a 32-bit major version and a 32-bit minor version. Different major revision values indicate possibly incompatible SMC APIs, for the affected SMC range.
For two revisions, A and B, for which the major revision values are identical, if the minor revision value of revision B is greater than the minor revision value of revision A, then every SMC in the affected range that works in revision A must also work, with a compatible effect, in revision B.
When returned by a call, the major version is returned in R0 or W0 and the minor version is returned in R1 or W1. Such an SMC must use the SMC32 calling convention.
The rules for interface updates are:

  • An SMC function identifier once issued must never be re-used.
  • Additional SMC calls must take a new unused SMC identifier.
  • Calls to removed SMC identifiers must return the Unknown SMC Function Identifier value.
  • Incompatible argument changes cannot be made to an existing SMC call, a new call is required.
  • Major revision number must be incremented when:
    • Any SMC call is removed.
  • Minor revision number must be incremented when:
    • Any SMC call is added.
    • Backwards compatible changes are made to existing function arguments

标签:32,value,call,SMC,ID,must
From: https://www.cnblogs.com/hoedigger/p/18084987

相关文章

  • 基于实体抽取-SMC-语义向量的大模型能力评估通用算法(附代码)
    大模型相关目录大模型,包括部署微调prompt/Agent应用开发、知识库增强、数据库增强、知识图谱增强、自然语言处理、多模态等大模型应用开发内容从0起步,扬帆起航。大模型应用向开发路径及一点个人思考大模型应用开发实用开源项目汇总大模型问答项目问答性能评估方法大模型......
  • PaperPlagiarismChecker
    这个作业属于哪个课程https://edu.cnblogs.com/campus/gdgy/SoftwareEngineering2024这个作业要求在哪里https://edu.cnblogs.com/campus/gdgy/SoftwareEngineering2024/homework/13136这个作业的目标1.学习GitHub创建文件2.学习psp表格规划时间3.开发一个论文查......
  • 易基因:ChIP-seq等揭示FoxO1增加SMC4转录和METTL14介导m6A修饰以促进卵巢癌发展 | 肿瘤
    大家好,这里是专注表观组学十余年,领跑多组学科研服务的易基因。卵巢癌(Ovariancancer,OC)是影响女性生殖系统的三种常见恶性肿瘤之一。转录因子Forkheadbox蛋白O1(FoxO1),又称forkhead横纹肌肉瘤(rhabdomyosarcoma)转录因子,属于ForkheadboxO(FoxO)转录因子家族,处于肿瘤分子调控网络的中......
  • NewStarCTF 2023 WEEK2|REVERSE SMC 使用IDApython静态解决SMC
    先来一篇IDApyhotn的指令教程https://www.cnblogs.com/zydt10/p/17676018.html*自己编的这题对应的expa=[0x11,0x22,0x33,0x44]foriinrange(38):result=a[i&3]ida_bytes.patch_byte(0x403040+i,get_wide_byte(0x403040+i)^result)在IDA中运行完exp之后,......
  • STM32CubeMX教程23 FSMC - IS62WV51216(SRAM)驱动
    1、准备材料开发板(正点原子stm32f407探索者开发板V2.4)STM32CubeMX软件(Version6.10.0)野火DAP仿真器keilµVision5IDE(MDK-Arm)ST-LINK/V2驱动XCOMV2.6串口助手2、实验目标使用STM32CubeMX软件配置STM32F407开发板的FSMC实现以轮询或DMA的方式读写IS62WV51216(SRAM)芯片3、......
  • STM32CubeMX教程22 FSMC - 8080并行接口TFT-LCD驱动
    1、准备材料开发板(正点原子stm32f407探索者开发板V2.4)STM32CubeMX软件(Version6.10.0)野火DAP仿真器keilµVision5IDE(MDK-Arm)ST-LINK/V2驱动XCOMV2.6串口助手2、实验目标使用STM32CubeMX软件配置STM32F407开发板FSMC接口驱动8080并行接口TFT-LCD显示,具体为使用FSMCBank......
  • SS32肖特基二极管 20V 3A 封装齐全SMA/SMB/SMC
    肖特基二极管SS310参数怎么看?SS315肖特基二极管是贴片还是直插的,有哪些封装形式?SS35二极管可以用什么型号替代?SS320可以代替它吗?要求SMC封装!……SS32~SS320肖特基二极管特性上文中提及的SS310、SS315、SS35二极管属于SS32~SS320肖特基二极管系列。二极管厂家东沃电子推出的贴片肖特......
  • ARM64技术 —— 系统调用指令SVC、HVC和SMC的使用规则
    来源:learn_the_architecture_-_aarch64_exception_model_102412_0103_01_en.pdf即:EL0不能调用SMC或者HVC这个从HVC和SMC指令的伪码中可以看到:HVCSMC......
  • 【父子进程/AES/XTEA/SMC】赛后复盘
    官方wp:进程重影技术:进程重映像利用了Windows内核中的缓存同步问题,它会导致可执行文件的路径与从该可执行文件创建的映像节区所报告的路径不匹配。通过在一个诱饵路径上加载DLL,然后卸载它,然后从一个新路径加载它,许多WindowsAPI将返回旧路径。这可能可以欺骗安全产品,使其在错误......
  • 客户案例:SMC2威胁感知升级,保障金融行业邮件安全
    客户背景某基金公司是一家在业界享有广泛声誉的综合型资产管理公司,总部位于广州,在北京、上海、香港等地区均设有公司,业务范围遍布全球,凭借其卓越的投资业绩和专业的基金管理服务,赢得了广大投资者的高度认可。该基金公司不仅在专业领域表现出不俗的实力,同时对邮件安全领域也给予了高......