Determining Current Arm Cortex-M Security State with GDB
4 months ago
- #TrustZone
- #Debugging
- #Armv8-M
- Armv8-M microcontrollers often include the Cortex-M Security Extension (CMSE), known as TrustZone.
- CMSE divides memory into Secure and Non-Secure regions, with the processor state changing based on the executing region.
- The stack pointer (SP) can match either the Main Stack Pointer (MSP) or Process Stack Pointer (PSP), depending on the operating mode and CONTROL.SPSEL field.
- With CMSE, there are Secure (*_S) and Non-Secure (*_NS) variants of registers like MSP and PSP.
- The current security state can be determined by checking which stack pointer variant the SP matches.
- GDB commands can be used to inspect SP, PSP_NS, MSP_NS, PSP_S, and MSP_S to quickly determine the security state.
- Example GDB output shows SP matching MSP_S in Secure state and PSP_NS in Non-Secure state.
- The CONTROL.SPSEL field can be checked to determine if the PSP is active in Thread mode.