Need help in a specific SMC call


I want to map normal world memory into secure world. I saw a SMC call in trusty source code (Link). “SMC_FC_REGISTER_NS_DRAM_RANGES” which i think does what i need. But there is no documentation explaining how to use it.

If anyone can help me understand how to use this or provide any documentation, it will be a huge help.


hello beckrakesh,

you might check documentation, please refer to Trusty, a Trusted Execution Environment in the security chapter for some details.

I already checked the link you mention. I also looked into arm trusted firmware documentation.

Interesting thing is this SMC call is not available in google trusty source code.

So i thought since Nvidia provides support for trusty, they have added this support.

@JerryChang can you tag anyone from Nvidia who has worked on trusty support for jetson tx2?

hello beckrakesh,

there’s information to indicate the ARM documentation for reference.
for example,

/* Reference:
 * version: 0.9.0

please access for ARM’s technical documentation.

hi JerryChang,

I have read SMC CALLING CONVENTION. But this is not my question.

Kindly read first what is being asked. If you don’t know, or Nvidia don’t like to share, just say it upfront.

please describe more details, what’s your use-case.

This is for academic purpose.
Our goal is to observe and study if any loadable module are trying to modify kernel data structures. If yes, then can we detect it.
For this purpose, I want to map normal world memory into secure world for introspection.

hello beckrakesh,

you may also dig into below function for secure monitor fast calls for checking platform registers.

long platform_register_ns_dram_ranges(paddr_t ns_base, uint64_t ns_size){...}

you may needs to do the experiment by yourself, please takes care of cache coherency between secure and NS world.
please note that, if you don’t take care of that, the data could be corrupted in DRAM.

Here is where i have questions.
According to documentation Link, section 3.4 page 13, Physical address space for NW and SW are different so physical address (say 0x8000) will denote to different locations in both the world.

Then what ns_base address should be passed here?
Even if i send physical address from NW, how will SW know its normal world memory?

any updates?

hello beckrakesh,

it looks you don’t need SMC calls to register a new NS DRAM range, there’s CBoot will invoke the SMC call and register all the kernel memory space into Trusty.
it passes NS DRAM ranges to TOS so that TOS can use it for validating NS addresses; the mapping is rejected if memory location outside NS DRAM range.

you should have some experiments as below.

  1. get the physical address from NS world (something like dma_alloc)
  2. pass it to Trusty
  3. validate and map the memory in Trusty, you may refer to couple of functions as below.
    for example,
static bool valid_address(vaddr_t addr, size_t size){...}
int32_t ioctl_map_eks_to_user(ioctl_map_eks_params p){...}
  1. read the NS memory in Trusty

Wait, I am a bit confused!

These two function are completely for secure world operation. What i am mean is these functions help in transferring data to userspace from kernel space in secure world. (from trusted os to trusted application)
is this correct?

What i am assuming is, by default SW os does not have any need to look into NW memory. So mapping of NW is not present in SW. Is this fair assumption to make for Trusty?

CBoot or TegraBoot should load kernel memory space into trusty?
I haven’t looked into CBoot yet. I will read the document.
Thanks for providing directions where to look.

Hi @JerryChang

I was not able to find CBoot documentation.
Closest thing i found was Link

Can you provide reference manual type document for CBoot?

besides bootloader related documentation, you should access Cboot sources from download center for more details.