1

I want to be sure if I understand the process describe non-secure high level os sending smc command. According to Arm user manual and many blogs and articles, I think this is the following scenario:

  1. EL0(non-secure) to EL1(non-secure) - svc
  2. EL1(non-secure) to EL2(hypervisovr - non-secure) - smc/hvc
  3. EL2(hypervisovr - non-secure) to EL3(monitor - non-secure) - smc note: here EL3(non-secure) change to EL3(secure)
  4. EL3(monitor - secure) to EL1(secure) - ???
  5. EL1(secure) to EL3(monitor - secure) - smc note: here EL3(secure) change to EL3(monitor - non-secure)
  6. EL3(monitor - non-secure) to EL2(hypervisovr - non-secure) - eret
  7. EL2(hypervisovr - non-secure) to EL1(non-secure) - eret
  8. EL1(non-secure) to EL0(non-secure) - ret Can anyone fill in the blanks and correct me ? Thank,
sivandahan
  • 71
  • 5

1 Answers1

0

secure monitor uses eret to call into s-el1 from el3

read conduit section of Arm Firmware Framework for Arm A-profile

maysam
  • 509
  • 10
  • 23