15.1.2.21 secure
This attribute directs the compiler to allocate a function in the
secure
segment of program Flash.
For example, to declare a protected function:
void __attribute__((secure)) func();
An optional argument can be used to specify a protected access entry
point within the secure
segment. The argument may be a literal integer
in the range 0 to 31 (except 16), or the word unused
. Integer arguments
correspond to 32 instruction slots in the segment access area, which occupies the lowest
address range of each secure segment. The value 16 is excluded because access entry 16
is reserved for the secure segment interrupt vector. The value unused
is used to specify a function for all of the unused slots in the access area.
Access entry points facilitate the creation of application segments from different vendors that are combined at run time. They can be specified for external functions as well as locally defined functions. For example:
/* an external function that we wish to call */
extern void __attribute__((boot(3))) boot_service3();
/* local function callable from other segments */
void __attribute__((secure(4))) secure_service4()
{
boot_service3();
}
boot
or secure
attribute, memory for the boot
and/or secure segment must be reserved. This can be accomplished by setting
configuration words in source code, or by specifying linker command options. For more
information, see Chapter 8.8, “Options that Specify CodeGuard Security Features,” in the
linker manual (DS51317).
If attributes boot or secure are used, and memory is not
reserved, then a link error will result.To specify a secure interrupt handler, use the secure
attribute in combination with the interrupt
attribute:
void __attribute__((secure,interrupt))
secure_interrupts();
When an access entry point is specified for an external secure function, that function need not be included in the project for a successful link. All references to that function will be resolved to a fixed location in Flash, depending on the security model selected at link time.
When an access entry point is specified for a locally defined function, the linker will insert a branch instruction into the secure segment access area. The exception is for access entry 16, which is represented as a vector (i.e, an instruction address) rather than an instruction. The actual function definition will be located beyond the access area; therefore the access area will contain a jump table through which control can be transferred from another security segment to functions with defined entry points.
Automatic variables are owned by the enclosing function and do not need
the secure
attribute. They may be assigned initial values, as
shown:
void __attribute__((secure)) chuck_cookies()
{
int hurl;
int them = 55;
char *where = "far";
splat(where);
/* ... */
}
Note that the initial value of where
is based on a
string literal which is allocated in the PSV constant section
.secure_const
. The compiler will set PSVPAG to the correct value
upon entrance to the function. If necessary, the compiler will also restore PSVPAG after
the call to splat()
.
The secure
attribute may be combined with the auto_psv
or no_auto_psv
attribute. For details, see the section
auto_psv, no_auto_psv
.