Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

MPLAB
®
XC16 C Compiler Users Guide
DS50002071C-page 182 2012-2013 Microchip Technology Inc.
secure
This attribute directs the compiler to allocate a function in the secure segment of
program Flash.
For example, to declare a protected function:
void __attribute__((secure)) func();
An optional argument can be used to specify a protected access entry point within the
secure segment. The argument may be a literal integer in the range 0 to 31 (except
16), or the word unused. Integer arguments correspond to 32 instruction slots in the
segment access area, which occupies the lowest address range of each secure seg-
ment. The value 16 is excluded because access entry 16 is reserved for the secure
segment interrupt vector. The value unused is used to specify a function for all of the
unused slots in the access area.
Access entry points facilitate the creation of application segments from different ven-
dors that are combined at run time. They can be specified for external functions as well
as locally defined functions. For example:
/* an external function that we wish to call */
extern void __attribute__((boot(3))) boot_service3();
/* local function callable from other segments */
void __attribute__((secure(4))) secure_service4()
{
boot_service3();
}
To specify a secure interrupt handler, use the secure attribute in combination with the
interrupt attribute:
void __attribute__((secure,interrupt)) secure_interrupts();
When an access entry point is specified for an external secure function, that function
need not be included in the project for a successful link. All references to that function
will be resolved to a fixed location in Flash, depending on the security model selected
at link time.
When an access entry point is specified for a locally defined function, the linker will
insert a branch instruction into the secure segment access area. The exception is for
access entry 16, which is represented as a vector (i.e, an instruction address) rather
than an instruction. The actual function definition will be located beyond the access
area; therefore the access area will contain a jump table through which control can be
transferred from another security segment to functions with defined entry points.
Note: In order to allocate functions with the boot or secure attribute, memory
for the boot and/or secure segment must be reserved. This can be accom-
plished by setting configuration words in source code, or by specifying
linker command options. For more information, see Chapter 8.8, Options
that Specify CodeGuard Security Features, in the linker manual
(DS51317).
If attributes boot or secure are used, and memory is not reserved, then a
link error will result.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh