Determining Current Arm Cortex-M Security State with GDB

Summary

In my day job and free time I frequently find myself debugging Arm Cortex-M microcontrollers (MCUs). In recent years, it has become more and more common for the cores in these MCUs to implement Armv8-M, with the Arm Cortex-M33 being a very popular variant. Armv8-M includes an optional security extension (Cortex-M Security Extension or “CMSE”), which is more commonly known by its marketing name, TrustZone. The security extension allows for a core, or a Processing Element (PE) if using the official terminology in Arm reference manuals, to divide memory into Secure and Non-Secure regions. When executing instructions in a Secure memory region, the PE is said to be in the Secure state, and when executing in a Non-Secure region, it is said to be in the Non-Secure state. The current stack pointer (SP / R13) register in an Armv8-M PE either matches the Main Stack Pointer (MSP) or Process Stack Pointer (PSP), depending on the operating mode (Handler or Thread) and the SPSEL field in the CONTROL special-purpose register. If in Handler mode, the SP register will always match MSP. When in Thread mode, the SP will match MSP if SPSEL is 0 or PSP if SPSEL is 1. When the security extension is implemented, there are both *_S and *_NS variants of some registers, inluding MSP (MSP_S and MSP_NS) and PSP (PSP_S and PSP_NS). This expands the possible values of SP, adding an extra dimension of the current security state. This can be useful to quickly determine the security state when debugging a core. With the following GDB command, the current stack pointer, as well as the Secure and Non-Secure variants of the Main and Process Stack Pointers will be printed. i r sp psp_ns msp_ns psp_s msp_s If the SP matches either PSP_NS or MSP_NS, then the PE is currently in the Non-Secure state. If it matches PSP_S or MSP_S, then the PR is currently in the Secure state. For example, on reset in a Cortex-M33 core with the security extension implemented, the processor will be in Thread mode and Secure s...