|Home > Building Secure and Non-secure Images Using Armv8‑M Security Extensions > Overview of building Secure and Non-secure images|
Arm® Compiler 6 tools allow you to build images that run in the Secure state of the Armv8‑M Security Extensions. You can also create an import library package that developers of Non-secure images must have for those images to call the Secure image.
To build an image that runs in the Secure state you must include the
<arm_cmse.h> header in your code, and
compile using the armclang
-mcmse command-line option. Compiling in this way
makes the following features available:
On startup, your Secure code must set up the Security Attribution Unit (SAU) and call the Non-secure startup code.
Be aware of the following when compiling Secure and Non-secure code:
__ARM_FEATURE_CMSEpredefined macro indicates what Armv8‑M Security Extension features are supported.
__attribute__((cmse_nonsecure_entry)). Therefore, the functions could potentially leak sensitive data.
The following cases are not supported when compiling with
-mcmse and produce an error:
Calling a Secure image from a Non-secure image requires a transition from Non-secure to Secure state. A transition is initiated through Secure gateway veneers. Secure gateway veneers decouple the addresses from the rest of the Secure code.
An entry point in the Secure image,
, is identified
The calling sequence is as follows:
BLinstruction to call the Secure gateway veneer for the required entry function in the Secure image:
SGinstruction and a call to the entry function in the Secure image using the
entrynameSG B.W __acle_se_
The following figure is a graphical representation of the calling sequence, but for clarity, the return from the entry function is not shown:
An import library package identifies the entry functions available in a Secure image. The import library package contains:
You must do separate compile and link stages: