SCR.EA ignored on apalis imx6


my goal is to setup an apalis imx6 chip with our secure OS in the Trustzone, and a modified Linux running in the normal world. Each time I switch from Linux to the secure OS, an asynchronous external abort arise. In order to debug this, I wanted to force EA to the monitor, by setting SCR.AW to 0 (NW can’t modifiy the CPSR.A bit) and SCR.EA to 1 (branch to Monitor on EA).
Even in this configuration (which works on other imx6 boards we have, like NXP Sabre or Boundary Devices Sabre lite), Linux can still set CPSR.A to 1 and the abort does not goes to the monitor.

In order to debug the situation, I had to patch linux and explicitely remove the CPSR.A bit. With this patch, I get the EA more quickly (and it seems the PCIe drivers is making some secure access I will need to fix).

I wanted to know if this behavior was known and / or normal, and if I needed to notify you or NXP ?

Best regards,

Hi Vincent

Actually we have no experience with the security features of the i.MX 6, neither with HAB nor with Trustzone.

The only fuses we set are the once related to the bootdevice. According to this blog post the Bondary Devices NitrogenX additionally fuses the MAC address. So probably it is not caused by some missing fuses releated to the security features.

I would guess that some bootloader and/or kernel configuration is differently set which results in the different behaviour you see.


The issue is not fuse related, only software related: the secure monitor (through the armv7 SCR register) can prevent the normal world to modify CPSR.A bit, which clearly doesn’t work. So I was wondering if this is a malfunction of my chip or a known issue.