Dear TF-M Community,
I have a question regarding a specific use case involving interrupt handling and domain preemption in a TrustZone-enabled system using TF-M.
In the scenario where the processor is executing within a Secure user context (e.g., during Secure Partition execution), is it possible for an interrupt assigned to the Non-Secure domain to pre-empt this Secure execution?
* Does TF-M support such preemption by default? * If not supported out-of-the-box, what modifications or configuration changes would be required within TF-M to enable this behavior?
Any guidance on how TF-M manages interrupt priority and security attribution in this context would be greatly appreciated.
Best regards,
Waqar Ali
Waqar Ali Tahir
(He / Him / His)
Embedded SW Engineer
Phone: +433124 299160
Email: mailto:waqar.tahir@nxp.com waqar.tahir@nxp.com
NXP Semiconductors Austria GmbH & Co KG | Mikronweg 1, 8101 Gratkorn | Austria |
Sitz: Gratkorn, Österreich | Firmenbuchgericht: Landesgericht für ZRS Graz | Firmenbuchnummer: FN 541474 k | VAT: ATU76231908
Unless otherwise recorded in a signed, written agreement, all sales transactions by NXP are exclusively subject to NXPs Terms and Conditions of Commercial Sale (NXP Terms) published at: http://www.nxp.com/profile/terms/index.html www.nxp.com/profile/terms/index.html. NXP explicitly rejects and disregards any terms and conditions of customer that add to, or differ from, NXPs Terms irrespective of when customer raises its terms. The information contained in this message is confidential. The message is intended solely for the addressee(s). If you are not the intended recipient, any use, dissemination, or reproduction is strictly prohibited and may be unlawful and you are asked to please contact the sender by return e-mail and destroy all copies of the original message.
Hi Waqar Ali,
It is possible for a secure service to be preempted by a NS interrupt. There are two main build options you may want to have a look at: https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/... https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/... These two should give you enough control on how to manage the scenario you described, the latter in particular.
Generally, interrupt priorities in TF-M are configured in the platform's specific tfm_interrupts.c, while the MPU/SAU/IDAU is usually set in target_cfg.c via tfm_hal_isolation_v8m.c (or equivalent). https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/...
Hope that helps as a starting point.
Best regards Nicola
________________________________ From: Waqar Ali Tahir via TF-M tf-m@lists.trustedfirmware.org Sent: 01 August 2025 16:08 To: tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Cc: Ruchika Gupta ruchika.gupta_1@nxp.com Subject: [TF-M] Clarification on IRQ Preemption of Secure User Context by Non-Secure Interrupts
Dear TF-M Community,
I have a question regarding a specific use case involving interrupt handling and domain preemption in a TrustZone-enabled system using TF-M.
In the scenario where the processor is executing within a Secure user context (e.g., during Secure Partition execution), is it possible for an interrupt assigned to the Non-Secure domain to pre-empt this Secure execution?
* Does TF-M support such preemption by default? * If not supported out-of-the-box, what modifications or configuration changes would be required within TF-M to enable this behavior?
Any guidance on how TF-M manages interrupt priority and security attribution in this context would be greatly appreciated.
Best regards,
Waqar Ali
Waqar Ali Tahir
(He / Him / His)
Embedded SW Engineer
Phone: +433124 299160
Email: waqar.tahir@nxp.commailto:waqar.tahir@nxp.com
[cid:image002.png@01DC0320.159E1270]
NXP Semiconductors Austria GmbH & Co KG | Mikronweg 1, 8101 Gratkorn | Austria |
Sitz: Gratkorn, Österreich | Firmenbuchgericht: Landesgericht für ZRS Graz | Firmenbuchnummer: FN 541474 k | VAT: ATU76231908
Unless otherwise recorded in a signed, written agreement, all sales transactions by NXP are exclusively subject to NXP’s Terms and Conditions of Commercial Sale (“NXP Terms”) published at: www.nxp.com/profile/terms/index.htmlhttp://www.nxp.com/profile/terms/index.html. NXP explicitly rejects and disregards any terms and conditions of customer that add to, or differ from, NXP’s Terms irrespective of when customer raises its terms. The information contained in this message is confidential. The message is intended solely for the addressee(s). If you are not the intended recipient, any use, dissemination, or reproduction is strictly prohibited and may be unlawful and you are asked to please contact the sender by return e-mail and destroy all copies of the original message.
tf-m@lists.trustedfirmware.org
-
Nicola Mazzucato -
Waqar Ali Tahir