SM entry/exit atomicity

[jovanbulck]

Atomicity requirements for sm_entry/exit/verify are currently not always properly enforced.

(Note: we assume a cooperating multitasking model: SM can protect itself from being interrupted using eint/dint. Cooperating SMs should try to keep atomic sections as short as possible.)

SM entry. The following should happen in atomic section:

1. Init/restore stack pointer and IRQ stack pointer save loc
2. Get and store sancus_get_caller_id (this should become a compiler intrinsic in sm_support.h as it can change after IRQ)
3. decide if SM was previously interrupted and should restore internal execution

SM exit. The following should happen in atomic section:

1. If protected ocall: verify SM is properly loaded by comparing sancus_get_id with the stored ID (this needs changes in the LLVM pass which calls sm_verify.S)
2. Store + clear stack pointer (full abstraction)
3. Branch to the continuation point outside the SM

SM reti entry. Could be we need to execute dint; nop before reti? If SM was executing with interrupts enabled, reti will re-enable interrupts. If SM was interrupted at the start of an atomic section (i.e., directly after dint as above), this ensures that an attacker cannot interrupt first instruction after reti? This needs testing...

[fritzalder]

Is this still relevant after #33 and the discussion in #13 ? It looks to me like we cover most of it and should maybe create new specific issues to deal with stuff that we missed so far.

[jovanbulck]

yes this is covered and can be closed when the PR is merged