Analyzed the following files: (a) base-hw/src/core/spec/arm/kernel/cpu.cc (calls init trustzone) (b) base-hw/src/core/spec/imx53/trustzone/platform_support.cc (defines init trustzone where monitor exception entry is assigned with _mon_kernel_entry) (c) base-hw/src/core/spec/arm_v7/trustzone/mode_transition.s defines _mon_kernel_entry, which is the exception vector table in monitor mode. The exception handlers call "_nonsecure_to_secure exception_type, pc_adjust", which sets the appropriate pc based on lr values. (d) base-hw/src/core/include/spec/arm_v7/macros_support.s has the register bank save and restore macros.
For my doubt (1) above, does each precise external abort go through this monitor exception handler function? How does that explain _state->ip is the correct variable (since pc is already adjusted based on lr)?
For my doubt (2) above, are the _state variables mapped to the memory addresses where the normal world registers are restored from? Is that how any change made by vmm is reflected in the normal world registers?
Thanks! Riju