I am working on the trust zone extension on raspberry pi B+ which has the ARM1176JZF-S processor.
The smc (Secure Monitor Call) instruction used to switch between worlds is of form :
"SMC #imm4" eg : smc #0
I am trying to retrive this value from the smc exception handler. My initial assumption was that this might be stored in the R0 register. But I am getting some different value than the one I passed. So where is this value stored ?
This value is a part of the instruction's opcode. You would need to read the memory at the return address, parse the opcode and extract the immediate value.
Because such operation may be somewhat expensive as opposed to reading a banked register, a common approach is to use a processor register to specify the operation to be performed. In fact, ARM has developed the "SMC Calling Convention" which suggests using R0 as "SMC Function Identifier" and R1-R6 for the arguments.