From "ARM v8-M Architecture Reference Manual", about IDAU I see:
The IDAU can provide the following Security attribution information for an address:• Security attribution exempt. This specifies that the address is exempt from security attribution. This information is combined with the address ranges that are architecturally required to be exempt from attribution.• Non-secure. This specifies if the address is Secure or Non-secure.• Non-secure callable. This specifies if code at the address can be called from Non-secure state. This attribute is only valid if the address is marked as Secure.• Region number. This is the region number that matches the address, and is only used by the TT instruction.• Region number valid. This specifies that the region number is valid. This field has no effect on the attribution of the address, and is only used by the TT instruction.
Given an address, how can I check its IDAU security attribution? Like any register value or API can be checked to see these attribution info? Thanks
You can disable the SAU and enable the ALLNS bit then use the TT instructions to determine the IDAU security attribution.
Checkout the TT,TTT,TTA, TTAT instructions in the v8M ARM.
You'll eventually want to end up at the definition of the SecurityCheck function.
If you search the web for the TT instruction you'll see that tools have wrapped this Assembler instruction, so it may vary from tool to tool.
At the end of the day you get back a structure that looks like this:
typedef union { struct cmse_address_info { unsigned mpu_region:8; unsigned sau_region:8; unsigned mpu_region_valid:1; unsigned sau_region_valid:1; unsigned read_ok:1; unsigned readwrite_ok:1; unsigned nonsecure_read_ok:1; unsigned nonsecure_readwrite_ok:1; unsigned secure:1; unsigned idau_region_valid:1; unsigned idau_region:8; } flags; unsigned value; } cmse_address_info_t;
Great instruction. I'll try it. Thanks.
May I ask a couple follow up questions.
Assume IDAU defined 4 regions:
[0x00000000 - 0x0FFFFFFF] [0x10000000 - 0x1FFFFFFF] [0x20000000 - 0x2FFFFFFF] [0x30000000 - 0x3FFFFFFF]
[0:NS] [1:S] [2:NS] [3:S]
Upon core init:
Setting SAU_CTRL ENABLE bit = 1, and ALLNS bit = 0;
(1) What's the security of the 4 regions now? Are they still NS, S, NS, S, just as the IDAU configured, or they become S, S, S, S?
(2) About ALLNS, ARM v8-M Architecture Reference Manual says "When SAU_CTRL.ENABLE is 0 this bit controls if the memory is marked as Non-secure or Secure."
How about when SAU_CTRL.ENABLE is 1, does ALLNS impacts region security setting whenSAU_CTRL.ENABLE is set 1?
Thank you very much.
Check out the Security attribution unit section in the v8m ARM for more details.
You use the SAU to assign all the NS and NSC address regions.
So every address is secure if you enable the SAU and don't enable any address regions.
The ALLNS bit does not impact the security attribution when the SAU is enabled.
With the help provided by kappajacko and Joseph, I did some tests. I'm trying to conclude, in case it's helpful to others.
1. SAU_CTRL ENABLE = 0 ALLNS = 1 Then, memory setting follows IDAU.2. SAU_CTRL ENABLE = 1 Then, all regions become Secure. Then, if SAU further tries to change an IDAU non-secure region back to non-secure, it can. If SAU further tries to change an IDAU secure region to non-secure, it can NOT.
arm-none-eabi/6.3.1/include/arm_cmse.h provides API such as cmse_check_address_range, which can be called to check a memory region/address is secure or non-secure.
The DS-5 debugger supports an MPU view that shows the security settings of the address map.
This is described near the end of a recent blog I wrote:https://community.arm.com/tools/b/blog/posts/using-arm-musca-board-with-ds5
Ronan, Very useful info. Thank you very much.
On DS-5 debugger command line, I simply use
mpu memory-map ("mmu memory-map" shows the same)
and it shows the security attributes of memory regions.