Is it possible to use the MPU to configure the Peripheral Memory Space as Execute?
It looks possible via the MPU_RBAR.XN bit.
If this is the case, is it fair to say that TrustZone aware select gates need to monitor HPROT[0] or PPROT[2] and block the transaction if it is an instruction fetch?
You wrote:> I am not that knowledgeable on the MPU and want to confirm that the MPU can reconfigure > the Peripheral space from Execute Never to Execute.Yes, privileged code can reconfigure the MPU to mark the Peripheral space as Executable. Note that there are two MPUs with the Security Extension (one for the Non-secure state, MPU_NS, and one for the Secure state, MPU_S). An ARMv8-M processor like Cortex-M33, which includes the Security Extension, will firstly check the security attribution (Secure or Non-secure) of the address being accessed to determine which MPU to use. For any non-secure accesses the processor will check MPU_NS, whereas for secure accesses the processor will check MPU_S.I believe that the scenario you've described is:1. Privileged non-secure code re-configures MPU_NS to mark the Peripheral space as Executable.2. Non-secure code attempts to write an SG opcode into the Peripheral space now marked as executable.3. Non-secure code attempts to jump to the address of the SG opcode.If secure code has already marked the Peripheral space as Secure & Non-secure Callable (NSC), the write (step 2 above) would fail because non-secure code is not permitted to access secure memory, so step 3 wouldn't even happen.