The SCR_EL3 characteristics are:
Defines the configuration of the current Security state. It specifies:
AArch64 System register SCR_EL3 bits [31:0] can be mapped to AArch32 System register SCR[31:0] , but this is not architecturally mandated.
Some or all RW fields of this register have defined reset values. These apply only if the PE resets into an Exception level that is using AArch64. Otherwise, RW fields in this register reset to architecturally UNKNOWN values.
SCR_EL3 is a 64-bit register.
The SCR_EL3 bit assignments are:
63 | 62 | 61 | 60 | 59 | 58 | 57 | 56 | 55 | 54 | 53 | 52 | 51 | 50 | 49 | 48 | 47 | 46 | 45 | 44 | 43 | 42 | 41 | 40 | 39 | 38 | 37 | 36 | 35 | 34 | 33 | 32 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
0 | 0 | 0 | 0 | 0 | ATA | EnSCXT | 0 | 0 | 0 | FIEN | NMEA | EASE | EEL2 | API | APK | TERR | TLOR | TWE | TWI | ST | RW | SIF | HCE | SMD | 0 | 1 | 1 | EA | FIQ | IRQ | NS |
31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
Reserved, RES0.
Allocation Tag Access. Controls access at EL2, EL1 and EL0 to Allocation Tags.
When access to Allocation Tags is prevented:
Instructions which Load or Store data are Unchecked.
Instructions which Load or Store Allocation Tags treat the Allocation Tag as RAZ/WI.
Instructions which insert Logical Address Tags into addresses treat the Allocation Tag used to generate the Logical Address Tag as 0.
Cache maintenance instructions which invalidate Allocation Tags from caches behave as the equivalent Clean and Invalidate operation on Allocation Tags.
ATA | Meaning |
---|---|
0b0 |
Access to Allocation Tags is prevented. |
0b1 |
Access to Allocation Tags is not prevented. |
This field is permitted to be cached in a TLB.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Enable access to the SCXTNUM_EL2, SCXTNUM_EL1, and SCXTNUM_EL0 registers. The defined values are:
EnSCXT | Meaning |
---|---|
0b0 |
EL2, EL1 and EL0 access to SCXTNUM_EL0, EL2 and EL1 access to SCXTNUM_EL1, EL2 access to SCXTNUM_EL2 registers are disabled by this mechanism, causing an exception to EL3, and the values of these registers to be treated as 0. |
0b1 |
This control does not cause accesses to SCXTNUM_EL0, SCXTNUM_EL1, SCXTNUM_EL2 to be trapped. |
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Reserved, RES0.
Fault Injection enable. Trap accesses to the ERXPFGCDN_EL1, ERXPFGCTL_EL1, and ERXPFGF_EL1 registers from EL1 and EL2 to EL3.
FIEN | Meaning |
---|---|
0b0 |
Accesses to the specified registers from EL1 and EL2 generate a Trap exception to EL3. |
0b1 |
This control does not cause any instructions to be trapped. |
If EL3 is not implemented, the Effective value of SCR_EL3.FIEN is 0b1.
If the RAS Common Fault Injection Model Extension is not implemented, this field is RES0.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Non-maskable External Aborts. When SCR_EL3.EA == 1, controls whether PSTATE.A masks SError interrupts at EL3.
NMEA | Meaning |
---|---|
0b0 |
If SCR_EL3.EA == 1, asserted SError interrupts are not taken at EL3 if PSTATE.A == 1. |
0b1 |
If SCR_EL3.EA == 1, asserted SError interrupts are taken at EL3 regardless of the value of PSTATE.A. |
When SCR_EL3.EA == 0:
This field resets to 0.
Reserved, RES0.
External aborts to SError interrupt vector.
EASE | Meaning |
---|---|
0b0 |
Synchronous External abort exceptions taken to EL3 are taken to the appropriate synchronous exception vector offset from VBAR_EL3. |
0b1 |
Synchronous External abort exceptions taken to EL3 are taken to the appropriate SError interrupt vector offset from VBAR_EL3. |
This field resets to 0.
Reserved, RES0.
Secure EL2 Enable.
EEL2 | Meaning |
---|---|
0b0 |
All behaviors associated with Secure EL2 are disabled. All registers, including timer registers, defined by ARMv8.4-SecEL2 are UNDEFINED, and those timers are disabled. |
0b1 |
All behaviors associated with Secure EL2 are enabled. |
When the value of this bit is 1, then:
When SCR_EL3.NS == 0, the SCR_EL3.RW bit is treated as 1 for all purposes other than reading or writing the register.
If Secure EL1 is using AArch32, then any of the following operations, executed in Secure EL1, is trapped to Secure EL2 using the EC value of ESR_EL2.EC== 0x3 :
If Secure EL1 is using AArch32, then any of the following operations, executed in Secure EL1, is trapped to Secure EL2 using the EC value of ESR_EL2.EC== 0x0 :
If the Effective value of SCR_EL3.EEL2 is 0, then these operations executed in Secure EL1 using AArch32 are trapped to EL3.
In a Secure only implementation that does not implement EL3 but implements EL2, behaves as if SCR_EL3.EEL2 == 1.
This bit is permitted to be cached in a TLB.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Controls the use of instructions related to Pointer Authentication:
API | Meaning |
---|---|
0b0 |
The use of any instruction related to pointer authentication in any Exception level except EL3 when the instructions are enabled are trapped to EL3 unless they are trapped to EL2 as a result of the HCR_EL2.API bit. |
0b1 |
This control does not cause any instructions to be trapped. |
If ARMv8.3-PAuth is implemented but EL3 is not implemented, the system behaves as if this bit is 1.
This field resets to an architecturally UNKNOWN value.
Controls the use of instructions related to Pointer Authentication:
API | Meaning |
---|---|
0b0 |
The use of any instruction related to pointer authentication in any Exception level except EL3 when the instructions are enabled are trapped to EL3 unless they are trapped to EL2 as a result of the HCR_EL2.API bit. |
0b1 |
This control does not cause any instructions to be trapped. |
If ARMv8.3-PAuth is implemented but EL3 is not implemented, the system behaves as if this bit is 1.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Trap registers holding "key" values for Pointer Authentication. Traps accesses to the following registers from EL1 or EL2 to EL3 unless they are trapped to EL2 as a result of the HCR_EL2.APK bit or other traps:
APK | Meaning |
---|---|
0b0 |
Access to the registers holding "key" values for pointer authentication from EL1 or EL2 are trapped to EL3 unless they are trapped to EL2 as a result of the HCR_EL2.APK bit or other traps. |
0b1 |
This control does not cause any instructions to be trapped. |
If ARMv8.3-PAuth is implemented but EL3 is not implemented, the system behaves as if this bit is 1.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Trap Error record accesses. Trap accesses to the following registers from EL1 and EL2 to EL3:
EL1 using AArch64: ERRIDR_EL1, ERRSELR_EL1, ERXADDR_EL1, ERXCTLR_EL1, ERXFR_EL1, ERXMISC0_EL1, ERXMISC1_EL1, and ERXSTATUS_EL1. When ARMv8.4-RAS is implemented, ERXMISC2_EL1, and ERXMISC3_EL1.
EL1 using AArch32: ERRIDR, ERRSELR, ERXADDR, ERXADDR2, ERXCTLR, ERXCTLR2, ERXFR, ERXFR2, ERXMISC0, ERXMISC1, ERXMISC2, ERXMISC3, and ERXSTATUS. When ARMv8.4-RAS is implemented, ERXMISC4, ERXMISC5, ERXMISC6, and ERXMISC7.
TERR | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Accesses to the specified registers from EL1 and EL2 generate a Trap exception to EL3. |
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Trap LOR registers. Traps accesses to the LORSA_EL1, LOREA_EL1, LORN_EL1, LORC_EL1, and LORID_EL1 registers from EL1 and EL2 to EL3, unless the access has been trapped to EL2.
TLOR | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
EL1 and EL2 accesses to the LOR registers that are not UNDEFINED are trapped to EL3, unless it is trapped HCR_EL2.TLOR. |
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Traps EL2, EL1, and EL0 execution of WFE instructions to EL3, from both Security states and both Execution states.
TWE | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Any attempt to execute a WFE instruction at any Exception level lower than EL3 is trapped to EL3, if the instruction would otherwise have caused the PE to enter a low-power state and it is not trapped by SCTLR.nTWE, HCR.TWE, SCTLR_EL1.nTWE, SCTLR_EL2.nTWE, or HCR_EL2.TWE. |
In AArch32 state, the attempted execution of a conditional WFE instruction is only trapped if the instruction passes its condition code check.
Since a WFE or WFI can complete at any time, even without a Wakeup event, the traps on WFE of WFI are not guaranteed to be taken, even if the WFE or WFI is executed when there is no Wakeup event. The only guarantee is that if the instruction does not complete in finite time in the absence of a Wakeup event, the trap will be taken.
This field resets to an architecturally UNKNOWN value.
Traps EL2, EL1, and EL0 execution of WFI instructions to EL3, from both Security states and both Execution states.
TWI | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Any attempt to execute a WFI instruction at any Exception level lower than EL3 is trapped to EL3, if the instruction would otherwise have caused the PE to enter a low-power state and it is not trapped by SCTLR.nTWI, HCR.TWI, SCTLR_EL1.nTWI, SCTLR_EL2.nTWI, or HCR_EL2.TWI. |
In AArch32 state, the attempted execution of a conditional WFI instruction is only trapped if the instruction passes its condition code check.
Since a WFE or WFI can complete at any time, even without a Wakeup event, the traps on WFE of WFI are not guaranteed to be taken, even if the WFE or WFI is executed when there is no Wakeup event. The only guarantee is that if the instruction does not complete in finite time in the absence of a Wakeup event, the trap will be taken.
This field resets to an architecturally UNKNOWN value.
Traps Secure EL1 accesses to the Counter-timer Physical Secure timer registers to EL3, from AArch64 state only.
ST | Meaning |
---|---|
0b0 |
Secure EL1 using AArch64 accesses to the CNTPS_TVAL_EL1, CNTPS_CTL_EL1, and CNTPS_CVAL_EL1 are trapped to EL3 when Secure EL2 is disabled. If Secure EL2 is enabled, the behaviour is as if the value of this field was 0b1. |
0b1 |
This control does not cause any instructions to be trapped. |
This field resets to an architecturally UNKNOWN value.
Execution state control for lower Exception levels.
RW | Meaning |
---|---|
0b0 |
Lower levels are all AArch32. |
0b1 |
The next lower level is AArch64. If EL2 is present:
If EL2 is not present:
|
If AArch32 state is not supported by the implementation at EL2 and AArch32 state is not supported by the implementation at EL1, then this bit is RAO/WI.
If AArch32 state is supported by the implementation at EL1, SCR_EL3.NS == 1 and AArch32 state is not supported by the implementation at EL2, the Effective value of this bit is 1.
If AArch32 state is supported by the implementation at EL1, ARMv8.4-SecEL2 is implemented and SCR_EL3.{EEL2, NS} == {1, 0}, the Effective value of this bit is 1.
This bit is permitted to be cached in a TLB.
This field resets to an architecturally UNKNOWN value.
Secure instruction fetch. When the PE is in Secure state, this bit disables instruction fetch from memory marked in the first stage of translation as being Non-secure. The possible values for this bit are:
SIF | Meaning |
---|---|
0b0 |
Secure state instruction fetches from memory marked in the first stage of translation as being Non-secure are permitted. |
0b1 |
Secure state instruction fetches from memory marked in the first stage of translation as being Non-secure are not permitted. |
This bit is permitted to be cached in a TLB.
This field resets to an architecturally UNKNOWN value.
Secure instruction fetch. When the PE is in Secure state, this bit disables instruction fetch from Non-secure memory.
SIF | Meaning |
---|---|
0b0 |
Secure state instruction fetches from Non-secure memory are permitted. |
0b1 |
Secure state instruction fetches from Non-secure memory are not permitted. |
This bit is permitted to be cached in a TLB.
This field resets to an architecturally UNKNOWN value.
Hypervisor Call instruction enable. Enables HVC instructions at EL3 and, if EL2 is enabled in the current Security state, at EL2 and EL1, in both Execution states.
HCE | Meaning |
---|---|
0b0 |
HVC instructions are UNDEFINED. |
0b1 |
HVC instructions are enabled at EL3, EL2, and EL1. |
HVC instructions are always UNDEFINED at EL0 and, if Secure EL2 is disabled, at Secure EL1.
If EL2 is not implemented, this bit is RES0.
This field resets to an architecturally UNKNOWN value.
Secure Monitor Call disable. Disables SMC instructions at EL1 and above, from both Security states and both Execution states.
SMD | Meaning |
---|---|
0b0 |
SMC instructions are enabled at EL1 and above. |
0b1 |
SMC instructions are UNDEFINED at EL1 and above. |
SMC instructions are always UNDEFINED at EL0.
This field resets to an architecturally UNKNOWN value.
Reserved, RES0.
Reserved, RES1.
External Abort and SError interrupt routing.
EA | Meaning |
---|---|
0b0 |
When executing at Exception levels below EL3, External aborts and SError interrupts are not taken to EL3. In addition, when executing at EL3:
|
0b1 |
When executing at any Exception level, External aborts and SError interrupts are taken to EL3. |
For more information, see 'Asynchronous exception routing' in the Arm® Architecture Reference Manual, Armv8, for Armv8-A architecture profile, section D1 (The AArch64 System Level Programmers' Model).
This field resets to an architecturally UNKNOWN value.
Physical FIQ Routing.
FIQ | Meaning |
---|---|
0b0 |
When executing at Exception levels below EL3, physical FIQ interrupts are not taken to EL3. When executing at EL3, physical FIQ interrupts are not taken. |
0b1 |
When executing at any Exception level, physical FIQ interrupts are taken to EL3. |
For more information, see 'Asynchronous exception routing' in the Arm® Architecture Reference Manual, Armv8, for Armv8-A architecture profile, section D1.
This field resets to an architecturally UNKNOWN value.
Physical IRQ Routing.
IRQ | Meaning |
---|---|
0b0 |
When executing at Exception levels below EL3, physical IRQ interrupts are not taken to EL3. When executing at EL3, physical IRQ interrupts are not taken. |
0b1 |
When executing at any Exception level, physical IRQ interrupts are taken to EL3. |
For more information, see 'Asynchronous exception routing' in the Arm® Architecture Reference Manual, Armv8, for Armv8-A architecture profile, section D1.
This field resets to an architecturally UNKNOWN value.
Non-secure bit.
NS | Meaning |
---|---|
0b0 |
Indicates that EL0 and EL1 are in Secure state. |
0b1 |
Indicates that Exception levels lower than EL3 are in Non-secure state, and so memory accesses from those Exception levels cannot access Secure memory. |
When SCR_EL3.{EEL2, NS} == {1, 0}, then EL2 is using AArch64 and in Secure state.
This field resets to an architecturally UNKNOWN value.
Accesses to this register use the following encodings:
op0 | CRn | op1 | op2 | CRm |
---|---|---|---|---|
0b11 | 0b0001 | 0b110 | 0b000 | 0b0001 |
if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then UNDEFINED; elsif PSTATE.EL == EL2 then UNDEFINED; elsif PSTATE.EL == EL3 then return SCR_EL3;
op0 | CRn | op1 | op2 | CRm |
---|---|---|---|---|
0b11 | 0b0001 | 0b110 | 0b000 | 0b0001 |
if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then UNDEFINED; elsif PSTATE.EL == EL2 then UNDEFINED; elsif PSTATE.EL == EL3 then SCR_EL3 = X[t];
13/12/2018 16:42; 6379d01c197f1d40720d32d0f84c419c9187c009
Copyright © 2010-2018 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.