Attribution units (SAU and IDAU)
If the ARMv8-M Security Extension is included in the processor, then security state of a memory region is controlled by a combination of the internal Secure Attribution Unit (SAU) or an external Implementation Defined Attribution Unit (IDAU). The number of SAU regions is defined during the implementation of the processor. The SAU is disabled at reset.
If no SAU regions are defined, or the SAU is disabled, and no IDAU is included in the system then the entire memory address space is defined as Secure and the processor is not able to switch to Non-secure state. Any attempt to switch to Non-secure state results in a fault. This is the default state of the processor.
The SAU is programmable in Secure state and has a programmers’ model similar to the Memory Protection Unit (MPU). The SAU implementation is configurable by designers. The SAU is always present but the designer defines the number of regions. Alternatively, designers can use an IDAU to define a fixed memory map, and use a SAU to override the security attributes for some parts of the memory. A simple use could be to use the IDAU to split memory into 500Mb chunks of alternating Secure and Non-secure memory.
The designer of a microcontroller or SoC device divides the memory spaces into Secure and Non-secure areas. Software defines some of the regions using the Secure Attribution Unit (SAU), or by device-specific controller logic that is connected to a special Implementation Defined Attribution Unit (IDAU) interface on the processor. The memory partitioning is also used to define peripherals as Secure or Non-secure.
The SAU and IDAU also define region numbers for each of the memory regions. The region numbers are 8-bit, and are used by the Test Target(TT) instruction to allow software to determine access permissions and security attribute of objects in memory.
The SAU is only implemented if the ARMv8-M Security Extension is included in the processor. The number of regions that are included in the SAU can be configured to be either 0, 4 or 8.
The SAU can only be programmed in Secure state. Regions are programmed using the SAU Region number Register (SAU_RNR), SAU Region base Address Register (SAU_RBAR), and SAU Region Limit Address Register (SAU_RLAR). The SAU can be enabled using the SAU Control Register (SAU_CTRL).
When programming the SAU Non-secure regions, you must ensure that Secure data and code is not exposed to Non-secure applications.
Security attribution and memory protection in the processor are provided by the optional SAU and the optional Memory Protection Units (MPUs).
For instructions and data, the SAU returns the security attribute that is associated with the address.
For instructions, the attribute determines the allowable Security state of the processor when the instruction is executed. It can also identify if code at a Secure address can be called from Non-secure state. It does this by applying the NSC attribute.
For data, the attribute determines whether a memory address can be accessed from Non-secure state, and also whether the external memory request is marked as Secure or Non-secure.
If a data access is made from Non-secure state to an address marked as Secure, then the processor takes a Secure Fault exception. If a data access is made from Secure state to an address marked as Non-secure, then the associated external memory access is marked as Non-secure.