Chapter 3 Memory system and memory partitioning
If the Security Extension is implemented the 4GB memory space is partitioned into Secure and Non-secure memory regions.
Memory regions are one of the following three types:
- Secure (S)
- Secure, and callable from Non-secure (NSC)
- Non-secure (NS)
Secure addresses are used for memory and peripherals that are only accessible by Secure software or Secure masters.
Secure transactions are those that originate from masters operating as, or deemed to be, Secure when targeting a Secure address.
Non-secure Callable (NSC)
NSC is a special type of Secure location. This type of memory is the only type which an Armv8-M processor permits to hold an SG instruction that enables software to transition from Non-secure to Secure state. The inclusion of NSC memory locations removes the need for Secure software creators to allow for the accidental inclusion of SG instructions, or data sharing encoding values, in normal Secure memory by restricting the functionality of the SG instruction to NSC memory only.
Typically NSC memory regions contain tables of small branch veneers (entry points). To prevent Non-secure applications from branching into invalid entry points, there is the Secure Gateway (SG) instruction.
When a Non-secure program calls a function in the Secure side:
- The first instruction in the API must be an SG instruction.
- The SG instruction must be in an NSC region, which is defined by the Security Attribution Unit (SAU) or Implementation Defined Attribution Unit (IDAU).
The reason for introducing NSC memory is to prevent other binary data, for example, a lookup table, which has a value the same as the opcode as the SG instruction, being used as an entry function in to the Secure state. By separating NSC and Secure memory types, Secure program code containing binary data can be securely placed in a Secure region without direct exposure to the Normal world, and can only be accessed using valid entry points in NSC memory.
Non-secure addresses are used for memory and peripherals accessible by all software running on the device.
Non-secure transactions are those that originate from masters operating as, or deemed to be, Non-secure or from Secure masters accessing a Non-secure address. Non-secure transactions are only permitted to access NS addresses, and the system must ensure that NS transactions are denied access to Secure addresses.