You copied the Doc URL to your clipboard.

1.4.1 Full IDAU

ARM®v8‑M implementations contain a common IDAU interface, where an address is presented and a combinatorial response is required for the IDAU attributes corresponding to this address.

The scheme that is defined for the example system maps into bit[28] of the address being used to drive the Secure attribution signal, however, extra consideration is required regarding NSC and exempt regions for CoreSight™ ROM tables, and similar.

Non-secure Callable regions

ARM®v8‑M requires any Secure address which is to be used as a branch target for switching between Non-secure to Secure state to contain an SG instruction and be marked as NSC.

If a Secure Attribution Unit (SAU) is implemented, the SAU can attempt to mark a region as NSC. If the Implementation Defined Attribution Unit (IDAU) has marked the same region as Secure only, it would be the most restrictive and so prevent the region being treated as NSC. Similarly if the IDAU marks a region as Non-secure Callable (NSC), an implemented SAU could restrict the NSC region to Secure only.

For a system containing an ARMv8‑M processor with an SAU implementing a suitable number of regions, one option might be for the IDAU to mark all locations that can contain Secure code as NSC. Alternatively, if an SAU is not implemented, or if extra flexibility is wanted, extra controls can be added to mark which IDAU regions are Secure or NSC.

ROM table exemptions

The use of ARM CoreSight™ technology for debug requires the inclusion of system level identification and ROM tables to enable an external debugger to automatically identify the devices it is connecting to.

The Implementation Defined Attribution Unit (IDAU) supports the concept of exempt regions, where a transaction is allowed to propagate regardless of its security attribute. The IDAU must therefore support some mechanism (likely synthesis time parameters) for specifying the location of these 4KB exemption windows for the ROM tables.

The exemption windows might also be used to provide access to an agent that authorizes Secure debug.


Take care with the use of exempt regions. In particular, ARM recommends that any exempt region must fall within address spaces that are marked as execute-never (XN), or which prevent instruction execution by another mechanism.