You copied the Doc URL to your clipboard.

Watermark-based gate

In addition to its use for flash protection, the block-based scheme can also be used to protect RAM. For completeness, the example system in Figure 1 shows an alternative mechanism involving the use of a watermark scheme for the protection of RAM.

The example system assumes the use of a single SRAM component for system memory. Without prior knowledge of the Secure software that is installed on the device, one mechanism for partitioning the memory is a watermark control. This control specifies an address at which the SRAM transitions from being Non-secure to Secure.

From reset the watermark is set to a value, or disabled, so that all SRAM is marked as Secure. During initialization, the Secure software sets the watermark to a value to transfer the SRAM it does not require to the Non-secure side.

As SRAM can be used to hold code and data, the same rules apply for preventing SG instruction injection from the Non-secure side, along with the same rules for transaction rejection as per the block-based gate.


Implementers are free to build schemes with both multiple regions and multiple RAMs. Also, there is no restriction on using the watermark-based scheme only for RAMs or the block-based scheme only for flash. In particular, it might be preferable to use a block-based scheme for both flash and RAM.