In addition to its use for flash protection, the block-based scheme can also be used to protect RAM. For completeness, the example system in Figure 1 shows an alternative mechanism involving the use of a watermark scheme for the protection of RAM.
The example system assumes the use of a single SRAM component for system memory. Without prior knowledge of the Secure software that is installed on the device, one mechanism for partitioning the memory is a watermark control. This control specifies an address at which the SRAM transitions from being Non-secure to Secure.
From reset the watermark is set to a value, or disabled, so that all SRAM is marked as Secure. During initialization, the Secure software sets the watermark to a value to transfer the SRAM it does not require to the Non-secure side.
As SRAM can be used to hold code and data, the same rules apply for preventing SG instruction injection from the Non-secure side, along with the same rules for transaction rejection as per the block-based gate.