Exception levels

The Armv8-A architecture includes a series of Exception levels, which have different privileges to control system register accessibility and instruction availability.

These different Exception levels determine what a hardware component can do at a specific time. For example, an operating system running at a higher Exception level has access to more features than user software running at a lower Exception level. This means that user software can be prevented from carrying out certain actions and accessing certain features.

Changing exception level and security diagram. 

EL3 is the most privileged Exception level. The other Exception levels are built upon EL3 in the abstraction stack. For example, the Architectural Feature Trap Register (EL3), CPTR_EL3, is only accessible at EL3. This register controls a few things, including floating-point operations, for all Exception levels. A similar register at EL2, CPTR_EL2, is accessible at EL2 and EL3. However, CPTR_EL2 only affects EL2 and lower Exception levels. The main purpose of this hierarchy is to grant each piece of software only as much control as it needs. This is because you would not want a user application to have the same level of system control as an operating system.

Exception level is just one factor in determining which privileges are granted. Security state and Execution state are also factors. Security state controls access to certain registers and memory regions that are marked as Secure. The Execution state of the processor can be either 32-bit or 64-bit.  We will not discuss those differences in this guide. The relationship between Security state and Exception level is complex. For the purpose of this guide, you should know that:

  • There is no Secure EL2 in the architecture.
  • There is no distinction between Security states at EL3.
Previous Next