Test target instruction
To allow software to determine the security attribute
of a memory location, the
TT instruction (Test Target) is used.
TT) queries the security state and access permissions of a memory
Test Target Unprivileged (
TTT) queries the security state
and access permissions of a memory location for an unprivileged access to that
Test Target Alternate Domain (
TTA) and Test Target
Alternate Domain Unprivileged (
TTAT) query the security state and access
permissions of a memory location for a Non-secure access to that location. These
instructions are only valid when executing in Secure state, and are
UNDEFINED if used from Non-secure state.
When executed in the Secure state the result of this instruction is extended to return the Secure Attribution Unit (SAU) and Implementation Defined Attribution Unit (IDAU) configurations at the specific address.
For each memory region defined by the SAU and IDAU, there is an associated region number that is generated by the SAU or by the IDAU. This region number is used by software to determine if a contiguous range of memory shares common security attributes.
returns the security attributes and region number, and the MPU region number, from an
address value. By using a
TT instruction on the start and end addresses of
the memory range, and identifying that both reside in the same region number, software
can quickly determine that the memory range, for example, for data array or data
structure, is located entirely in Non-secure space, as shown in the following
The MPU, SAU and IDAU in ARMv8-M do not allow regions to overlap.
Using this mechanism, Secure code servicing APIs in the Secure world can determine if the memory referenced by a pointer from Non-secure software has the appropriate security attribute for the API. This prevents Non-secure software from using APIs in Secure software to read out or corrupt Secure information.
As part of ARM TrustZone technology for ARMv8-M, there is also a stack limit checking feature. This detects the erroneous case where an application uses more stack than expected, which can potentially cause a security lapse and the possibility of a system failure. For ARMv8-M Mainline, all stack pointers have corresponding stack limit registers. There are no Baseline Limit registers for Non-secure. Non-secure programs can use the MPU for stack overflow prevention.