You copied the Doc URL to your clipboard.

The Test Target instruction

To allow software to determine the security attribute of a memory location, the TT instruction (Test Target) is used.

Test Target (TT) queries the security state and access permissions of a memory location.

Test Target Unprivileged (TTT) queries the security state and access permissions of a memory location for an unprivileged access to that location.

Test Target Alternate Domain (TTA) and Test Target Alternate Domain Unprivileged (TTAT) query the security state and access permissions of a memory location for a Non-secure access to that location. These instructions are only valid when executing in Secure state, and are UNDEFINED if used from Non-secure state.

When executed in the Secure state the result of this instruction is extended to return the Secure Attribution Unit (SAU) and Implementation Defined Attribution Unit (IDAU) configurations at the specific address.

For each memory region defined by the SAU and IDAU, there is an associated region number that is generated by the SAU or by the IDAU. This region number is used by software to determine if a contiguous range of memory shares common security attributes.

The TT instruction returns the security attributes and region number, and the MPU region number, from an address value. By using a TT instruction on the start and end addresses of the memory range, and identifying that both reside in the same region number, software can quickly determine that the memory range, for example, for data array or data structure, is located entirely in Non-secure space.

The TT instruction is useful for determining the security state of the MPU at that address. Although the instruction cannot be accessed in C/C++ code, there are several intrinsics which make this functionality available to the developer.

The <arm_cmse.h> header must be included before using the TT intrinsics.

TT intrinsics

The result of the TT instruction is described by a C type containing bit-fields. This type is used as the return type of the TT intrinsics.

Intrinsic (colored again?)

Semantics

cmse_address_info_t cmse_TT(void *p)

Generates a TT instruction.

cmse_address_info_t cmse_TT_fptr(p)

Generates a TT instruction. The argument p can be any function pointer type.

cmse_address_info_t cmse_TTT(void *p)

Generates a TT instruction with the T flag.

cmse_address_info_t cmse_TTT_fptr(p)

Generates a TT instruction with the T flag. The argument p can be any function pointer type.

Note

ARM recommends that a toolchain behaves as if these intrinsics would write the pointed-to memory. That prevents subsequent accesses to this memory being scheduled before this intrinsic.

The exact type signatures for cmse_TT_fptr() and cmse_TTT_fptr() are IMPLEMENTATION DEFINED because there is no type that is defined by the C programming language that can hold all function pointers.

Note

ARM recommends implementing these intrinsics as macros.

Address range check intrinsic

Checking the result of the TT instruction on an address range is essential for programming in C. It is used to check permissions on objects larger than a byte. The address range check intrinsic defined in this section can be used to perform permission checks on C objects.

Some Secure Attribution Unit (SAU), Implementation Defined Attribution Unit (IDAU), and Memory Protection Unit (MPU) configurations block the efficient implementation of an address range check. This intrinsic operates under the assumption that the configuration of the SAU, IDAU, and MPU is constrained as follows:

  • An object is allocated in a single region.
  • A stack is allocated in a single region.

These points imply that a region does not overlap other regions.

The TT instruction returns an SAU, IDAU, and MPU region number. When the region numbers of the start and end of the address range match, the complete range is contained in one SAU, IDAU, and MPU region. In this case two TT instructions are executed to check the address range.

Regions are aligned at 32-byte boundaries. If the address range fits in one 32-byte address line, a single TT instruction suffices.

ARM recommends that programmers use the returned pointer to access the checked memory range. This generates a data dependency between the checked memory and all its subsequent accesses and prevents these accesses from being scheduled before the check.

Was this page helpful? Yes No