3.2.6 ARMv8 security model

The Cortex-A72 processor implements all of the Exception levels. This means:
  • EL3 exists only in Secure state and a change from Secure state to Non-secure state is made only by an exception return from EL3.
  • EL2 exists only in Non-secure state.
To provide compatibility with ARMv7, the Exception levels available in Secure state are modified when EL3 is using AArch32. The following sections describe the security model:

Security model when EL3 is using AArch64

When EL3 is using AArch64, The following figure shows the security model, and the expected use of the different Exception levels. This figure shows how instances of EL0 and EL1 are present in both Security states. The figure also shows the expected software usage of the Exception levels.
Figure 3-1 ARMv8 security model when EL3 is using AArch64
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.

Security model when EL3 is using AArch32

To provide software compatibility with VMSAv7 implementations that include the Security Extensions, in Secure AArch32 state, all modes other than User mode must have the same execution privilege. This means that, in an implementation where EL3 is using AArch32, the security model is as shown in following figure. This figure also shows the expected use of the different Exception levels and processor modes.
Figure 3-2 ARMv8 security model when EL3 is using AArch32
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.

For more information about the AArch32 processor modes see 3.2.8 AArch32 execution modes.
Non-ConfidentialPDF file icon PDF versionARM 100095_0002_03_en
Copyright © 2014, 2015 ARM. All rights reserved.