12.7. Access permissions

Access permissions are controlled through translation table entries. Access permissions control whether a region is readable or writeable, or both, and can be set separately to EL0 for unprivileged and to EL1, EL2, and EL3 for privileged accesses, as shown in Table 12.4.

Table 12.4. Access permissions

AP Unprivileged (EL0) Privileged (EL1/2/3)
00 No access Read and write
01 Read and write Read and write
10 No access Read-only
11 Read-only Read-only

The operating system kernel runs in execution level EL1. It defines the translation table mappings, which are used by the kernel itself and by the applications that run at EL0. Distinction between unprivileged and privileged access permissions is required as the kernel specifies different permissions for its own code and for applications. The hypervisor, which runs at execution level EL2, and Secure monitor EL3 only have translation schemes for their own use and therefore there is no need for a privileged and unprivileged split in permissions.

Another kind of access permission is the executable attribute. Blocks can be marked as executable or non-executable (Execute Never (XN)). You can set the attributes Unprivileged Execute Never (UXN) and Privileged Execute Never (PXN) separately and use this to prevent, for example, application code running with kernel privilege, or attempts to execute kernel code while in an unprivileged state. Setting these attributes prevents the processor from performing speculative instruction fetches to the memory location and ensures that speculative instruction fetches do not accidentally access locations that might be perturbed by such an access, for example, a First in, First out (FIFO) page replacement queue. Therefore, device regions must always be marked as Execute Never.

Figure 12.18. Device regions

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


You can configure the processor to treat writeable regions as Execute Never, using the following bits within the SCTLR registers:

The SCTLR_ELn bits can be cached in a TLB entry. Therefore, changing the bit in the SCTLR might not affect entries already in the TLBs. When modifying these bits, a TLB invalidate and ISB sequence is necessary. See Barriers for information about the ISB barrier.

Copyright © 2015 ARM. All rights reserved.ARM DEN0024A
Non-ConfidentialID050815