ARM Technical Support Knowledge Articles

Can non-secure cache maintenance operations evict secure lines from the data cache?

Answer

When a processor is operating in the non-secure state cache operations that specify a virtual address can only ever resolve to non-secure physical addresses - therefore these operations will not affect secure entries.

The ARM architecture also allows cache operations by set and way which are usually used to flush the entire cache.  A set/way operation executed from non-secure state is only required to operate on lines containing non-secure physical addresses.  However, the architecture allows a line to be evicted at any time.  Meaning that it is permissible for an implementation to allow a secure line to be evicted due to a non-secure cache operation. There are some restrictions. For example, the line would have to be "cleaned" if dirty, regardless of whether the non-secure cache operation was an invalidate or clean.  You will never see a non-secure operation just invalidating secure lines.

Set/way operations executed in the secure state will affect lines containing both secure and non-secure physical addresses.

As the evicting of secure lines by non-secure operations is not architecturally required, it is possible that different implementations will make different decisions.  Code can rely on non-secure lines being affected by operations from the non-secure state but should not rely on those being the only affected lines.

Article last edited on: 2014-04-15 15:59:19

Rate this article

[Bad]
|
|
[Good]
Disagree? Move your mouse over the bar and click

Did you find this article helpful? Yes No

How can we improve this article?

Link to this article
Copyright © 2011 ARM Limited. All rights reserved. External (Open), Non-Confidential