ARM Technical Support Knowledge Articles

Can non-secure cache maintenance operations evict secure lines from the data cache?


When a processor is operating in the non-secure state cache operations that specify a virtual address can only ever resolve to non-secure physical addresses - therefore these operations will not affect secure entries.

The ARM architecture also allows cache operations by set and way which are usually used to flush the entire cache.  A set/way operation executed from non-secure state is only required to operate on lines containing non-secure physical addresses.  However, the architecture allows a line to be evicted at any time.  Meaning that it is permissible for an implementation to allow a secure line to be evicted due to a non-secure cache operation. There are some restrictions. For example, the line would have to be "cleaned" if dirty, regardless of whether the non-secure cache operation was an invalidate or clean.  You will never see a non-secure operation just invalidating secure lines.

Set/way operations executed in the secure state will affect lines containing both secure and non-secure physical addresses.

As the evicting of secure lines by non-secure operations is not architecturally required, it is possible that different implementations will make different decisions.  Code can rely on non-secure lines being affected by operations from the non-secure state but should not rely on those being the only affected lines.

Article last edited on: 2014-04-15 15:59:19

Rate this article

Disagree? Move your mouse over the bar and click

Did you find this article helpful? Yes No

How can we improve this article?

Link to this article
Copyright © 2011 ARM Limited. All rights reserved. External (Open), Non-Confidential