A box can request two types of ACL (IRQs and Peripherals). A peripheral ACL is given as a base address and size with an access-control. Peripheral ACLs should be checked for disjointness to ensure that two boxes do not clash. That is all peripheral ACL pairs should be non-overlapping. An exception is made if both peripheral ACLs request exactly the same region (base and size) and the access-control for each has the SHARED flag set.
This check is not currently implemented in the v7M MPU.
Additionally:
The disjointness check does not include the static background regions setup by the uVisor
The disjointness check includes the implicit ACL that will be setup for each non-main box stack/context
Potential ambiguities:
The interaction of the exception for same-shared peripheral ACLs with round-up and round-down. Consider the two peripheral ACLs that have the SHARED flag set. The first is defined to cover [0..0x1004) with round-down and the second with [0..0x0ffc) with round-up. After rounding they will converge to [0..0x1000).
ciarmcom
commented
8 years ago
A box can request two types of ACL (IRQs and Peripherals). A peripheral ACL is given as a base address and size with an access-control. Peripheral ACLs should be checked for disjointness to ensure that two boxes do not clash. That is all peripheral ACL pairs should be non-overlapping. An exception is made if both peripheral ACLs request exactly the same region (base and size) and the access-control for each has the SHARED flag set.
This check is not currently implemented in the v7M MPU.
Additionally:
Potential ambiguities: