ARMv8-M processor power management

Similar documents
ARM CoreLink DPE-400 Data Parity Extension for NIC-400

ARM TrustZone True Random Number Generator

Design Simulation Model ARM. User Guide. for SystemC. Copyright 2016 ARM. All rights reserved. ARM ARM DUI 1031B (ID111116)

Arm Design Simulation Model

Fault Handling and Detection

Fault Handling and Detection

ARM v8-m Processor Debug

Component Architecture Debug Interface

SoC Designer. Fast Models System Creator Cycle Models Reference. Version 9.2. Copyright 2017 ARM Limited. All rights reserved.

Cortex -A53 MPCore Processor Cryptography Extension ARM. Technical Reference Manual. Revision: r0p4

ARM DS-5. Eclipse for DS-5 User Guide. Version 5. Copyright ARM. All rights reserved. ARM DUI0480Q

ARM AMBA. Designer ADR-400. User Guide. Revision: r3p7

ARM Cortex -M3 DesignStart Eval

TrustZone technology for ARM v8-m Architecture

ARM DS-5. Eclipse for DS-5 User Guide. Version 5. Copyright ARM Limited or its affiliates. All rights reserved.

Compute Subsystem SCP ARM. Message Interface Protocols. Version: 1.0. Copyright 2015 ARM. All rights reserved. ARM DUI 0922B (ID050115)

Compute Subsystem SCP ARM. Message Interface Protocols. Version: 1.2

ARM Cortex -A5 Floating-Point Unit

Software Delegated Exception Interface (SDEI)

PrimeCell TrustZone Protection Controller (BP147) Cycle Model

ARM CoreLink SDK-100 System Design Kit

GPU Shader Library. Mali. User Guide. Version: 1.0. Copyright 2009 ARM. All rights reserved. ARM DUI 0510A (ID101409)

Arm CoreLink MMU-600 System Memory Management Unit

Cortex -A53 MPCore Processor Advanced SIMD and Floating-point Extension ARM. Technical Reference Manual. Revision: r0p4

GPU Offline Shader Compiler. Mali. User Guide. Version: 2.2. Copyright 2009 ARM. All rights reserved. ARM DUI 0513A (ID101409)

ARM. System Memory Management Unit Architecture Specification. 64KB Translation Granule Supplement

Arm Compiler. armar User Guide. Version 6.9. Copyright Arm Limited (or its affiliates). All rights reserved.

ARM Reliability, Availability, and Serviceability (RAS) Specification ARMv8, for the ARMv8-A architecture profile Beta

ARM DynamIQ Shared Unit

ARMv8-A Synchronization primitives. primitives. Version 0.1. Version 1.0. Copyright 2017 ARM Limited or its affiliates. All rights reserved.

ARM Architecture Reference Manual Supplement Statistical Profiling Extension, for ARMv8-A

Terms of Use. Changes. General Use.

Arm CoreLink SSE-200 Subsystem for Embedded

OpenGL ES 2.0 SDK for Android. Mali. User Guide. Version: Copyright 2011 ARM. All rights reserved. ARM DUI 0587A (ID120411)

Offline Shader Compiler. Mali. User Guide. Version: 3.0. Copyright ARM. All rights reserved. ARM DUI 0513B (ID032912)

ARM Compiler. armar User Guide. Version Copyright ARM. All rights reserved. ARM DUI0476L

Arm AMBA Distributed Translation Interface (DTI) Protocol Specification

The Scalable Vector Extension (SVE), for ARMv8-A

End User License Agreement

Exostiv Probe. User's Guide. Rev January 9,

ETM -A5. CoreSight. Technical Reference Manual. Revision: r0p2. Copyright 2009, 2010 ARM. All rights reserved. ARM DDI 0435C (ID072915)

PrimeCell AHB SRAM/NOR Memory Controller (PL241)

Integrator /CP Board Support Package for Microsoft Windows CE.NET

Quick Start Guide. BlackBerry Workspaces app for Android. Version 5.0

ARM. Streamline. Performance Analyzer. Using ARM Streamline. Copyright 2010 ARM Limited. All rights reserved. ARM DUI 0482A (ID100210)

INCLUDING MEDICAL ADVICE DISCLAIMER

AND9407/D Low Power Techniques of LC Series for Audio Applications

MOVE. Coprocessor. Technical Reference Manual. Copyright 2001, 2002, ARM Limited. All rights reserved. ARM DDI 0235C

Media Processing Engine. Cortex -A7 NEON. Technical Reference Manual. Revision: r0p5

Arm Cortex -M33 Devices

voptimizer Pro Version What s New

Single Master DMA Controller (PL081) PrimeCell. Technical Reference Manual. Revision: r1p2

TrustZone Address Space Controller TZC-380. CoreLink. Technical Reference Manual. Revision: r0p1

Arm DS-5. License Management Guide. Version Copyright Arm Limited (or its affiliates). All rights reserved.

Designer ADR-400 AMBA. User Guide. Revision: r3p2. Copyright ARM. All rights reserved. ARM DUI 0333M (ID011213)

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

CoreLink MMU-500 System Memory Management Unit ARM. Technical Reference Manual. Revision: r2p2

Release Notes. BlackBerry UEM Client for Android Version

APPLICATION NOTE. Atmel AT03782: Using Low Power Modes in SAM4N Microcontroller. Atmel 32-bit Microcontroller. Features.

Compatibility Matrix. Good Control and Good Proxy. June 4, 2018

MyCreditChain Terms of Use

MERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS

BlackBerry Enterprise Service 10. September 10, 2014 Version: 10 and 10.1.x. Compatibility Matrix

Terms Of Use AGREEMENT BETWEEN USER AND DRAKE MODIFICATION OF THESE TERMS OF USE LINKS TO THIRD PARTY WEB SITES USE OF COOKIES

ARM CoreLink CCI-500 Cache Coherent Interconnect

APPLICATION NOTE. Atmel AT03261: SAM D20 System Interrupt Driver (SYSTEM INTERRUPT) SAM D20 System Interrupt Driver (SYSTEM INTERRUPT)

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

Use the Status Register when the firmware needs to query the state of internal digital signals.

OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)

Mile Terms of Use. Effective Date: February, Version 1.1 Feb 2018 [ Mile ] Mileico.com

BlackBerry Enterprise Server Express for Microsoft Exchange

The Travel Tree Terms and Conditions

Online Localization Service

Oracle Binary Code License Agreement for Java Secure Sockets Extension for Connected Device Configuration 1.0.2

QPP Proprietary Profile Guide

SAM4 Reset Controller (RSTC)

How to use the NTAG I²C plus for bidirectional communication. Rev June

CoreLink GIC-500 Generic Interrupt Controller ARM. Technical Reference Manual. Revision: r0p0

ARM Cortex -M33 Processor User Guide

TERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT

AT60142H/HT. Rad-Hard 512Kx8 Very Low Power CMOS SRAM ERRATA-SHEET. Active Errata List. Errata History. Abbreviations. 1.

Release Notes. BlackBerry Enterprise Identity

DS-5 ARM. Using Eclipse. Version Copyright ARM. All rights reserved. ARM DUI 0480L (ID100912)

AMBA Keyboard/Mouse PS/2 Interface

JD Edwards World EDI Error Notification. Version A9.2

One Identity Manager Administration Guide for Connecting Oracle E-Business Suite

AN4696 Application note

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0 Maintenance Release: 1. Release Notes

Beta Testing Licence Agreement

ARM DS-5. Getting Started Guide. Version Copyright ARM Limited or its affiliates. All rights reserved.

AT11512: SAM L Brown Out Detector (BOD) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

GPU Shader Development Studio. Mali. User Guide. Version: Copyright ARM. All rights reserved. DUI0504B (ID072410)

User Guide. BlackBerry Docs To Go for Android. Version 1.3.0

Capital. Capital Logic Generative. v Student Workbook

TERMS AND CONDITIONS

AT03262: SAM D/R/L/C System Pin Multiplexer (SYSTEM PINMUX) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

1. License Grant; Related Provisions.

Embedded Base Boot Requirements Platform Design Document

SDLC INTELLECTUAL PROPERTY POLICY

MULTIFUNCTIONAL DIGITAL SYSTEMS. Software Installation Guide

Transcription:

ARMv8-M processor power management Version 1.0 secure state protection Copyright 2016 ARM Limited or its affiliates. All rights reserved. ARM 100737_0100_0100_en

ARMv8-M processor power management ARMv8-M processor power management secure state protection Copyright 2016 ARM Limited or its affiliates. All rights reserved. Release Information Document History Issue Date Confidentiality Change 0100 23 August 2016 Confidential First release. Proprietary Notice This document is protected by copyright and other related rights and the practice or implementation of the information contained in this document may be protected by one or more patents or pending patent applications. No part of this document may be reproduced in any form by any means without the express prior written permission of ARM. No license, express or implied, by estoppel or otherwise to any intellectual property rights is granted by this document unless specifically stated. Your access to the information in this document is conditional upon your acceptance that you will not use or permit others to use the information for the purposes of determining whether implementations infringe any third party patents. THIS DOCUMENT IS PROVIDED AS IS. ARM PROVIDES NO REPRESENTATIONS AND NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE DOCUMENT. For the avoidance of doubt, ARM makes no representation with respect to, and has undertaken no analysis to identify or understand the scope and content of, third party patents, copyrights, trade secrets, or other rights. This document may include technical inaccuracies or typographical errors. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL ARM BE LIABLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF ANY USE OF THIS DOCUMENT, EVEN IF ARM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. This document consists solely of commercial items. You shall be responsible for ensuring that any use, duplication or disclosure of this document complies fully with any relevant export laws and regulations to assure that this document or any portion thereof is not exported, directly or indirectly, in violation of such export laws. Use of the word partner in reference to ARM s customers is not intended to create or refer to any partnership relationship with any other company. ARM may make changes to this document at any time and without notice. If any of the provisions contained in these terms conflict with any of the provisions of any signed written agreement covering this document with ARM, then the signed written agreement prevails over and supersedes the conflicting provisions of these terms. This document may be translated into other languages for convenience, and you agree that if there is any conflict between the English version of this document and any translation, the terms of the English version of the Agreement shall prevail. Words and logos marked with or are registered trademarks or trademarks of ARM Limited or its affiliates in the EU and/or elsewhere. All rights reserved. Other brands and names mentioned in this document may be the trademarks of their respective owners. Please follow ARM s trademark usage guidelines at http://www.arm.com/about/trademark-usage-guidelines.php Copyright 2016, ARM Limited or its affiliates. All rights reserved. ARM Limited. Company 02557590 registered in England. 110 Fulbourn Road, Cambridge, England CB1 9NJ. LES-PRE-20349 Confidentiality Status This document is. The right to use, copy and disclose this document may be subject to license restrictions in accordance with the terms of the agreement entered into by ARM and the party that ARM delivered this document to. Unrestricted Access is an ARM internal classification. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 2

ARMv8-M processor power management Product Status The information in this document is Final, that is for a developed product. Web Address http://www.arm.com ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 3

Contents ARMv8-M processor power management secure state protection Preface About this book...... 6 Feedback... 8 Chapter 1 Power management 1.1 Power management overview...... 1-10 1.2 Protection measures... 1-11 1.3 Sleep mode...... 1-12 1.4 Wakeup from sleep mode... 1-13 ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 4

Preface This preface introduces the ARMv8-M processor power management secure state protection. It contains the following: About this book on page 6. Feedback on page 8. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 5

Preface About this book About this book Product revision status Using this book Write a short description in the book map to render in the "About this book" section of the preface. The rmpn identifier indicates the revision status of the product described in this book, for example, r1p2, where: rm Identifies the major revision of the product, for example, r1. pn Identifies the minor revision or modification status of the product, for example, p2. This book is organized into the following chapters: Chapter 1 Power management This section describes the security recommendations and events controlled by the SLEEPDEEP bit of the System Control Register (SCR). Glossary The ARM Glossary is a list of terms used in ARM documentation, together with definitions for those terms. The ARM Glossary does not contain terms that are industry standard unless the ARM meaning differs from the generally accepted meaning. See the ARM Glossary for more information. Typographic conventions italic Introduces special terminology, denotes cross-references, and citations. bold Highlights interface elements, such as menu names. Denotes signal names. Also used for terms in descriptive lists, where appropriate. monospace Denotes text that you can enter at the keyboard, such as commands, file and program names, and source code. monospace Denotes a permitted abbreviation for a command or option. You can enter the underlined text instead of the full command or option name. monospace italic Denotes arguments to monospace text where the argument is to be replaced by a specific value. monospace bold Denotes language keywords when used outside example code. <and> Encloses replaceable terms for assembler syntax where they appear in code or code fragments. For example: MRC p15, 0, <Rd>, <CRn>, <CRm>, <Opcode_2> SMALL CAPITALS Used in body text for a few terms that have specific technical meanings, that are defined in the ARM glossary. For example, IMPLEMENTATION DEFINED, IMPLEMENTATION SPECIFIC, UNKNOWN, and UNPREDICTABLE. Timing diagrams The following figure explains the components used in timing diagrams. Variations, when they occur, have clear labels. You must not assume any timing information that is not explicit in the diagrams. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 6

Shaded bus and signal areas are undefined, so the bus or signal can assume any value within the shaded area at that time. The actual level is unimportant and does not affect normal operation. Signals The signal conventions are: Clock HIGH to LOW Transient HIGH/LOW to HIGH Bus stable Bus to high impedance Bus change High impedance to stable bus Figure 1 Key to timing diagram conventions Signal level The level of an asserted signal depends on whether the signal is active-high or active-low. Asserted means: HIGH for active-high signals. LOW for active-low signals. Lowercase n At the start or end of a signal name denotes an active-low signal. Preface About this book ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 7

Preface Feedback Feedback Feedback on this product Feedback on content If you have any comments or suggestions about this product, contact your supplier and give: The product name. The product revision or version. An explanation with as much information as you can provide. Include symptoms and diagnostic procedures if appropriate. If you have comments on content then send an e-mail to errata@arm.com. Give: The title ARMv8-M processor power management secure state protection. The number ARM 100737_0100_0100_en. If applicable, the page number(s) to which your comments refer. A concise explanation of your comments. ARM also welcomes general suggestions for additions and improvements. Note ARM tests the PDF only in Adobe Acrobat and Acrobat Reader, and cannot guarantee the quality of the represented document when used with any other PDF reader. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 8

Chapter 1 Power management This section describes the security recommendations and events controlled by the SLEEPDEEP bit of the System Control Register (SCR). It contains the following sections: 1.1 Power management overview on page 1-10. 1.2 Protection measures on page 1-11. 1.3 Sleep mode on page 1-12. 1.4 Wakeup from sleep mode on page 1-13. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-9

1 Power management 1.1 Power management overview 1.1 Power management overview Clocks, resets, and power control hardware are critical aspects of a system that the Secure code relies on for correct operation. The level and type of protection these resources require depends on the attack profile being defended against, for example, remote software attack or basic hardware attack. As a minimum, any control registers that can influence clocks, resets, or power domains that can affect software running in the Secure state, or peripherals that are used by Secure software, must only be accessible from the Secure state. To support use cases where the Secure state is disabled, the protection of these registers is configurable. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-10

1 Power management 1.2 Protection measures 1.2 Protection measures System architects are encouraged to consider power-on reset, reset filtering, and different clock sources as extra protection measures. Power-on reset Ensure that the power-on reset circuit can respond quickly enough to detect even short reductions in the power supply voltage. The voltage threshold must also be set so that a reset is always generated before the voltage drops low enough to cause data corruption in registers, combinational logic, or SRAM. As attackers often use unusual conditions, for example, low temperatures, you must make sure that the power-on reset either functions correctly at conditions outside the normal process corners, or exhibits fail-safe behavior, for example asserting reset. Reset filtering One possible way in which an attacker might cause data corruption is to introduce a short glitch on an external reset signal. If the reset signal is not filtered correctly before being used internally, it is possible that the glitch only partially resets the device, which could result in security vulnerabilities. For immunity against cross talk and other types of noise, most devices already contain reset filters. However, in a similar way to the power-on reset, you must check the behavior of these circuits outside the normal operating conditions. Clocks Invalid behavior of external clock sources can also be a source of data corruption that can lead to security vulnerabilities. The types of invalid behavior might include: Excessive jitter. Extreme mark-space ratios. Glitches. Clock frequencies outside the supported range. In addition to over or under clocking the main clock, attackers might try to exploit the system by using invalid ratios between two clocks, for example, the main clock source, and a synchronous peripheral interface, which could result in a buffer over or under flow condition. You can use several methods to defend against these attacks: Use trusted internal clock sources for critical operations. Clock conditioning circuitry that prevents critical digital logic being exposed to invalid clock behavior. Fail-safe behavior in the event of invalid clock signals, for example, asserting reset. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-11

1 Power management 1.3 Sleep mode 1.3 Sleep mode The system can generate false wakeup events, for example, a debug operation can wake up the processor. Therefore, the software must be able to put the processor back into sleep mode after such an event. A program might have an idle loop to put the processor back into sleep mode. One way to reduce energy use in the processor is to remove power, which removes both dynamic and static currents (sometimes called power-gating), or to stop the clock of the core which removes dynamic power consumption only and can be referred to as clock-gating. The processor can have additional low-power states. These power states refer to the ability for the hardware Phase Locked Loop (PLL) and voltage regulators to be controlled by power management software. Deep sleep mode stops the system clock and switches off the PLL and flash memory. The SLEEPDEEP bit of the System Control Register (SCR) selects which sleep mode is used. This section contains the following subsections: 1.3.1 Wait for interrupt instruction (WFI) on page 1-12. 1.3.2 Wait for event instruction (WFE) on page 1-12. 1.3.3 Sleep-on-exit bit on page 1-12. 1.3.1 Wait for interrupt instruction (WFI) Wait For Interrupt is a hint instruction. It suspends execution, in the lowest power state available consistent with a fast wakeup without the need for software restoration, until a reset, asynchronous exception or other event occurs. 1.3.2 Wait for event instruction (WFE) 1.3.3 Sleep-on-exit bit Wait For Event is a hint instruction. If the Event Register is clear, it suspends execution in the lowest power state available consistent with a fast wakeup without the need for software restoration, until a reset, exception or other event occurs. When the processor executes a WFE instruction, it checks the value of the event register: 0 The processor stops executing instructions and enters sleep mode. 1 The processor clears the register to 0 and continues executing instructions without entering into sleep mode. If the event register is 1, it indicates that the processor must not enter sleep mode on execution of a WFE instruction. Typically, two events can cause this behaviour: The external event signal is asserted. Another processor in the system has executed an SEV instruction. If the SLEEPONEXIT bit of the SCR is set to 1 when the processor completes the execution of all queued exception handlers, it returns to Thread mode and immediately enters into sleep mode. Use this mechanism in applications that only require the processor to run when an exception occurs. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-12

1 Power management 1.4 Wakeup from sleep mode 1.4 Wakeup from sleep mode The conditions for the processor to wake up depend on the mechanism that causes it to enter into sleep mode. This section contains the following subsections: 1.4.1 Wakeup from WFI or sleep-on-exit on page 1-13. 1.4.2 Wakeup from WFE on page 1-13. 1.4.3 Wakeup Interrupt Controller (WIC) on page 1-13. 1.4.4 External event input signal on page 1-13. 1.4.5 Power management programming hints on page 1-14. 1.4.1 Wakeup from WFI or sleep-on-exit Normally, the processor wakes up only when it detects an exception with sufficient priority to cause exception entry. Some embedded systems might have to execute system restore tasks after the processor wakes up, and before it executes an interrupt handler. To achieve this behavior, set the PRIMASK bit to 1 and the FAULTMASK bit to 0. If an interrupt arrives that is enabled and has a higher priority than the current exception priority, the processor wakes up but does not execute the interrupt handler and continues sequential execution of the code until the processor sets PRIMASK to zero. 1.4.2 Wakeup from WFE List of conditions which can cause the processor to wake up from WFE. The processor wakes up if: It detects an exception with sufficient priority to cause exception entry, ignoring PRIMASK. It detects an external event signal. In a multiprocessor system, another processor in the system executes an SEV instruction. In addition, if the SEVONPEND bit in the SCR is set to 1, any new pending interrupt triggers an event and wakes up the processor, even if the interrupt is disabled or has insufficient priority to cause exception entry. 1.4.3 Wakeup Interrupt Controller (WIC) The Wakeup Interrupt Controller (WIC) is a peripheral that can detect an interrupt and wake the processor from deep sleep mode. The WIC is enabled only when the DEEPSLEEP bit in the SCR is set to 1. The WIC is not programmable, and does not have any registers or user interface. It operates entirely from hardware signals. When the WIC is enabled and the processor enters deep sleep mode, the power management unit in the system can power down most of the processor. This has the side effect of stopping the SysTick timer. When the WIC receives an interrupt, it takes several clock cycles to wake up the processor and restore its state, before it can process the interrupt. This behavior means that interrupt latency is increased in deep sleep mode. Note If the processor detects a connection to a debugger, it disables the WIC. 1.4.4 External event input signal ARMv8-M processors provide an external event input signal. Peripherals can drive this signal, either to wake the processor from WFE, or to set the internal WFE event register to 1 to indicate that the processor must not enter sleep mode on a later WFE instruction. ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-13

1 Power management 1.4 Wakeup from sleep mode 1.4.5 Power management programming hints The CMSIS provides two functions for WFE and WFI instructions. void WFE(void) // Wait for Event void WFI(void) // Wait for Interrupt ARM 100737_0100_0100_en Copyright 2016 ARM Limited or its affiliates. All rights reserved. 1-14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback