Re: comments on PMP enhancements

Bill Huffman

On 2/12/20 10:38 PM, John Hauser wrote:

Bill Huffman wrote:
Chipmakers sometimes wish to include code in a memory region which is
set by boot code to be execute-only forever (until reset). They want to
do this so that even their customers, who do additional programming on
the chip - including in M mode - cannot read the chipmaker's code.

With the statements about MXR, MPRV, and MPP below, I think this can
only be accomplished for code executable in M mode only.
Concerning PMP, that's what I was suggesting, yes.

I wonder if there is a way it can be done for code executable in S/U
I believe the answer can be physical memory attributes (PMAs), which
apply in addition to the software-programmable PMP mechanism. If this
is a ROM at known addresses, then just say the region is execute-only
according to the machine's PMAs. PMP can't override that.

If the address range is unknown at chip fabrication time or starts as
writable, you can still invent a custom mechanism to manipulate the
chip's PMAs underneath the standard PMP facility, without violating
any RISC-V rules as I understand them. Obviously, a custom mechanism
wouldn't be portable beyond your own line of chips, but it doesn't need
to be for this purpose, does it?

- John Hauser
Sure, something custom would work. And what you suggested is a good
possibility. But I brought it up because I thought the use case might
be more broadly applicable and maybe some combination in the privilege
spec would allow for that. I'll think some more about it.


Join to automatically receive all group messages.