Chipmakers sometimes wish to include code in a memory region which is set by boot code to be execute-only forever (until reset). They want to do this so that even their customers, who do additional programming on the chip - including in M mode - cannot read the chipmaker's code.
With the statements about MXR, MPRV, and MPP below, I think this can only be accomplished for code executable in M mode only.
Concerning PMP, that's what I was suggesting, yes.
I wonder if there is a way it can be done for code executable in S/U mode.
I believe the answer can be physical memory attributes (PMAs), which apply in addition to the software-programmable PMP mechanism. If this is a ROM at known addresses, then just say the region is execute-only according to the machine's PMAs. PMP can't override that.
If the address range is unknown at chip fabrication time or starts as writable, you can still invent a custom mechanism to manipulate the chip's PMAs underneath the standard PMP facility, without violating any RISC-V rules as I understand them. Obviously, a custom mechanism wouldn't be portable beyond your own line of chips, but it doesn't need to be for this purpose, does it?
- John Hauser
Sure, something custom would work. And what you suggested is a good possibility. But I brought it up because I thought the use case might be more broadly applicable and maybe some combination in the privilege spec would allow for that. I'll think some more about it.