This is dangerous ! With this revision it's possible to have a region that's rw by S/U mode and executable by M mode when PL=0, [...]
I agree that would be dangerous, but I intentionally excluded that possibility, so I don't understand. What is the exact encoding that you think allows this, when MSL > 0?
Finally when MSL=3 and PL=3 we get removable M-mode-only, non-executable regions, at the highest security level. In terms of security it's a regression over revision 0.2, not an improvement.
That detail could easily be changed, if that's the only remaining complaint about the security.
