TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 297c2aaa445ad33f1154bf589911950ff71c0ff4^! / . / docs / design_docs / ff_isolation.rst
commit297c2aaa445ad33f1154bf589911950ff71c0ff4[log] [tgz]
authorKen Liu <Ken.Liu@arm.com>Thu Feb 23 11:22:33 2023 +0800
committerKen Liu <Ken.Liu@arm.com>Mon Mar 20 11:22:54 2023 +0800
tree7d8a807624ed4d51ceb3a481f598fc130976e873
parentacf187e0fe27eea3349c1308bcb68b88268ee7df [diff] [blame]
Docs: Explain 'Default access rules' feature usage

Feature 'Default access rules' can be used to set up a specific
standalone region. This usage is not explicitly explained in the
document, and here comes the explanation.

Signed-off-by: Ken Liu <Ken.Liu@arm.com>
Change-Id: If394a7bae9e56a76ba7ac810b8809e0ec18f3fde

diff --git a/docs/design_docs/ff_isolation.rst b/docs/design_docs/ff_isolation.rst
index e999cbc..d49c25b 100644
--- a/docs/design_docs/ff_isolation.rst
+++ b/docs/design_docs/ff_isolation.rst

@@ -362,12 +362,26 @@
   attributes in general, they are standalone regions in MPU even their
   attributes covers 'A_RWXN'.
 
+Default access rules
+====================
+Hardware protection components MAY have the capability to collect regions
+not explicitly configured in static or runtime settings, and then apply
+default access rules to the collected. Furthermore, one default rule can be
+applied to multiple non-contiguous regions which makes them share a common
+boundary. This operation sets up a standalone 'region' as same as other
+explicitly configured regions. And it doesn't affect the analysis summary
+above - just be aware that some regions listed in the table MAY not be
+explicitly configured.
+
+Take the MPU as an example, MPU can assign a default privileged access
+attribute to the regions (SPM and PRoT regions e.g.) not explicitly configured.
+This feature can reduce required MPU regions and ease the programming because
+regions can be put non-address-contiguous and skip the explicit configuration.
+
 .. important::
-   The default memory map grants PSA RoT domain components the ability to
-   access the place not covered in an explicitly defined region. This
-   characteristic can be used for saving regions. In the case when the default
-   memory map is applied, the uncovered regions need to be audited to make
-   sure all assets are placed properly.
+  When this default access rules mechanism is applied, the
+  non-explicitly-expressed regions must be reviewed to ensure the isolation
+  boundaries are set properly.
 
 Interfaces
 ==========