sargx digital garden

Exception Levels (ELn)

2 min read

https://krinkinmu.github.io/2021/01/04/aarch64-exception-levels.html

The 64-bit Arm architecture defines the following levels of privilege:

An ARM processor will always reset into the highest implemented exception level (EL3) on the Armv8-A Foundation Model. This is important because the architecture only guarantees a bare minimum known safe state at reset:

We will therefore need to configure these elements of the processor context before actually dropping to EL2, otherwise we risk performing an illegal exception return or immediately taking an MMU abort when trying to fetch the first instruction at the hypervisor entry point.

OS Perspective:

An operating system should deal with exception levels because it needs to implement process isolation:

An operating system itself usually works at EL1. While running at this exception level processor gets access to the registers that allows configuring virtual memory settings as well as to some system registers.

EL2 is used in a scenario when we are using a hypervisor. In this case host operating system runs at EL2 and guest operating systems can only use EL 1. This allows host OS to isolate guest OSes in a similar way how OS isolates user processes.

EL3 is used for transitions from ARM “Secure World” to “Insecure world”. This abstraction exist to provide full hardware isolation between the software running in two different “worlds”. Application from an “Insecure world” can in no way access or modify information (both instruction and data) that belongs to “Secure world”, and this restriction is enforced at the hardware level.

Finding current Exception level:

.globl get_el
get_el:
    mrs x0, CurrentEL
    lsr x0, x0, #2
    ret
int el = get_el();
    printf("Exception level: %d \r\n", el);

Changing current exception level:

In ARM architecture there is no way how a program can increase its own exception level without the participation of the software that already runs on a higher level.

Current EL can be changed only if an exception is generated:

Whenever an exception is generated the following sequence of steps takes place (In the description I am assuming that the exception is handled at EL n, were n could be 1, 2 or 3):

An important thing to know is that exception handler is not obliged to return to the same location from which the exception originates. Both ELR_ELn and SPSR_ELn are writable and exception handler can modify them if it wants to

🌱 Back to Garden

Graph View

Backlinks