PART B: ARMV8 SELF-HOSTED DEBUG
5 DEBUG SYSTEM REGISTERS
5.4 Accessing debug system registers
Each EL has the ability to trap debug system register accesses from lower Exception levels:
At EL0:
— if MDSCR_EL1.TDCC == 1 then EL0 access to the DCC registers are trapped to EL1:
from AArch64, MDCCSR_EL0, DBGDTR_EL0, DBGDTRTX_EL0 and DBGDTRRX_EL0
from AArch32, DBGDSCRint, DBGDTRTXint and DBGDTRRXint, and, if implemented, DBGDIDR, DBGDRAR and DBGDSAR.
Note: In AArch32 state MDSCR_EL1.TDCC is DBGDSCRext.UDCCdis. DBGDIDR, DBGDRAR and DBGDSAR are OPTIONAL registers if EL1 using AArch32 is not supported. See the register descriptions for more information.
— all accesses to other debug system registers from EL0 are UNDEFINED at all times.
Note: If HCR_EL2.TGE == 1, then all exceptions that would be taken to EL1 are instead taken to EL2. See [v8Exception].
Otherwise, at EL1 and EL0 in Non-secure state, if EL2 is implemented:
— if MDCR_EL2.TDE == 1 or MDCR_EL2.TDRA == 1 or HCR_EL2.TGE == 1 then accesses to the debug ROM address register(s) are trapped to EL2:
from AArch64, MDRAR_EL1
from AArch32, DBGDRAR and DBGDSAR
— if MDCR_EL2.TDE == 1 or MDCR_EL2.TDOSA == 1 then accesses to OS debug system registers are trapped to EL2:
from AArch64, OSLAR_EL1, OSLSR_EL1, OSDLR_EL1 and DBGPRCR_EL1
from AArch32, DBGOSLAR, DBGOSLSR, DBGOSDLR and DBGPRCR
— if MDCR_EL2.TDE == 1 or MDCR_EL2.TDA == 1 or HCR_EL2.TGE == 1 then accesses to all other debug system registers are trapped to EL2.
Notes:
If EL2 is using AArch32, then:
MDCR_EL2 ≡ HDCR
these are trapped as Hyp Trap exceptions.
ID_ registers are not debug system registers. See also HCR_EL2.TID3 in [v8Exception].
If HCR_EL2.TGE == 1 then execution at EL1 is not possible, so those traps apply only to instructions executed at EL0, see “At EL0” above.
Otherwise, at EL2, EL1 and EL0, if EL3 is implemented and EL3 is using AArch64:
— if MDCR_EL3.TDOSA == 1 then accesses to the OS debug system registers (see above) are trapped to EL3
— if MDCR_EL3.TDA == 1 then accesses to all other debug system registers are trapped to EL3.
These traps are not possible if EL3 is using AArch32. There are no traps for ID_ registers to EL3.
Otherwise, at all Exception levels:
— If EDSCR.TDA == 1 then accesses to certain debug system registers might be trapped into Debug state. See Software Access debug event on page 136.
Otherwise the access is permitted.
Similarly:
MDCR_EL3.TPM and MDCR_EL2.{TPM, TPMCR} can be used to trap Performance Monitors system register accesses; see Accessing Performance Monitors registers on page 104.
CPTR_EL3, CPTR_EL2 and CPACR_EL1 can be used to trap Trace extension register accesses.
If the processor is in Debug state, additional rules apply. See Privilege in Debug state on page 153. If OSLSR_EL1.OSLK == 1 (OS lock is locked), accesses to certain registers is modified.
Note: These traps and enables only apply to system register accesses using system register access instructions. For accesses by the external debug interface, see External debug interface register access permissions on page 195.
Table 22 summarizes the access controls for implemented registers. Instructions that access unimplemented registers are UNDEFINED. In this table:
AA means the execution state being used at the current EL: AArch64 (64), AArch32 (32) or both (-).
State means the security state: Secure (S), Non-secure (NS) or both (-).
The remaining columns give access permissions, with priority from left to right (“-“ means keep searching to the right for a matching column):
Debug state
Gives the modified behavior at all Exception levels in Debug state, where applicable. See Privilege in Debug state on page 153. This as precedence over the “Default at ELx” and “Traps from below to ELy” columns.
Default at ELx
Gives the default access permission at ELx. “UND” means the access is UNDEFINED. Traps from below to ELy
If the “Default at ELx” column does not show the access as UNDEFINED at ELx, these columns list which control bit in MDSCR_EL1/DBGDSCR, MDCR_EL2/HCR_EL2 or MDCR_EL3 (as applicable) enables a trap to ELy (y > x) on accesses to this register.
Notes:
— If EL3, EL2 or EL1 is using AArch32, TDCC means DBGDSCR.UDCCdis.
— Traps to EL3 apply only if EL3 is using AArch64.
— Traps to EL2 apply only in Non-secure state.
— If HCR_EL2.TGE == 1 or MDCR_EL2.TDE == 1, the processor behaves as if MDCR_EL2.{TDA, TDRA, TDOSA} are all set to 1.
— Undefined Instruction and trap exceptions to EL1 are routed to EL2 if HCR_EL2.TGE == 1.
OSLK Gives the access permission if OSLSR_EL1.OSLK == 1.
Default Gives the default access permission if none of the columns to the left apply.
Registera AA State Debug
state
Default at Traps from below to
OSLK Default EL0 EL1 EL2 EL1 EL2 EL3
ID_DFR0_EL1 - - - UND - - - TID3 - - RO
ID_AA64DFR0_EL1 64 - - UND - - - TID3 - - RO
ID_AA64DFR1_EL1 64 - - UND - - - TID3 - - RAZ
SDER32_EL3 64 - - UND UND UND - - - - RW
SDER 32 NS - UND UND UND - - - - RW
S - UND - n/a - n/a - - RW
MDCR_EL2 - - - UND UND - - - TDA - RW
MDCR_EL3 64 - - UND UND UND - - - - RW
SDCR 32 NS - UND UND UND - - - - RW
S - UND -b n/a - n/a Alwaysb - RW
DBGDIDR 32 - - - TDCC TDA TDA - RO
MDCCSR_EL0 - - - TDCC TDA TDA - RO
MDCCINT_EL1 - - - UND - - - TDA TDA - RW
DBGDTR_EL0 64 - RW - - - TDCC TDA TDA - RW
DBGDTRRX_EL0c
- - RO
- - - TDCC TDA TDA - RO
DBGDTRTX_EL0c WO WO
DBGWFAR 32 - - UND - - - TDA TDA - RAZ
DBGVCR32_EL2 64 - - UND UND - - - TDA - RW
Registera AA State Debug state
Default at Traps from below to
OSLK Default EL0 EL1 EL2 EL1 EL2 EL3
DBGVCR 32 - - UND - - - TDA TDA - RW
OSDTRRX_EL1 - - - UND - - - TDA TDA - RW
MDSCR_EL1 - - - UND - - - TDA TDA RWd RW
OSDTRTX_EL1 - - - UND - - - TDA TDA - RW
OSECCR_EL1 - - - UND - - - TDA TDA RW UNK/WI
DBGBVRn_EL1 - - - UND - - - TDA TDA - RWe
DBGBCRn_EL1 - - - UND - - - TDA TDA - RWe
DBGWVRn_EL1 - - - UND - - - TDA TDA - RWe
DBGWCRn_EL1 - - - UND - - - TDA TDA - RWe
MDRAR_EL1 64 - - UND - - - TDRA TDA - RO
DBGDRAR 32 - - - TDCC TDRA TDA - RO
DBGBXVRn 32 - - UND - - - TDA TDA - RWe
OSLAR_EL1 - - - UND - - - TDOSA TDOSA - WO
OSLSR_EL1 - - - UND - - - TDOSA TDOSA - RO
OSDLR_EL1 - - - UND - - - TDOSA TDOSA - RW
DBGPRCR_EL1 - - - UND - - - TDOSA TDOSA - RW
DBGDSAR 32 - - - TDCC TDRA TDA - RO
DBGCLAIMSET_EL1 - - - UND - - - TDA TDA - RW
DBGCLAIMCLR_EL1 - - - UND - - - TDA TDA - RW
DBGAUTHSTATUS_EL1 - - - UND - - - TDA TDA - RO
DBGDEVID{n} 32 - - UND - - - TDA TDA - RO
a. AArch64 names shown, other than in cases where access permissions differ in the two states.
b. If EL3 is implemented and using AArch64, accesses to SDCR from Secure EL1 using AArch32 are trapped to EL3.
c. DBGDTRRX_EL0 and DBGDTRTX_EL0 are the same instruction encoding, but different underlying registers. One is accessed on reads (MRS/MRC) the other on writes (MSR/MCR).
d. Register is RW but access to particular fields is modified. See the register description for details.
e. Access can be trapped to Debug state. See Software Access debug event on page 136.
Table 22: Debug system register access permissions summary
The OS double-lock does not modify the behavior of accesses to debug system registers. However, the OS double-lock is a mechanism for system software to be able to make certain guarantees to a system power controller before allowing it to remove power. Implementations are only required to honor such guarantees if no debug system registers are accessed when DoubleLockStatus() == TRUE (OS double-lock is locked).
Access to certain registers by the external debug interface can be controlled by a secure monitor at EL3. For details see External debug interface register access permissions on page 195.
Note: Changes from v7.1 Debug In v7.1 Debug:
If OSLSR_EL1.OSLK == 1 (OS lock is locked) accesses to DBGDSCRint, DBGDTRTXint and DBGDTRRXint are UNPREDICTABLE.
In v8-A, accesses to these registers in AArch32 state are not affected by the OS lock. Accesses to MDCCSR_EL0, DBGDTRTX_EL0, DBGDTRRX_EL0 and DBGDTR_EL0 in AArch64 state are also not affected by the OS lock.
Accesses to all CP14 debug registers can be disabled by the Debug Software Enable function (DBGSWENABLE) of the Debug Access Port (DAP).
In v8-A this function is not present, and v8-A removes the requirement for this function to be implemented as part of the DAP. See also Software Access debug event on page 136.
If DoubleLockStatus() == TRUE (OS double-lock is locked) then accesses to all CP14 debug registers are UNPREDICTABLE, other than DBGDIDR, DBGDSAR, DBGDRAR and DBGOSDLR.
In v8-A, accesses to all CP14 debug registers in AArch32 state and all debug system registers in AArch64 state are not affected by the OS double-lock.