The HCR characteristics are:
Provides configuration controls for virtualization, including defining whether various Non-secure operations are trapped to Hyp mode.
AArch32 System register HCR bits [31:0] are architecturally mapped to AArch64 System register HCR_EL2[31:0].
This register is present only when EL2 is capable of using AArch32. Otherwise, direct accesses to HCR are UNDEFINED.
If EL2 is not implemented, this register is RES0 from EL3.
HCR is a 32-bit register.
31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
RES0 | TRVM | HCD | RES0 | TGE | TVM | TTLB | TPU | TPC | TSW | TAC | TIDCP | TSC | TID3 | TID2 | TID1 | TID0 | TWE | TWI | DC | BSU | FB | VA | VI | VF | AMO | IMO | FMO | PTW | SWIO | VM |
Reserved, RES0.
Trap Reads of Virtual Memory controls. Traps Non-secure EL1 reads of the virtual memory control registers to EL2, when EL2 is enabled in the current Security state.
The registers for which read accesses are trapped are as follows:
SCTLR, TTBR0, TTBR1, TTBCR, TTBCR2, DACR, DFSR, IFSR, DFAR, IFAR, ADFSR, AIFSR, PRRR, NMRR, MAIR0, MAIR1, AMAIR0, AMAIR1, CONTEXTIDR.
TRVM | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 read accesses to the specified Virtual Memory controls are trapped to EL2. |
The reset behavior of this field is:
HVC instruction disable. Disables Non-secure EL1 and EL2 execution of HVC instructions, when EL2 is enabled in the current Security state.
HCD | Meaning |
---|---|
0b0 |
HVC instruction execution is enabled at EL2 and EL1. |
0b1 | HVC instructions are UNDEFINED at EL2 and Non-secure EL1. The Undefined Instruction exception is taken to the Exception level at which the HVC instruction is executed. |
HVC instructions are always UNDEFINED at EL0.
The reset behavior of this field is:
Reserved, RES0.
Reserved, RES0.
Trap General Exceptions, from Non-secure EL0.
TGE | Meaning |
---|---|
0b0 |
This control has no effect on execution at EL0. |
0b1 | When EL2 is not enabled in the current Security state, this control has no effect on execution at EL0. When EL2 is enabled in the current Security state, then:
|
Also, when HCR.TGE is 1:
The reset behavior of this field is:
Trap Virtual Memory controls. Traps Non-secure EL1 writes to the virtual memory control registers to EL2, when EL2 is enabled in the current Security state.
The registers for which write accesses are trapped are as follows:
SCTLR, TTBR0, TTBR1, TTBCR, TTBCR2, DACR, DFSR, IFSR, DFAR, IFAR, ADFSR, AIFSR, PRRR, NMRR, MAIR0, MAIR1, AMAIR0, AMAIR1, CONTEXTIDR.
TVM | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 write accesses to the specified virtual memory control registers are trapped to EL2. |
The reset behavior of this field is:
Trap TLB maintenance instructions. Traps Non-secure EL1 execution of a TLBI instruction to EL2, when EL2 is enabled in the current Security state.
This applies to the following instructions:
TLBIALLIS, TLBIMVAIS, TLBIASIDIS, TLBIMVAAIS, TLBIMVALIS, TLBIMVAALIS, ITLBIALL, ITLBIMVA, ITLBIASID, DTLBIALL, DTLBIMVA, DTLBIASID, TLBIALL, TLBIMVA, TLBIASID, TLBIMVAA, TLBIMVAL, TLBIMVAAL
TTLB | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 accesses to the specified TLB maintenance instructions are trapped to EL2. |
The reset behavior of this field is:
Trap cache maintenance instructions that operate to the Point of Unification. Traps Non-secure EL1 execution of those cache maintenance instructions to EL2, when EL2 is enabled in the current Security state.
This applies to the following instructions:
An Undefined Instruction exception generated at EL0 is higher priority than this trap to EL2, and these instructions are always UNDEFINED at EL0.
TPU | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 execution of the specified cache maintenance instructions is trapped to EL2. |
If the Point of Unification is before any level of data cache, it is IMPLEMENTATION DEFINED whether the execution of any data or unified cache clean by VA to the Point of Unification instruction can be trapped when the value of this control is 1.
If the Point of Unification is before any level of instruction cache, it is IMPLEMENTATION DEFINED whether the execution of any instruction cache invalidate to the Point of Unification instruction can be trapped when the value of this control is 1.
The reset behavior of this field is:
Trap data or unified cache maintenance instructions that operate to the Point of Coherency. Traps Non-secure EL1 execution of those cache maintenance instructions to EL2, when EL2 is enabled in the current Security state.
This applies to the following instructions:
An Undefined Instruction exception generated at EL0 is higher priority than this trap to EL2, and these instructions are always UNDEFINED at EL0.
TPC | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 execution of the specified cache maintenance instructions is trapped to EL2. |
If the Point of Coherency is before any level of data cache, it is IMPLEMENTATION DEFINED whether the execution of any data or unified cache clean, invalidate, or clean and invalidate instruction that operates by VA to the point of coherency can be trapped when the value of this control is 1.
The reset behavior of this field is:
Trap data or unified cache maintenance instructions that operate by Set/Way. Traps Non-secure EL1 execution of those cache maintenance instructions by set/way to EL2, when EL2 is enabled in the current Security state.
This applies to the following instructions:
An Undefined Instruction exception generated at EL0 is higher priority than this trap to EL2, and these instructions are always UNDEFINED at EL0.
TSW | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 execution of the specified cache maintenance instructions is trapped to EL2. |
The reset behavior of this field is:
Trap Auxiliary Control Registers. Traps Non-secure EL1 accesses to the Auxiliary Control Registers to EL2, when EL2 is enabled in the current Security state, from both Execution states.
This applies to the following register accesses:
ACTLR and, if implemented, ACTLR2.
TAC | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 accesses to the specified registers are trapped to EL2. |
The reset behavior of this field is:
Trap IMPLEMENTATION DEFINED functionality. Traps Non-secure EL1 accesses to the encodings for IMPLEMENTATION DEFINED System Registers to EL2, when EL2 is enabled in the current Security state.
MCR and MRC instructions accessing the following encodings:
When HCR.TIDCP is set to 1, it is IMPLEMENTATION DEFINED whether any of this functionality accessed from Non-secure EL0 is trapped to EL2. Otherwise, it is UNDEFINED and the PE takes an Undefined Instruction exception to Non-secure Undefined mode.
TIDCP | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Non-secure EL1 accesses to the specified System register encodings for IMPLEMENTATION DEFINED functionality are trapped to EL2. |
The reset behavior of this field is:
Trap SMC instructions. Traps Non-secure EL1 execution of SMC instructions to Hyp mode.
TSC | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Any attempt to execute an SMC instruction at Non-secure EL1 is trapped to Hyp mode, regardless of the value of SCR.SCD. |
The Armv8-A architecture permits, but does not require, this trap to apply to conditional SMC instructions that fail their condition code check, in the same way as with traps on other conditional instructions.
The reset behavior of this field is:
Trap ID group 3. Traps Non-secure EL1 reads of the following registers to EL2, when EL2 is enabled in the current Security state as follows:
VMRS access to MVFR0, MVFR1, and MVFR2, reported using EC syndrome value 0x08, unless access is also trapped by HCPTR which takes priority.
MRC access to the following registers are reported using EC syndrome value 0x03:
ID_PFR0, ID_PFR1, ID_PFR2, ID_DFR0, ID_AFR0, ID_MMFR0, ID_MMFR1, ID_MMFR2, ID_MMFR3, ID_ISAR0, ID_ISAR1, ID_ISAR2, ID_ISAR3, ID_ISAR4, and ID_ISAR5.
If FEAT_FGT is implemented:
If FEAT_FGT is not implemented:
ID_MMFR4 and ID_MMFR5 are trapped to EL2, unless implemented as RAZ, when it is IMPLEMENTATION DEFINED whether accesses to ID_MMFR4 or ID_MMFR5 are trapped.
ID_ISAR6 is trapped to EL2, unless implemented as RAZ, when it is IMPLEMENTATION DEFINED whether accesses to ID_ISAR6 are trapped to EL2.
ID_DFR1 is trapped to EL2, unless implemented as RAZ, when it is IMPLEMENTATION DEFINED whether accesses to ID_DFR1 are trapped to EL2.
Otherwise, it is IMPLEMENTATION DEFINED whether this bit traps MRC accesses to registers not already mentioned, with coproc == p15, opc1 == 0, CRn == c0, CRm == {c2-c7}, opc2 == {0-7}.
TID3 | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
The specified Non-secure EL1 read accesses to ID group 3 registers are trapped to EL2. |
The reset behavior of this field is:
Trap ID group 2. Traps the following register accesses to EL2, when EL2 is enabled in the current Security state:
TID2 | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
The specified Non-secure EL1 and EL0 accesses to ID group 2 registers are trapped to EL2. |
The reset behavior of this field is:
Trap ID group 1. Traps Non-secure EL1 reads of the following registers to EL2, when EL2 is enabled in the current Security state:
TID1 | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
The specified Non-secure EL1 read accesses to ID group 1 registers are trapped to EL2. |
The reset behavior of this field is:
Trap ID group 0. Traps the following register accesses to EL2, when EL2 is enabled in the current Security state:
TID0 | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
The specified Non-secure EL1 read accesses to ID group 0 registers are trapped to EL2. |
The reset behavior of this field is:
Traps Non-secure EL0 and EL1 execution of WFE instructions to EL2, when EL2 is enabled in the current Security state.
TWE | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Any attempt to execute a WFE instruction at Non-secure EL0 or EL1 is trapped to EL2, if the instruction would otherwise have caused the PE to enter a low-power state and it is not trapped by SCTLR.nTWE. |
The attempted execution of a conditional WFE instruction is only trapped if the instruction passes its condition code check.
Since a WFE can complete at any time, even without a Wakeup event, the traps on WFE are not guaranteed to be taken, even if the WFE is executed when there is no Wakeup event. The only guarantee is that if the instruction does not complete in finite time in the absence of a Wakeup event, the trap will be taken.
The reset behavior of this field is:
Traps Non-secure EL0 and EL1 execution of WFI instructions to EL2, when EL2 is enabled in the current Security state.
TWI | Meaning |
---|---|
0b0 |
This control does not cause any instructions to be trapped. |
0b1 |
Any attempt to execute a WFI instruction at Non-secure EL0 or EL1 is trapped to EL2, if the instruction would otherwise have caused the PE to enter a low-power state and it is not trapped by SCTLR.nTWI. |
The attempted execution of a conditional WFI instruction is only trapped if the instruction passes its condition code check.
Since a WFI can complete at any time, even without a Wakeup event, the traps on WFI are not guaranteed to be taken, even if the WFI is executed when there is no Wakeup event. The only guarantee is that if the instruction does not complete in finite time in the absence of a Wakeup event, the trap will be taken.
The reset behavior of this field is:
Default Cacheability.
DC | Meaning |
---|---|
0b0 |
This control has no effect on the Non-secure EL1&0 translation regime. |
0b1 | In Non-secure state:
|
This field has no effect on the EL2 and EL3 translation regimes.
This bit is permitted to be cached in a TLB.
The reset behavior of this field is:
Barrier Shareability upgrade. This field determines the minimum shareability domain that is applied to any barrier instruction executed from Non-secure EL1 or Non-secure EL0:
BSU | Meaning |
---|---|
0b00 |
No effect. |
0b01 |
Inner Shareable. |
0b10 |
Outer Shareable. |
0b11 |
Full system. |
This value is combined with the specified level of the barrier held in its instruction, using the same principles as combining the shareability attributes from two stages of address translation.
The reset behavior of this field is:
Force broadcast. Causes the following instructions to be broadcast within the Inner Shareable domain when executed from Non-secure EL1:
BPIALL, TLBIALL, TLBIMVA, TLBIASID, DTLBIALL, DTLBIMVA, DTLBIASID, ITLBIALL, ITLBIMVA, ITLBIASID, TLBIMVAA, ICIALLU, TLBIMVAL, TLBIMVAAL.
FB | Meaning |
---|---|
0b0 |
This field has no effect on the operation of the specified instructions. |
0b1 |
When one of the specified instruction is executed at Non-secure EL1, the instruction is broadcast within the Inner Shareable shareability domain. |
The reset behavior of this field is:
Virtual SError interrupt exception.
VA | Meaning |
---|---|
0b0 |
This mechanism is not making a virtual SError interrupt pending. |
0b1 |
A virtual SError interrupt is pending because of this mechanism. |
The virtual SError interrupt is enabled only when the value of HCR.{TGE, AMO} is {0, 1}.
The Guest OS cannot distinguish the virtual exception from the corresponding physical exception.
The reset behavior of this field is:
Virtual IRQ exception.
VI | Meaning |
---|---|
0b0 |
This mechanism is not making a virtual IRQ pending. |
0b1 |
A virtual IRQ is pending because of this mechanism. |
The virtual IRQ is enabled only when the value of HCR.{TGE, IMO} is {0, 1}.
The Guest OS cannot distinguish the virtual exception from the corresponding physical exception.
The reset behavior of this field is:
Virtual FIQ exception.
VF | Meaning |
---|---|
0b0 |
This mechanism is not making a virtual FIQ pending. |
0b1 |
A virtual FIQ is pending because of this mechanism. |
The virtual FIQ is enabled only when the value of HCR.{TGE, FMO} is {0, 1}.
The Guest OS cannot distinguish the virtual exception from the corresponding physical exception.
The reset behavior of this field is:
SError interrupt Mask Override. When this bit is set to 1, it overrides the effect of PSTATE.A, and enables virtual exception signaling by the VA bit.
If the value of HCR.TGE is 0, then virtual SError interrupts are enabled in Non-secure state.
If the value of HCR.TGE is 1, then in Non-secure state the HCR.AMO bit behaves as 1 for all purposes other than a direct read of the value of the bit.
The reset behavior of this field is:
IRQ Mask Override. When this bit is set to 1, it overrides the effect of PSTATE.I, and enables virtual exception signaling by the VI bit.
If the value of HCR.TGE is 0, then Virtual IRQ interrupts are enabled in the Non-secure state.
If the value of HCR.TGE is 1, then in Non-secure state the HCR.IMO bit behaves as 1 for all purposes other than a direct read of the value of the bit.
The reset behavior of this field is:
FIQ Mask Override. When this bit is set to 1, it overrides the effect of PSTATE.F, and enables virtual exception signaling by the VF bit.
If the value of HCR.TGE is 0, then Virtual FIQ interrupts are enabled in the Non-secure state.
If the value of HCR.TGE is 1, then in Non-secure state the HCR.FMO bit behaves as 1 for all purposes other than a direct read of the value of the bit.
The reset behavior of this field is:
Protected Table Walk. In the Non-secure PL1&0 translation regime, a translation table access made as part of a stage 1 translation table walk is subject to a stage 2 translation. The combining of the memory type attributes from the two stages of translation means the access might be made to a type of Device memory. If this occurs then the value of this bit determines the behavior:
PTW | Meaning |
---|---|
0b0 |
The translation table walk occurs as if it is to Normal Non-cacheable memory. This means it can be made speculatively. |
0b1 |
The memory access generates a stage 2 Permission fault. |
This bit is permitted to be cached in a TLB.
The reset behavior of this field is:
Set/Way Invalidation Override. Causes Non-secure EL1 execution of the data cache invalidate by set/way instructions to perform a data cache clean and invalidate by set/way.
SWIO | Meaning |
---|---|
0b0 |
This control has no effect on the operation of data cache invalidate by set/way instructions. |
0b1 |
Data cache invalidate by set/way instructions perform a data cache clean and invalidate by set/way. |
When this bit is set to 1, DCISW performs the same invalidation as a DCCISW instruction.
As a result of changes to the behavior of DCISW, this bit is redundant in Armv8. This bit can be implemented as RES1.
The reset behavior of this field is:
Virtualization enable. Enables stage 2 address translation for the Non-secure EL1&0 translation regime.
VM | Meaning |
---|---|
0b0 |
Non-secure EL1&0 stage 2 address translation disabled. |
0b1 |
Non-secure EL1&0 stage 2 address translation enabled. |
If the HCR.DC bit is set to 1, then the behavior of the PE when executing in a Non-secure mode other than Hyp mode is consistent with HCR.VM being 1, regardless of the actual value of HCR.VM, other than the value returned by an explicit read of HCR.VM.
When the value of this bit is 1, data cache invalidate instructions executed at Non-secure EL1 perform a data cache clean and invalidate. For the invalidate by set/way instruction this behavior applies regardless of the value of the HCR.SWIO bit.
This bit is permitted to be cached in a TLB.
The reset behavior of this field is:
Accesses to this register use the following encodings in the System register encoding space:
coproc | opc1 | CRn | CRm | opc2 |
---|---|---|---|---|
0b1111 | 0b100 | 0b0001 | 0b0001 | 0b000 |
if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T1 == '1' then AArch64.AArch32SystemAccessTrap(EL2, 0x03); elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T1 == '1' then AArch32.TakeHypTrapException(0x03); else UNDEFINED; elsif PSTATE.EL == EL2 then R[t] = HCR; elsif PSTATE.EL == EL3 then if SCR.NS == '0' then UNDEFINED; else R[t] = HCR;
coproc | opc1 | CRn | CRm | opc2 |
---|---|---|---|---|
0b1111 | 0b100 | 0b0001 | 0b0001 | 0b000 |
if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T1 == '1' then AArch64.AArch32SystemAccessTrap(EL2, 0x03); elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T1 == '1' then AArch32.TakeHypTrapException(0x03); else UNDEFINED; elsif PSTATE.EL == EL2 then HCR = R[t]; elsif PSTATE.EL == EL3 then if SCR.NS == '0' then UNDEFINED; else HCR = R[t];
04/07/2023 11:24; 1b994cb0b8c6d1ae5a9a15edbc8bd6ce3b5c7d68
Copyright © 2010-2023 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.