3.2.3.1.1 IRT Region Spacing Requirements

When creating an IRT region, it is critical that there is a buffer between the IRT code and the non-IRT code that is at minimum the size of the CPU prefetch buffer (32 bytes).

Figure 3-5. IRT Region Spacing
???

Figure 3-5 demonstrates that a minimum 32-byte non-code buffer is required between IRT code and non-IRT code.

Exiting an IRT Region to a Non-IRT Region describes that setting the DONE bit and fetching a non-IRT instruction disables the IRT access and completes the transfer from IRT to non-IRT code.

The space between the IRT firmware and non-IRT code is required to ensure that a new instruction fetch is required after the DONE bit is set. If non-IRT code was prefetched as part of the IRT operation, that code might be present in the prefetch buffer or cache. If the non-IRT code is in the prefetch buffer or cache, a fetch from Flash may not happen when jumping to that code. In that case, the IRT permissions will not be removed until the next non-IRT instruction fetch from Flash.

Figure 3-6. IRT Region Spacing - Prefetched
???

Without a buffer, the last instruction of the IRT code and several instructions of the non-IRT code can be prefetched as part of that execution. If those non-IRT instructions contain the entry point of the non-IRT code, the IRT permissions are not locked during the execution of those instructions because they did not result in a new fetch.

With a correctly sized buffer between the IRT and non-IRT code, non-IRT code that has not been part of the IRT operation would not be in the prefetch buffer or the cache ensuring an instruction fetch occurs during the transition from IRT to non-IRT code execution.

Figure 3-7. IRT Region Spacing - Buffer
???

With the buffer in place, a prefetch of the last IRT instruction in the region would not cause any non-IRT code to be in the prefetch buffer or cache.

This spacing requirement between the IRT and non-IRT code is specific to distance from IRT code to non-IRT code. IRT data are allowed to be in this buffer space and fulfill this requirement. An OTP data region with execution disabled also fulfills this requirement as execution is blocked to that region. A FIRMWARE type region is possible but not recommended. While a FIRMWARE data region type with execution is disabled on Reset, until that region is locked until the next Reset, the region could be unlocked and changed to executable.

For example, a second data-only region can be placed between the IRT code and the non-IRT code or even data inside the original IRT region.

Figure 3-8. IRT Region Spacing - Example Using Non-IRT Data to Fulfill the 32-byte Spacing Requirement
???