This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS570LC4357: Clarify response to AXI uncorrectable ECC errors during speculative reads?

Part Number: TMS570LC4357

Hello,

I am hoping for some help interpreting the section "SECDED Initialization" of the TMS570LC4357 TRM (SPNU563A), concerning speculative accesses to AXI flash memory:

I am confused by the part about aborts, because if I understand correctly, AXI ECC errors don't cause aborts on the Cortex-R5F, only CPU bus events (this is also discussed in this forum post). I understand that this is in contrast with other TMS570 variants that have TCM (and which have very similar text in their own TRMs). But for the TMS570LC4357, my understanding is that the effect of an uncorrectable AXI ECC error is only a CPU bus event, which in turn causes an ESM group 2.3 event and NMI (provided the CPU event bus and FIQs have been enabled), plus nERROR assertion. Do I understand this correctly, and could this part of the text above not apply to the TMS570LC4357?

Furthermore, due to our bootloading scheme, it is difficult for us to guarantee there are never any unprogrammed areas of flash containing uncorrectable ECC errors. However, we can at least guarantee that the currently executing image is padded to cacheline boundaries on both ends and doesn't have any "holes" (e.g., we can guarantee that if [0x40000, 0x50000) is the used flash range, then all flash words in that range are programmed with valid ECC, but flash outside of that range might be erased and have invalid ECC). I'm curious if this is sufficient to be safe from speculative reads to unprogrammed areas with invalid ECC, or could we still be vulnerable to speculative reads outside of this contiguous range, even if we never reference any of those addresses in the program?

In summary, my specific questions are:

  1. What is the expected effect of a speculative AXI flash read with an uncorrectable ECC error on the TMS570LC4357, given that the CPU event bus and NMFI FIQs (CPSR.F = 0) are enabled? Is it ESM group 2.3, nERROR assertion, and NMI FIQ, regardless of whether the speculatively read data is "used" (in contrast to the TRM text above)?
  2. On the TMS570LC437, does this effect apply to both speculative data reads and speculative instruction fetches?
  3. If our used flash range doesn't contain any unprogrammed "holes", but unprogrammed flash with uncorrectable ECC errors exists before and after the used area of flash, could we still be vulnerable to speculative reads to those unprogrammed areas?
  4. Is there any way to predict or restrict where these speculative reads occur, or do we need to think about them as unpredictable things that could access truly anywhere in flash? Is there any other way to guarantee this won't be a problem other than programming every word of the entire 4 MB flash range with valid ECC? (E.g., with MPU rules?)

Thank you very much for clarifying!