> > Now, ARM is a different matter - on that one the best we managed was read-only.
> > If anybody knows how to make ARM's zero page inaccessible, I'd sure be
> > interested to hear it.
> 
Just don't give the first page any user access (the kernel needs it, or 
you'll end up with infinite page-faults when the processor takes an 
interrupt or any other fault).  That's the way the ARM pmap works.

> Doesn't the SA1100 (at least) let you move the table to an alternate
> (fixed and not particularly useful) address?

Some processors have high vectors (at 0xffff0000-0xffff001c) as an option. 
(See ARM ARM Section 2.6.9).

> 
> Could the 16 protection bits (forgotten what they are called) be used??

No, don't try to use the domains system.

R.