60.6.3.1 Protection Manager
The Protection Manager is used to centralize all alarms coming from the different monitors.
The Protection Manager implements an automaton that processes a memory erase sequence if the memory is not empty.
In Normal mode each available alarm described in this document can be configured as follows:
- Disabled
- Trigger an automatic memory erase sequence
- Trigger an IRQ interrupt
- Trigger an automatic memory erase sequence and an IRQ interrupt
In Backup mode each available alarm described in this document can be configured as follows:
- Disabled
- Trigger an automatic memory erase sequence
- Trigger a SWKUP wake-up signal
- Trigger an automatic memory erase sequence and a SWKUP wake-up signal
The software knows an alarm has been triggered by reading the Status register (SECUMOD_SR), by enabling the IRQ interrupt or by enabling the SWKUP wake-up. The software then detects the source of the alarm and acts accordingly. The software erases the memory if not done automatically. The software triggers a memory erase sequence using SECUMOD_CR.SWPROT.
The Protection Manager can also send:
- an IRQ interrupt signal (only in Normal mode)
- an SWKUP wake-up signal (only in Backup mode).
As soon as an alarm is detected, the corresponding bit is set in the Status register (SECUMOD_SR). The only way to clear this bit is to set it in the Status Clear register (SECUMOD_SCR).
If a clear of the secure memories content has been performed by the automaton, an ERASE_DONE flag is set to indicate that the secure memories content is not valid anymore. While the secure memories are erased, write accesses have no effect and read accesses return a static and invalid value (except for BUSRAM1KB).