19.12.4 Security of Peripheral Bus Clients
The security type of a peripheral bus client is set at hardware design among the following:
- Always Secure (AS)
- Never Secure (NS)
- Programmable Secure (PS)
To configure the security mode required for accessing a peripheral bus client connected to the system-to-peripheral bus bridge (HBRIDGE), the MATRIX features three 32-bit Security Peripheral Select x Registers. Some of these bits may have been set to a secure or a non-secure value by design, whereas others are programmed by software (see Security Peripheral Select x Registers).
Peripheral security state, “secure” or “non-secure” is an AND operation between H32MX MATRIX_SPSELRx and H64MX MATRIX_SPSELRx for the bit corresponding to the peripheral.
As a general rule:
- The peripheral security state is applied to the corresponding peripheral interrupt line. Exceptions may occur on some peripherals (PIO Controller, etc.). In such case, refer to the peripheral description.
- The peripheral security state is applied to the peripheral host part, if any. Exceptions may occur on some peripherals. In such case, refer to the peripheral description. See Security Types of System Bus Hosts.
MATRIX_SPSELRx bits in the H32MX or H64MX user interface are respectively read/write or read-only to ‘1’ depending on whether the peripheral is connected or not, on the matrix.
All bit values in the following table except those marked ‘UD’ (User Defined) are read-only and cannot be changed. Values marked ‘UD’ can be changed. Refer to the following examples.
- Example for GMAC, Peripheral ID 5, which is connected to the H32MX
Matrix
- H64MX MATRIX_SPSELR1[5] = 1 (read-only); no influence on the security configuration
- H32MX MATRIX_SPSELR1[5] can be written by user to program the security.
- Example for LCDC, Peripheral ID 45, which is connected to the H64MX
Matrix
- H64MX MATRIX_SPSELR2[13] can be written by user to program the security.
- H32MX MATRIX_SPSELR2[13] = 1 (read-only); no influence on the security configuration
- Example for AIC, Peripheral ID 49, which is connected to the H32MX
Matrix
- H64MX MATRIX_SPSELR2[17] = 1 (read-only); sets the peripheral as Non-secure by hardware, also called “Never Secure”
- H32MX MATRIX_SPSELR2[17] = 1 (read-only); no influence on the security configuration
- Example for SAIC, Peripheral ID 0, which is connected to the H32MX
Matrix
- H64MX MATRIX_SPSELR1[0] = 1 (read-only); no influence on the security configuration
- H32MX MATRIX_SPSELR1[0] = 0 (read-only); sets the peripheral as Secure by hardware, also called “Always Secure”
The system-to-peripheral bus bridge compares the incoming host request security bit with the required security mode for the selected peripheral, and accepts or denies access. In the last case, its bus error response is internally flagged in MATRIX_MESR; the offending address is registered in MATRIX_MEAR so that the client and the targeted protected region are also known.
| Instance ID | Instance Name | Internal Interrupt | PMC Clock Control | Instance Description | Clock Type | Security(1) | In Matrix | MATRIX_SPSELRx Bit | Bit Value in H32MX | Bit Value in H64MX |
|---|---|---|---|---|---|---|---|---|---|---|
| 0 | SAIC | FIQ | – | FIQ Interrupt ID | SYS_CLK_LS | AS | – | MATRIX_SPSELR1[0] | 0 | 1 |
| 1 | PMC | X | – | Power Management Controller | SYS_CLOCK | PS | H64MX | MATRIX_SPSELR1[1] | 1 | UD |
| 2 | ARM | PMU | X | Performance Monitor Unit (PMU) | PROC_CLK | PS | H64MX | MATRIX_SPSELR1[2] | 1 | UD |
| 3 | PIT | X | – | Periodic Interval Timer Interrupt | SYS_CLK_LS | PS(3) | H32MX | MATRIX_SPSELR1[3] | – | – |
| 4 | WDT | X | – | Watchdog Timer Interrupt | SYS_CLK_LS | PS(3) | H32MX | MATRIX_SPSELR1[4] | – | – |
| 5 | GMAC | X | X | Ethernet MAC | HCLOCK_LS PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[5] | UD | 1 |
| 6 | XDMAC0 | X | X | DMA Controller 0 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR1[6] | 1 | UD |
| 7 | XDMAC1 | X | X | DMA Controller 1 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR1[7] | 1 | UD |
| 8 | ICM | X | X | Integrity Check Monitor | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[8] | UD | 1 |
| 9 | AES | X | X | Advanced Encryption Standard | PCLK_HS | PS | H64MX | MATRIX_SPSELR1[9] | 1 | UD |
| 10 | AESB | X | X | AES Bridge | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR1[10] | 1 | UD |
| 11 | TDES | X | X | Triple Data Encryption Standard | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[11] | UD | 1 |
| 12 | SHA | X | X | SHA Signature | PCLK_HS | PS | H64MX | MATRIX_SPSELR1[12] | 1 | UD |
| 13 | MPDDRC | X | X | MPDDR Controller | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR1[13] | 1 | UD |
| 14 | H32MX | X | X | 32-bit Matrix | SYS_CLK_LS | AS | – | MATRIX_SPSELR1[14] | 0 | 1 |
| 15 | H64MX | X | X | 64-bit Matrix | SYS_CLOCK | AS | – | MATRIX_SPSELR1[15] | 1 | 0 |
| 16 | SECUMOD | X | X | Security Module | SLOW_CLOCK | AS | H32MX | MATRIX_SPSELR1[16] | 0 | 1 |
| 17 | HSMC | X | X | Multibit ECC Interrupt | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[17] | UD | 1 |
| 18 | PIOA | X | X | Parallel I/O Controller | PCLOCK_LS | AS | H32MX | MATRIX_SPSELR1[18] | 0 | 1 |
| 19 | FLEXCOM0 | X | X | FLEXCOM 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[19] | UD | 1 |
| 20 | FLEXCOM1 | X | X | FLEXCOM 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[20] | UD | 1 |
| 21 | FLEXCOM2 | X | X | FLEXCOM 2 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[21] | UD | 1 |
| 22 | FLEXCOM3 | X | X | FLEXCOM 3 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[22] | UD | 1 |
| 23 | FLEXCOM4 | X | X | FLEXCOM 4 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[23] | UD | 1 |
| 24 | UART0 | X | X | Universal Asynchronous Receiver Transmitter 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[24] | UD | 1 |
| 25 | UART1 | X | X | Universal Asynchronous Receiver Transmitter 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[25] | UD | 1 |
| 26 | UART2 | X | X | Universal Asynchronous Receiver Transmitter 2 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[26] | UD | 1 |
| 27 | UART3 | X | X | Universal Asynchronous Receiver Transmitter 3 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[27] | UD | 1 |
| 28 | UART4 | X | X | Universal Asynchronous Receiver Transmitter 4 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[28] | UD | 1 |
| 29 | TWIHS0 | X | X | Two-Wire Interface 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[29] | UD | 1 |
| 30 | TWIHS1 | X | X | Two-Wire Interface 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR1[30] | UD | 1 |
| 31 | SDMMC0 | X | X | Secure Digital MultiMedia Card Controller 0 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR1[31] | 1 | UD |
| 32 | SDMMC1 | X | X | Secure Digital MultiMedia Card Controller 1 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR2[0] | 1 | UD |
| 33 | SPI0 | X | X | Serial Peripheral Interface 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[1] | UD | 1 |
| 34 | SPI1 | X | X | Serial Peripheral Interface 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[2] | UD | 1 |
| 35 | TC0 | X | X | Timer Counter 0 (ch. 0, 1, 2) | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[3] | UD | 1 |
| 36 | TC1 | X | X | Timer Counter 1 (ch. 3, 4, 5) | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[4] | UD | 1 |
| 37 | – | – | – | – | – | – | – | – | – | – |
| 38 | PWM | X | X | Pulse Width Modulation Controller 0 (ch. 0, 1, 2, 3) | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[6] | UD | 1 |
| 39 | – | – | – | – | – | – | – | – | – | – |
| 40 | ADC | X | X | Touchscreen ADC Controller | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[8] | UD | 1 |
| 41 | UHPHS | X | X | USB Host High-Speed | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[9] | UD | 1 |
| 42 | UDPHS | X | X | USB Device High-Speed | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[10] | UD | 1 |
| 43 | SSC0 | X | X | Synchronous Serial Controller 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[11] | UD | 1 |
| 44 | SSC1 | X | X | Synchronous Serial Controller 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[12] | UD | 1 |
| 45 | LCDC | X | X | LCD Controller | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR2[13] | 1 | UD |
| 46 | ISC | X | X | Image Sensor Controller | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR2[14] | 1 | UD |
| 47 | TRNG | X | X | True Random Number Generator | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[15] | UD | 1 |
| 48 | PDMIC | X | X | Pulse Density Modulation Interface Controller | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[16] | UD | 1 |
| 49 | AIC | IRQ | – | IRQ Interrupt ID | SYS_CLK_LS | NS | H32MX | MATRIX_SPSELR2[17] | 1 | 1 |
| 50 | SFC | X | X | Secure Fuse Controller | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[18] | UD | 1 |
| 51 | SECURAM | X | X | Secure RAM | PCLOCK_LS | AS | H32MX | MATRIX_SPSELR2[19] | 0 | 1 |
| 52 | QSPI0 | X | X | Quad SPI Interface 0 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR2[20] | 1 | UD |
| 53 | QSPI1 | X | X | Quad SPI Interface 1 | HCLOCK_HS | PS | H64MX | MATRIX_SPSELR2[21] | 1 | UD |
| 54 | I2SC0 | X | X | Inter-IC Sound Controller 0 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[22] | UD | 1 |
| 55 | I2SC1 | X | X | Inter-IC Sound Controller 1 | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[23] | UD | 1 |
| 56 | MCAN0 | INT0 | X | MCAN 0 Interrupt0 | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[24] | UD | 1 |
| 57 | MCAN1 | INT0 | X | MCAN 1 Interrupt0 | HCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[25] | UD | 1 |
| 58 | PTC | X | X | Peripheral Touch Controller | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[26] | UD | 1 |
| 59 | CLASSD | X | X | Audio Class D Amplifier | PCLOCK_LS | PS | H32MX | MATRIX_SPSELR2[27] | UD | 1 |
| 60 | SFR | – | – | Special Function Register(2) | SYS_CLK_LS | PS | H32MX | MATRIX_SPSELR2[28] | UD | 1 |
| 61 | SAIC | – | – | Secure Advanced Interrupt Controller(2) | SYS_CLK_LS | AS | H32MX | MATRIX_SPSELR2[29] | 0 | 1 |
| 62 | AIC | – | – | Advanced Interrupt Controller(2) | SYS_CLK_LS | NS | H32MX | MATRIX_SPSELR2[30] | 1 | 1 |
| 63 | L2CC | X | – | L2 Cache Controller | – | PS | H64MX | MATRIX_SPSELR2[31] | 1 | UD |
| 64 | MCAN0 | INT1 | – | MCAN 0 Interrupt1 | – | PS | H32MX | MATRIX_SPSELR3[0] | UD | 1 |
| 65 | MCAN1 | INT1 | – | MCAN 1 Interrupt1 | – | PS | H32MX | MATRIX_SPSELR3[1] | UD | 1 |
| 66 | GMAC | Q1 | – | GMAC Queue 1 Interrupt | – | PS | H32MX | MATRIX_SPSELR3[2] | UD | 1 |
| 67 | GMAC | Q2 | – | GMAC Queue 2 Interrupt | – | PS | H32MX | MATRIX_SPSELR3[3] | UD | 1 |
| 68 | PIOB | X | – | – | – | AS | H32MX | MATRIX_SPSELR3[4] | 0 | 1 |
| 69 | PIOC | X | – | – | – | AS | H32MX | MATRIX_SPSELR3[5] | 0 | 1 |
| 70 | PIOD | X | – | – | – | AS | H32MX | MATRIX_SPSELR3[6] | 0 | 1 |
| 71 | SDMMC0 | TIMER | – | – | – | PS | H32MX | MATRIX_SPSELR3[7] | UD | 1 |
| 72 | SDMMC1 | TIMER | – | – | – | PS | H32MX | MATRIX_SPSELR3[8] | UD | 1 |
| 73 | RSTC | X | – | Reset Controller | SYS_CLK_LS | PS(3) | H32MX | MATRIX_SPSELR3[9] | – | – |
| 74 | SYSC, RTC | X | – | System Controller Interrupt | SYS_CLK_LS | PS(3) | H32MX | MATRIX_SPSELR3[10] | UD | 1 |
| 75 | ACC | X | – | Analog Comparator | SYS_CLK_LS | PS | H32MX | MATRIX_SPSELR3[11] | UD | 1 |
| 76 | RXLP | X | – | UART Low-Power | SYS_CLK_LS | PS | H32MX | MATRIX_SPSELR3[12] | UD | 1 |
| 77 | SFRBU | – | – | Special Function Register Backup(2) | – | PS | H32MX | MATRIX_SPSELR3[13] | UD | 1 |
| 78 | CHIPID | – | – | Chip ID | – | PS | H32MX | MATRIX_SPSELR3[14] | UD | 1 |
Note:
- AS = Always Secure; PS = Programmable Secure; NS = Never Secure.
- For security purposes, there is no matching clock but a peripheral ID only.
- The PIT, RSTC and WDT register accesses are controlled by the RTC. They are in Secure mode if the RTC is in Secure mode; they are in Non-secure mode if the RTC is in Non-secure mode.