34.5.1.1 Security Management

The user must first define the security level of the I/O line. Each I/O line of each I/O group must be defined as either secure or non-secure lines. Each I/O line of the I/O group x can be set as non-secure I/O line by writing a 1 to the corresponding bit P0–P31 of the Secure PIO Set I/O Non-Secure register (S_PIO_SIONRx) of the I/O group x.

To define an I/O line of I/O group x as a secure I/O line, write a 1 to the corresponding bit P0–P31 of the Secure PIO Set I/O Secure register (S_PIO_SIOSRx) of the I/O group x.

Examples:

Setting the I/O line PC4 as a non-secure line:

  • Write the value 16 (bit 4 at 1) at address 0x10B0 (S_PIO_SIONR2)

Setting the I/O line PB3 as a secure line:

  • Write the value 8 (bit 3 at 1) at address 0x1074 (S_PIO_SIOSR1)

The security level of each I/O line is reported by the Secure PIO I/O Security Status register (S_PIO_IOSSRx) of the corresponding I/O group. Reading 0 at the corresponding bit P0–P31 means that the corresponding I/O line of the I/O group is defined as secure. Reading 1 means that this I/O line of the I/O group is non-secure.

The PIO Controller user interface is divided into two register mapping areas:

  • The Non-Secure area, located from address 0x0 to 0x1000, can be accessed by any (secure or non-secure) host. This area interfaces with all the I/O lines defined as non-secure. Trying to access to an I/O line defined as secure through this area will have no effect on the I/O line and the read values will be 0.
  • The Secure area, located above address 0x1000, can only be accessed by a secure host (if the PIO Controller is defined as secure at the HMATRIX level). This area interfaces with all the I/O lines defined as secure. Trying to access to an I/O line defined as non-secure through this area will have no effect on the I/O line and the read values will be 0.