11.1 Architectural Overview

A simplified block diagram of the security module is illustrated in Figure 11-1

Figure 11-1. Security Module Block Diagram

Security module access control is provided for the entire system address space and is based on the address of the access, type of access and the device mode of operation. Access control is enforced in all modes of operation for the CPU, NVM and for all other modules on the peripheral system bus. Accesses can be denied due to a variety of reasons including:

Code-protect violation
Flash protection region violation
Access to reserved space or a Flash space-specific violation (e.g., attempted execution from user configuration space).

An access is allowed only if permitted by all access controls. An access control evaluation is done at the time the Flash memory is accessed. Accesses to the Flash space returned from the instruction cache, prefetch buffer or a NVM read data buffer are not checked.