54.4.10.3 Security and Safety Analysis and Reports

Several types of checks are performed when the SHA is enabled.

The peripheral clock of the SHA is monitored by a specific circuitry to detect abnormal waveforms on the internal clock net that may affect the behavior of the SHA. Corruption on the triggering edge of the clock or a pulse with a minimum duration may be identified. If the SHA_WPSR.CGD flag is set, an abnormal condition occurred on the peripheral clock. This flag is not set under normal operating conditions.

The internal sequencer of the SHA is also monitored, and if an abnormal state is detected, the SHA_WPSR.SEQE flag is set. This flag is not set under normal operating conditions.

Software accesses to the SHA are monitored and if an incorrect access is performed, the SHA_WPSR.SWE flag is set. The type of incorrect/abnormal software access is reported in the SHA_WPSR.SWETYP field (see SHA Write Protection Status Register for details), e.g., reading the SHA_ODATARx when the SHA_ISR.DATRDY flag is cleared is an error. SHA_WPSR.ECLASS is an indicator reporting the criticality of the SWETYP report.

The CGD, SEQE, SWE and WPVS flags are automatically cleared when SHA_WPSR is read.

If one of these flags is set, the SHA_ISR.SECE flag is set and can trigger an interrupt if SHA_IMR.SECE is ‘1’. SECE is cleared by reading SHA_ISR.

It is possible to configure an action to be performed by SHA as soon as an abnormal event detection occurs. If SHA_WPMR.ACTION > 0, a lock is performed. When a lock occurs, the current processing is ended normally but any new processing is not performed whatever the start mode of operation (see SHA_MR.SMOD).

A locked state of the SHA is unlocked as follows:

  1. Read SHA_WPSR.
  2. Disable the source of tamper if the tamper is enabled.
  3. Write a ‘1’ to SHA_CR.UNLOCK.

It is possible to select the type of event that will lock the SHA in case of abnormal event detection. See SHA_WPMR.ACTION for details.

If SHA_MR.TMPLCK=1 and the tamper pin is active, the SHA is locked whatever the value of the field SHA_WPMR.ACTION.