16.8 Security Enforcement

Security enforcement aims at protecting intellectual property, which includes:

Restricts access to internal memories from external tools depending on the debugger access level.
Restricts access to a portion of the DSU address space from non-secure AHB hosts depending on the debugger access level.

The DAL setting can be locked or reverted using Boot ROM commands depending on the Boot ROM user configuration. When DAL is equal to 0x0, read/write accesses using the AHB-AP are limited to the DSU external address range and DSU commands are restricted. When issuing a Boot ROM Chip-Erase, sensitive information is erased from volatile memory and Flash. Refer to Boot ROM more information about the Boot ROM features.

The DSU implements a security filter that monitors the AHB transactions generated by the ARM AHB-AP inside the DAP. If DAL=0x0, then AHB-AP read/write accesses outside the DSU external address range are discarded, causing an error response that sets the ARM AHB-AP sticky error bits (refer to the "ARM Debug Interface v5 Architecture Specification", which is available for download at www.arm.com).

For security reasons, DSU features have limitations when used from a debug adapter. To differentiate external accesses from internal ones, the first 0x100 bytes of the DSU register map have been replicated at offset 0x100:

The first 0x100 bytes form the internal address range
The next 0x1F00 bytes form the external address range

When the device is protected, the DAP can only issue MEM-AP accesses in the DSU address range limited to the 0x100- 0x2000 offset range.

The DSU operating registers are located in the 0x00-0xFF area and mirrored to 0x100-0x1FF to differentiate accesses coming from a debugger and the CPU. If the device is protected and an access is issued in the region 0x100-0x1FF, it is subject to security restrictions. For more information, refer to the DAP Access Rights Depending on DAL table.

The DSU filters-out DAP transactions depending on the DAL setting and routes DAP transactions:

In the PPB or IOBUS space to the CPU debug port
Outside the PPB space and outside the IOBUS space to the DSU host port

Table 16-2. DAP Access Rights Depending on DAL
DAP access to	PIC32CM LS00/LS60			PIC32CM LE00
DAP access to	DAL=0	DAL=1	DAL=2	DAL=0	DAL=2
PPB or IOBUS	No	Yes (see Note 1)	Yes	No	Yes
DSU internal address space	No	No (see Note 2)	Yes	No	Yes
DSU external address space	Yes	Yes	Yes	Yes	Yes
Other secure areas	No	No	Yes	No	Yes
Other non-secure areas	No	Yes	Yes	No	Yes

Note:

Refer to ARMv8-M debug documentation for detailed information on PPB and IOBUS access restrictions.
When DAL=1 DAP transfers are always non-secure. The DSU internal address space can only be accessed by secure hosts.

Some features not activated by APB transactions are not available when the device is protected:

Table 16-3. Feature Availability Under Protection
Features	Availability when DAL equals to
Features	0x0	0x1 (PIC32CM LS00/LS60 only)	0x2
CPU Reset Extension	Yes	Yes	Yes
Clear CPU Reset extension	Yes	Yes	Yes
Debugger Cold-Plugging	Yes	Yes	Yes
Debugger Hot-Plugging	No	Yes	Yes