29.5.14 PIC32CM LS00/LS60 TrustZone Protection Considerations
On TrustZone protected devices, the Flash and Data Flash areas are partitioned into secure, non-secure, and non-secure callable sections to accommodate with TrustZone core capability.
The various memory regions and attributes are provides in the table below.
Memory Region | Base Address | Size | Attribute |
---|---|---|---|
Secure Flash (BOOT region) | 0x00000000 | BOOTPROT*ROWSIZE - BNSC*0x20 | Secure |
Non-Secure Callable Flash (BOOT region) | BOOTPROT*ROWSIZE-BNSC*0x20 | BNSC*0x20 | Secure |
Secure Flash (APPLICATION region) | BOOTPROT*ROWSIZE | AS*ROWSIZE - ANSC*0x20 | Secure |
Non-Secure Callable Flash (APPLICATION region) | BOOTPROT*ROWSIZE-ANSC*0x20 | ANSC*0x20 | Secure |
Non-Secure Flash (APPLICATION region) | (BOOTPROT+AS)*ROWSIZE | (remaining APPLICATION region) | Non-secure |
Secure Data Flash | 0x00400000 | DS*ROWSIZE | Secure |
Non-Secure Data Flash | 0x00400000 + DS*ROWSIZE | (remaining Data NVM area) | Non-secure |
Access to various sections is restricted as shown in the following table. All sections can be read and write without restriction when the access is secure. When the access is non-secure the secure sections are not accessible. When defined non-secure callable sections have the same attributes as the secure sections, therefore the NVMCTRL considers them as secure regions. The system may also have a secure callable boot and application regions. These regions have the same attributes as the secure sections, so there is no special treatment needed in NVMCTRL.
Any illegal access will result in a bus error. The boot and application non-secure callable regions are shown for reference but have no effect on the NVMCTRL. These regions are included in secure regions therefore the NVMCTRL considers them as secure regions.
Memory Region | Secure Access | Non-Secure Access | Limitations |
---|---|---|---|
Secure Flash (BOOT region) | R+W | - | - |
Non-Secure Callable Flash (BOOT region) | R+W | - | - |
Secure Flash (APPLICATION region) | R+W | - | |
Non-Secure Callable Flash (APPLICATION region) | R+W | - | - |
Non-Secure Flash (APPLICATION region) | R+W | R+W | |
Secure Data Flash | R+W | - | |
Non-Secure Data Flash | R+W | R+W | |
NVM Software Calibration Row | R+W | R | |
NVM User Row (UROW) | R+W | R | |
NVM Boot Configuration Row(BOCOR) | R+W | - | No read if BCREN is cleared. No write if BCWEN is cleared. |
The Boot Configuration row (BOCOR) contains information that is read by the boot ROM and written to the IDAU and NVMCTRL registers. The BOCOR is read/writable if SCFGB.BCREN/BCWEN are set, respectively.
Memory Region | Secure Access | Non-Secure Access | Limitations |
---|---|---|---|
Secure Flash (BOOT region) | Y | N | No if SULCK.BS=0 |
Non-Secure Callable Flash (BOOT region) | Y | N | No if SULCK.BS=0 |
Secure Flash (APPLICATION region) | Y | N | No if SULCK.AS=0 |
Non-Secure Callable Flash (APPLICATION region) | Y | N | No if SULCK.AS=0 |
Non-Secure Flash (APPLICATION region) | Y | Y | No if NSULCK.ANS=0 |
Secure Data Flash | Y | N | No if SULCK.DS=0 |
Non-Secure Data Flash | Y | Y | No if NSULCK.DNS=0 |
NVM User Row (UROW) | Y | N | No if BOCOR.URWEN=0 |
NVM Boot Configuration Row (BOCOR) | Y | N | No if BOCOR.BCWEN=0 |
The NSULCK SULCK bitfields in the user row define the NSULCK and SULCK register default value after a reset.
Special care must be taken when sharing the NVMCTRL between the secure and non-secure domains. When the secure code modifies the NVM, it is recommended that it disables all write accesses to the APB non-secure alias and writes to AHB non-secure regions by writing a ‘0’ to NONSEC.WRITE. This avoids any interference with non-secure modify operations. In this case, even a secure application cannot write the page buffer at a non-secure location because the IDAU changes security attributions of Non-Secure transactions to Non-Secure regions to Non-Secure.
The NONSEC.WRITE reset value is '1', meaning that it is always possible to program a Non-Secure Flash or Data Flash region after a debugger probe cold-plugging. But if the debugger connects with the hot-plugging procedure then NONSEC.WRITE must be '1' to let the debugger program Non-Secure regions otherwise the transaction will cause a hardfault (seen as a DAP fault at DAP level).
- Disable the interrupt.
- Write a ‘1” to NONSEC.WRITE to allow writes to the non-secure region.
- Write the page buffer.
- Write a ‘0’ to NONSEC.WRITE.
- Enable the interrupt.
If the NSCHK interrupt is enabled, a NONSEC.WRITE modification will generate an interrupt so that the non-secure world is aware of this change. Depending on NSCHK.WRITE and INTFLAG.NSCHK will rise upon a rising or falling NONSEC.WRITE transition. The interrupt can be configured as secure or non-secure in the NVIC. If secure then a software mechanism can be implemented to call a non-secure NVMCTRL IRQ handler from the secure world.
The NVMCTRL monitors the Page Buffer write accesses and accepts only writes to non-secure regions when the transaction is non-secure. Moreover it checks that any write to the page buffer is in the same page as the previous write when the Page Buffer is not empty. When this check fails, an error is returned to the bus host that initiated the transaction. This ensures that it is not possible to mix different page writes into the Page Buffer. Therefore, any Page Buffer write access must at some point be followed by a manual or automatic Write Page (WP) that automatically clears the page buffer or a Clear Page Buffer (PBC) command.
For security reasons, the ADDR register is not accessible from the non-secure alias. The only way to change it is to write a data to the Page Buffer. If the intention is to issue a command that doesn't write the NVM (for instance an Erase Row command (ER)) then the PBC command must be issued to avoid locking further write accesses (even secure writes). The status of the Page Buffer is reflected by the STATUS.LOAD bitfield.