12.2.3 Memory and Peripheral Security Configurations

Memory and Peripheral security configurations are stored in different NVM configuration bit fields on two NVM Configuration rows:
  • The User Row (UROW)
  • The Boot Configuration Row (BOCOR)
Memory and Peripheral security configurations are read from these NVM Configuration rows after each reset during Boot ROM execution and are loaded after Boot ROM verifications into their respective peripheral registers (IDAU, PAC, NVMCTRL and DSU).
PeripheralPeripheral Register(s)Security ParametersSecurity Configurations
IDAUSECCTRL, SCFGB, SCFGA, SCFGRAS, ANSC, DS, RS, RXN

BNSC, BOOTPROT

Memories security configurations (Flash, Data Flash and SRAM)
PACNONSECA, NONSECB, NONSECC

SECLOCKA, SECLOCKB, SECLOCKC

One bit per PeripheralPeripherals security configuration

Peripherals security configuration lock

DSUSTATUSBDALDebug Access Level status
NVMCTRLSECCTRL, SCFGB, SCFGADDXN

URWEN, BCREN, BCWEN

Memories security configurations (Data Flash)

NVM Configuration rows R/W capability

SECCTRLDALUNDebug Access Level capability
Important: Modifying the security configurations by (re)-programming the different NVM Configuration rows (using the NVMCTRL peripheral) is possible but the changes done on these NVM Configuration rows will always be applied only after a new reset sequence happens (through a new Boot ROM execution).

It is also possible, depending on the SECCFGLOCK NVM bit from BOCOR row, to allow the modifications of the security configurations during the application execution by programming the different IDAU, PAC, and NVMCTRL peripheral registers. This brings an added-value in term of security privileges to the secure software code running out of the Flash Boot region compared to the one running out of the Flash APPLICATION region as it is possible to exit the Boot ROM without locking the security configuration bits.

Therefore, the secure software code of the Flash Boot region will have the responsibility to lock the security configuration before passing control on to the secure software code of the Flash application region.

.

After exiting the Boot ROM:
  • If SECCFGLOCK = 1:
    • The security configurations are locked, hence no code (even secure) can change them before next reset sequence.
    • The only way to update the security configurations is to reprogram the NVM Configuration rows then reset the device.
  • If SECCFGLOCK = 0:
    • The security configurations can be modified during the application execution.
    • It remains also possible to update the security configurations by reprogramming the NVM Configuration rows then resetting the device.
Note: Refer to the IDAU, NVMCTRL and PAC peripherals for additional information.
CAUTION: If BOCOR.SECCFGLOCK = 0, to guarantee the security of the overall application, it is critical that the secure software code of the Boot region locks all the IDAU/PAC/NVMCTRL security configuration registers and restore the Debug Access Level configuration:
  • IDAU.SECCTRL.SCFGWEN = 0
  • NVMCTRL.SECCTRL.SCFGWEN = 0
  • PAC.WRCTRL = SECLOCK command for each peripheral (excluding IDAU/DSU which are always locked)
  • NVMCTRL.SECCTRL.DALUN = 1 which restores DAL configuration
Refer to the IDAU, NVMCTRL, and PAC peripherals for additional information.