3.6.5.10 Security and Safety Analysis and Reports
Several types of checks are performed when the MPDDRC is accessing the memory device.
The registers listed below are monitored with a single error checker and, in case of a single error event, the error is reported in MPDDRC_WPSR.SEQE:
-
Mode register (MPDDRC_MR)
-
Memory Device register (MPDDRC_MD
-
Refresh Timer register (MPDDRC_RTR)
-
Timing Parameter 0/1/2 registers (MPDDRC_TPR0/1/2)
-
Low-Power register (MPDDRC_LPR)
-
Configuration register (MPDDRC_CR)
-
OCMS KEY1 register (MPDDRC_OCMS_KEY1)
-
OCMS KEY2 register (MPDDRC_OCMS_KEY2)
The peripheral clock of the MPDDRC is monitored by specific circuitry to detect abnormal waveforms on the internal clock net that may affect the behavior of the MPDDRC. Corruption on the triggering edge of the clock or a pulse with a minimum duration may be identified. If the flag MPDDRC_WPSR.CGD is set, an abnormal condition occurred on the peripheral clock. This flag is not set under normal operating conditions.
The internal sequencer of the MPDDRC is also monitored and if an abnormal state is detected, the flag MPDDRC_WPSR.SEQE is set. This flag is not set under normal operating conditions.
If the flag MPDDRC_WPSR.CGD = 1, a clock glitch has been detected. This flag is not set under normal operating conditions.
The software accesses to the MPDDRC are monitored and if an incorrect access is performed, the flag MPDDRC_WPSR.SWE is set. The type of incorrect/abnormal software access is reported in the MPDDRC_WPSR.SWETYP field (see MPDDRC Write Protection Status Register (MPDDRC_WPSR) for details), e.g., writing a new configuration (MPDDRC_CR, MPDDRC_TPR0/1/2, MPDDRC_MD, MPDDRC_OCMS, MPDDRC_OCMS_KEY1/2) after the initialization of the MPDDRC (i.e., if MPDDRC_TR.COUNT > 0) is an error. MPDDRC_WPSR.ECLASS is an indicator reporting the criticality of the SWETYP report.
The flags CGD, SEQE, SWE and WPVS are automatically cleared when MPDDRC_WPSR is read.
If one of these flags is set, the flag MPDDRC_ISR.SECE is set and can trigger an interrupt if the MPDDRC_IMR.SECE bit is ‘1’. SECE is cleared by reading MPDDRC_ISR.
The MPDDRC embeds an automatic periodic check of an address of the memory device. This function can be enabled by writing a 1 to the MPDDRC_SAFETY.EN bit. The address to be checked can be configured by writing the field MPDDRC_SAFETY.ADDRESS. When MPDDRC_SAFETY.EN = 1, the MPDDRC performs read and write accesses with specific, predetermined, data patterns to the configured address, with no impact for the application software.
MPDDRC_SAFETY.EN must be set immediately after the initialization sequence.