29.5.9 SAM L11 TrustZone Specific Register Access Protection

When the EIC is not PAC secured, non-secure and secure code can both access all functionalities. When the EIC is PAC secured, all registers are by default available in the secure alias only.

A PAC secured EIC can open up individual external interrupts for non-secure access. This is done using the NONSEC and the NONSECNMI registers. When an external interrupt has been set as non-secure, it can be handled from non-secure code, using the EIC module non-secure alias. Since only Secured code has the rights to modify the NONSEC register, an interrupt-based mechanism has been added to let Non Secured code know when these registers have been changed by Secured code. A single flag called NSCHK in the INTFLAG register will rise should changes, conditioned by the NSCHK register, occur in the NONSEC or NONSECNMI registers.

EIC Security Attribution registers (NONSEC and NONSECNMI) can only be written in the secure alias, otherwise a PAC error results.
The configuration of secured external interrupts can only be changed in the secure alias. Attempt to change the configuration in non-secure mode is silently ignored. Affected configuration registers are: CTRLA, NMICTRL, NMIFLAG, EVCTRL, INTENCLR, INTENSET, INTFLAG, ASYNCH, CONFIGn, DEBOUNCEN, DPRESCALER.

Note: Refer to the Mix-Secure Peripherals section in the SAM L11 Security Features chapter for more information.