13.2.8 Mix-Secure Peripherals

There are five Mix-Secure peripherals that allow internal resources to be shared between the Secure and Non-Secure applications:

  • The PAC controller which manages peripherals security attribution (Secure or Non-Secure).
  • The Flash memory controller (NVMCTRL) which supports Secure and Non-Secure Flash regions programming.
  • The I/O controller (PORT) which allows to individually allocate each I/O to the Secure or Non-Secure applications.
  • The External Interrupt Controller (EIC) which allows to individually assign each external interrupt to the Secure or Non-Secure applications.
  • The Event System (EVSYS) allows to individually assign each event channel to the Secure or Non-Secure applications.
When a Mix-Secure peripheral is configured as Secure in the PAC, its register map is automatically duplicated in a Secure and Non-Secure alias:
  • The Non-Secure alias is at the peripheral base address.
  • The Secure alias is located at the peripheral base address:
    • + 0x200 offset for the PAC, EIC, PORT and EVSYS peripherals
    • + 0x1000 offset for the NVMCTRL peripheral.
The Secure alias has the following characteristics:
  • All of the peripheral registers are available for the Secure application through the Secure alias
  • When an internal resource becomes available to the Non-Secure application, the corresponding registers (called Mix-Secure registers) or bitfields in registers are still accessible through this Secure alias by the Secure application
  • Non-Secure accesses to this Secure alias are discarded (Write is ignored, Read is 0x0) and a PAC error is triggered
The Non-Secure alias has the following characteristics:
  • Only a restricted set of registers are available for the Non-Secure application through the Non-Secure alias
  • It is the responsibility of the Secure application to assign some resources to the Non-Secure application. This is done by setting the corresponding bits in the NONSECx registers of the Mix-Secure peripheral.
    • When an internal resource becomes available for the Non-Secure application, the corresponding registers (called Mix-Secure and Write-Mix-Secure registers) or bitfields in the registers are accessible through the Non-Secure alias by the Non-Secure application
    • Non-Secure accesses to Secure resources (registers, bitfields) are silently discarded (Write is ignored, Read is 0x0) and no error is generated
  • Secure accesses to the Non-Secure alias are silently discarded (Write is ignored, Read is 0x0) and no error is generated
Mix-Secure peripherals have always the following registers:
  • NONSEC register is a generic register that tells the Non-Secure application which resources inside a Mix-Secure peripheral can be used
  • NSCHK register is a register allowing the Non-Secure application to be notified when the security configuration of a Mix-Secure peripheral is being modified during application execution
Important: It is recommended that the Non-Secure application first copy the content of NONSEC register inside NSCHK register, and then enable the NSCHK interrupt flags. Once done, any changes to the NONSEC register by the Secure application will trigger an interrupt so that Non-Secure application can take appropriate actions. This mechanism allows the Secure application to dynamically change the security attribution of a Mix-Secure peripheral and avoid illegal accesses from the Non-Secure application. The interrupt handler should always copy the NONSEC register to NSCHK register before exiting it.
Mix-Secure peripherals can have five type of registers:
  • Non-Secure: these registers will always be available in both the Secure and Non-Secure aliases
  • Secure: these registers will never be available in the Non-Secure alias and always available in the Secure alias
  • Write-Secure: these are registers than can:
    • Be written or read by the Secure application only in the Secure alias
    • Only read by the Non-Secure application in Non-Secure alias. Write is forbidden
  • Mix-Secure registers : these ones are used when a resource can be allocated to either the Secure and Non-Secure alias
    • Note that, in some cases, the Mix-Secure properties apply to a bitfield only (like one I/O bit in the PORT peripheral register)
  • Write-Mix-Secure registers (NVMCTRL peripheral only): these are Mix-Secure registers, which:
    • can be written or read by the Secure application only in the Secure alias
    • can only be read by the Non-Secure application in Non-Secure alias except if Non-Secure writes are authorized in NVMCTRL.NONSEC register
Table 13-11. SAM L11 Mix-Secure Peripheral Registers Access
Mix-Secure Peripheral Register Secure Host Access Non-Secure Host Access
Secure Alias Non-Secure Alias Secure Alias Non-Secure Alias
Non-Secure Read / Write

Discarded

(Write ignored / Read 0x0)

No Error is generated

Discarded

(Write ignored / Read 0x0)

PAC Error is generated

Read / Write
Secure

Discarded (Write ignored / Read 0x0)

No Error is generated

Write-Secure

Read-only (Write ignored)

No Error is generated

Mix-Secure

Read/Write if the resource is available for the Non-Secure Application

Discarded if not (Write ignored / Read 0x0) and no error is generated

Write-Mix-Secure

Read /Write if the resource is available for the Non-Secure Application

Read-only if not (Write ignored) and no error is generated