13.2.8 Mix-Secure Peripherals
There are five Mix-Secure peripherals that allow internal resources to be shared between the Secure and Non-Secure applications:
- The PAC controller which manages peripherals security attribution (Secure or Non-Secure).
- The Flash memory controller (NVMCTRL) which supports Secure and Non-Secure Flash regions programming.
- The I/O controller (PORT) which allows to individually allocate each I/O to the Secure or Non-Secure applications.
- The External Interrupt Controller (EIC) which allows to individually assign each external interrupt to the Secure or Non-Secure applications.
- The Event System (EVSYS) allows to individually assign each event channel to the Secure or Non-Secure applications.
- The Non-Secure alias is at the peripheral base address.
- The Secure alias is located at the peripheral base address:
- + 0x200 offset for the PAC, EIC, PORT and EVSYS peripherals
- + 0x1000 offset for the NVMCTRL peripheral.
- All of the peripheral registers are available for the Secure application through the Secure alias
- When an internal resource becomes available to the Non-Secure application, the corresponding registers (called Mix-Secure registers) or bitfields in registers are still accessible through this Secure alias by the Secure application
- Non-Secure accesses to this Secure alias are discarded (Write is ignored, Read is 0x0) and a PAC error is triggered
- Only a restricted set of registers are available for the Non-Secure application through the Non-Secure alias
- It is the responsibility of the
Secure application to assign some resources to the Non-Secure application. This
is done by setting the corresponding bits in the NONSECx registers of the
Mix-Secure peripheral.
- When an internal resource becomes available for the Non-Secure application, the corresponding registers (called Mix-Secure and Write-Mix-Secure registers) or bitfields in the registers are accessible through the Non-Secure alias by the Non-Secure application
- Non-Secure accesses to Secure resources (registers, bitfields) are silently discarded (Write is ignored, Read is 0x0) and no error is generated
- Secure accesses to the Non-Secure alias are silently discarded (Write is ignored, Read is 0x0) and no error is generated
- NONSEC register is a generic register that tells the Non-Secure application which resources inside a Mix-Secure peripheral can be used
- NSCHK register is a register allowing the Non-Secure application to be notified when the security configuration of a Mix-Secure peripheral is being modified during application execution
- Non-Secure: these registers will always be available in both the Secure and Non-Secure aliases
- Secure: these registers will never be available in the Non-Secure alias and always available in the Secure alias
- Write-Secure: these are
registers than can:
- Be written or read by the Secure application only in the Secure alias
- Only read by the Non-Secure application in Non-Secure alias. Write is forbidden
- Mix-Secure registers :
these ones are used when a resource can be allocated to either the Secure and
Non-Secure alias
- Note that, in some cases, the Mix-Secure properties apply to a bitfield only (like one I/O bit in the PORT peripheral register)
- Write-Mix-Secure registers
(NVMCTRL peripheral only): these are Mix-Secure registers, which:
- can be written or read by the Secure application only in the Secure alias
- can only be read by the Non-Secure application in Non-Secure alias except if Non-Secure writes are authorized in NVMCTRL.NONSEC register
Mix-Secure Peripheral Register | Secure Host Access | Non-Secure Host Access | ||
---|---|---|---|---|
Secure Alias | Non-Secure Alias | Secure Alias | Non-Secure Alias | |
Non-Secure | Read / Write |
Discarded (Write ignored / Read 0x0) No Error is generated |
Discarded (Write ignored / Read 0x0) PAC Error is generated |
Read / Write |
Secure |
Discarded (Write ignored / Read 0x0) No Error is generated |
|||
Write-Secure |
Read-only (Write ignored) No Error is generated |
|||
Mix-Secure |
Read/Write if the resource is available for the Non-Secure Application Discarded if not (Write ignored / Read 0x0) and no error is generated |
|||
Write-Mix-Secure |
Read /Write if the resource is available for the Non-Secure Application Read-only if not (Write ignored) and no error is generated |