13.1 Features

SAM L11-specific security features can be divided into two main categories.

The first category relates to the ARM TrustZone for Cortex-M technology features:

Flexible hardware isolation of memories and peripherals:
- Up to six regions for the Flash
- Up to two regions for the Data Flash
- Up to two regions for the SRAM
- Individual security attribution (secure or non-secure) for each peripheral using the Peripheral Access Controller (PAC)
- Mix-Secure peripherals which support both secure and non-secure security attributions
Three debug access levels allowing:
- The highest debug level with no restrictions in term of memory and peripheral accesses
- A restricted debug level with non-secure memory regions access only
- The lowest debug level where no access is authorized except with a debugger using a Boot ROM-specific mode
Different chip erase support according to security settings
Security configuration is fully stored in Flash and safely auto-loaded at startup during Boot ROM execution using CRC checks
Important: Debug access levels transitions as Chip Erase commands support are described in the Boot ROM chapter.

The second category relates to the SAM L11-specific security features, which are not related to ARM TrustZone for Cortex-M technology support:

Built-in cryptographic accelerator accessible through cryptographic libraries stored in ROM
- Supporting AES-128 encryption/decryption, SHA-256 authentication, GCM encryption and authentication
Secure Boot, which performs integrity check on a configurable portion of the Flash (BS memory area)
Secure pin multiplexing to isolate on dedicated SERCOM I/O pins a secured communication with external devices from the Non-Secure application
Data Flash Scrambling

The SAM L11 has other security features, which are not described in this chapter as they are common to both SAM L10 and SAM L11 such as: