13.1 Features
SAM L11-specific security features can be divided into two main categories.
The first category relates to the ARM TrustZone for Cortex-M technology features:
- Flexible hardware isolation of
memories and peripherals:
- Up to six regions for the Flash
- Up to two regions for the Data Flash
- Up to two regions for the SRAM
- Individual security attribution (secure or non-secure) for each peripheral using the Peripheral Access Controller (PAC)
- Mix-Secure peripherals which support both secure and non-secure security attributions
- Three debug access levels
allowing:
- The highest debug level with no restrictions in term of memory and peripheral accesses
- A restricted debug level with non-secure memory regions access only
- The lowest debug level where no access is authorized except with a debugger using a Boot ROM-specific mode
- Different chip erase support according to security settings
- Security configuration is fully
stored in Flash and safely auto-loaded at startup during Boot ROM execution using
CRC checksImportant: Debug access levels transitions as Chip Erase commands support are described in the Boot ROM chapter.
The second category relates to the SAM L11-specific security features, which are not related to ARM TrustZone for Cortex-M technology support:
- Built-in cryptographic accelerator
accessible through cryptographic libraries stored in ROM
- Supporting AES-128 encryption/decryption, SHA-256 authentication, GCM encryption and authentication
- Secure Boot, which performs integrity check on a configurable portion of the Flash (BS memory area)
- Secure pin multiplexing to isolate on dedicated SERCOM I/O pins a secured communication with external devices from the Non-Secure application
- Data Flash Scrambling
The SAM L11 has other security features, which are not described in this chapter as they are common to both SAM L10 and SAM L11 such as:
- One True Random Number Generator (TRNG)
- Data Flash and TrustRAM rapid tamper, silent access features
- A unique 128-bit serial number