16.8 Security Enforcement

Security enforcement aims at protecting intellectual property, which includes:
  • Restricts access to internal memories from external tools depending on the debugger access level.
  • Restricts access to a portion of the DSU address space from non-secure AHB hosts depending on the debugger access level.
The DAL setting can be locked or reverted using Boot ROM commands depending on the Boot ROM user configuration. When DAL is equal to 0x0, read/write accesses using the AHB-AP are limited to the DSU external address range and DSU commands are restricted. When issuing a Boot ROM Chip-Erase, sensitive information is erased from volatile memory and Flash. Refer to 14 Boot ROM more information about the Boot ROM features.

The DSU implements a security filter that monitors the AHB transactions generated by the ARM AHB-AP inside the DAP. If DAL=0x0, then AHB-AP read/write accesses outside the DSU external address range are discarded, causing an error response that sets the ARM AHB-AP sticky error bits (refer to the "ARM Debug Interface v5 Architecture Specification", which is available for download at www.arm.com).

For security reasons, DSU features have limitations when used from a debug adapter. To differentiate external accesses from internal ones, the first 0x100 bytes of the DSU register map have been replicated at offset 0x100:
  • The first 0x100 bytes form the internal address range
  • The next 0x1F00 bytes form the external address range

When the device is protected, the DAP can only issue MEM-AP accesses in the DSU address range limited to the 0x100- 0x2000 offset range.

The DSU operating registers are located in the 0x00-0xFF area and mirrored to 0x100-0x1FF to differentiate accesses coming from a debugger and the CPU. If the device is protected and an access is issued in the region 0x100-0x1FF, it is subject to security restrictions. For more information, refer to the table, Feature Availability Under Protection.

Figure 16-4. APB Memory Mapping

The DSU filters-out DAP transactions depending on the DAL setting and routes DAP transactions:

  • In the PPB or IOBUS space to the CPU debug port
  • Outside the PPB space and outside the IOBUS space to the DSU host port
Table 16-1. DAP access rights depending on DAL:
DAP access to SAM L11 SAM L10
DAL=0 DAL=1 DAL=2 DAL=0 DAL=2
PPB or IOBUS No Yes (see Note 1) Yes No Yes
DSU internal address space No No (see Note 2) Yes No Yes
DSU external address space Yes Yes Yes Yes Yes
Other secure areas No No Yes No Yes
Other non-secure areas No Yes Yes No Yes
Note:
  1. Refer to ARMv8-M debug documentation for detailed information on PPB and IOBUS access restrictions.
  2. When DAL=1 DAP transfers are always non-secure. The DSU internal address space can only be accessed by secure hosts.

Some features not activated by APB transactions are not available when the device is protected:

Table 16-2. Feature Availability Under Protection
Features Availability when DAL equals to
0x0 0x1

(SAM L11 only)

0x2
CPU Reset Extension Yes Yes Yes
Clear CPU Reset extension Yes Yes Yes
Debugger Cold-Plugging Yes Yes Yes
Debugger Hot-Plugging No Yes Yes