5.1 Memory Partitioning and Layout

When planning the TrustZone® memory layout, consider the following factors for the Secure region allocation:

  • Flash Requirements
The PSA Crypto library size varies based on the selected configuration profile. The Small profile provides minimal footprint suitable for constrained applications, while the Full profile requires significantly more Flash to accommodate all cryptographic algorithms. Additionally, allocate space for veneer functions, secure initialization code and any secure application logic.
  • RAM Requirements

The Secure heap must accommodate cryptographic operation buffers and stack space for cryptographic computations. Large asymmetric operations, such as RSA, require substantial stack space.

  • Non-Secure Callable (NSC) Region

A dedicated NSC region must be configured to hold the veneer functions serving as the gateway between Non-Secure application code and Secure cryptographic services. This region is marked as Secure but callable from Non-Secure code.

While using the Small or Medium profiles on PIC32CM SG, use the standard partitioning available in the MPLAB® Code Configurator (MCC), with a total of 512 KB of Flash and 128 KB of SRAM. While using the Large and Full profiles, adjust the size as per the code and data segment requirements by increasing the Secure area and reducing the Non-Secure one.

  • Flash Layout
Region Size Purpose
AS (Application Secure) 258,048 bytes Secure application code/data
ANSC (Application Non-Secure Callable, Veneer) 4,096 bytes Secure APIs exposed to the non-secure world
ANS (Application Non-Secure) 262,144 bytes Non-secure application code
  • SRAM Layout
Region Size Purpose
RS (RAM Secure) 65,536 bytes Secure run-time data
RNS (RAM Non-Secure) 65,536 bytes Non-secure run-time data