7.4 Safety and Security

Peripheral Access Controller (PAC)

The Peripheral Access Controller (PAC) is a hardware security and safety feature that controls access to critical peripherals and reports access errors. It helps prevent unintended or unauthorized operations that could compromise an application’s system integrity or safety.

The following are key features of the PAC:

  • Access control/protection: Read, write, and execute permissions for each peripheral
  • Violation reports: Interrupt generation for unauthorized access
  • Locking mechanism: Locked peripherals cannot be changed until the next device reset
  • Integration with security domains: Enables separation of secure and non-secure access to peripherals

Device Service Unit (DSU)

The Device Service Unit (DSU) is a dedicated hardware peripheral that provides advanced device-level debug, test, programming support, and memory integrity operations. It is used in development, manufacturing, and maintenance scenarios that require direct access to the microcontroller’s memory and debugging features, such as diagnostic tests for functional safety standards

The following are key features of the DSU:

  • Programming and debug support: Allows external tools to access and manipulate device memory without CPU intervention
  • Arm CoreSight™: compliant device identification
  • Access to device signature and identification registers
  • Memory region operations: Enable firmware updates and diagnostics
  • On-board Memory Built-In Self-Test (MBIST)
  • Hardware CRC calculation: Adds integrity checks, essential for bootloader validation and safety applications
  • Breakpoint and watchpoint support for advanced debugging
  • Error and status reporting

Integrity Check Monitor (ICM)

Some PIC32CM device families include an Integrity Check Monitor (ICM) to ensure memory integrity using cryptographic hash functions. The ICM acts as a DMA controller that autonomously performs hash calculations over multiple memory regions, using transfer descriptors stored in memory (the ICM Descriptor Area). This is primarily used in applications that require high reliability, safety, and security.

The following are key features of the ICM:

  • DMA AHB host interface
  • Multi-region monitoring: Up to four non-contiguous memory regions simultaneously
  • Linked list support: Allows flexible block gathering and management of memory regions through linked list descriptors
  • Two modes of operation:
    • Hash mode: Calculates hashes for a list of memory regions and stores the digests in memory (ICM Hash Area)
    • Active Monitoring mode: Continuously hashes memory regions and compares the result to a stored digest; if a mismatch is detected, an interrupt is raised
  • Hash algorithms
    • Supports SHA1, SHA224, and SHA256
    • Compliant with FIPS Publication 180-2
  • Configurable processing period
  • Programmable bus burden

Hardware Security

PIC32CM MCUs offer a wide range of hardware security peripherals and features, such as:

  • Peripheral Access Controller (PAC)
    • Controls write access to peripheral registers to protect critical system resources
  • Memory Protection Unit (MPU)
    • Defines memory regions with access permissions
  • Device Service Unit (DSU)
    • Provides device identification and in-system programming support. Supports firmware updates and device authentication.
  • Lock bits and security fuses
    • Disable debug/programming interfaces or lock memory regions, preventing unauthorized access to code and data

Other PIC32CM device families with Arm Cortex-M23 offer additional security features, either as stand-alone peripheral/features or integrated into a Hardware Security Module Lite (HSM Lite) peripheral:

  • Arm TrustZone® support
    • Enables trusted execution environments, IP protection, and secure partitioning of resources
  • TrustRAM (TRAM)
    • Controls volatile secret data
  • Cryptographic Accelerators (AES, SHA, GCM, etc.)
    • Enable secure data encryption and authentication
  • True Random Number Generator (TRNG)
    • Generates high-quality random numbers for cryptographically secure keys
  • Secure boot
    • Verifies firmware integrity and authenticity before execution
  • Tamper detection (Anti-Tamper)
    • Detects physical tampering attempts and triggers protective actions for sensitive data
  • Device Identity Composition Engine (DICE)
    • Derives cryptographically strong device identities and keys
  • Physical Unclonable Function (PUF)
    • Generates unique and unclonable fingerprints

Refer to each PIC32CM device family data sheet for more information on the supported security features.