7.4.3 Integrity Check Monitor (ICM)

Some PIC32CM device families include an Integrity Check Monitor (ICM) to ensure memory integrity using cryptographic hash functions. The ICM acts as a DMA controller that autonomously performs hash calculations over multiple memory regions, using transfer descriptors stored in memory (the ICM Descriptor Area). This is primarily used in applications that require high reliability, safety and security.

The following are key features of the ICM:

• DMA AHB host interface
• Multi-region monitoring—Up to four non-contiguous memory regions simultaneously
• Linked list support—Allows flexible block gathering and management of memory regions through linked list descriptors
• Two modes of operation:
  • Hash mode—Calculates hashes for a list of memory regions and stores the digests in memory (ICM Hash Area)
  • Active Monitoring mode—Continuously hashes memory regions and compares the result to a stored digest; if a mismatch is detected, an interrupt is raised
• Hash algorithms
  • Supports SHA1, SHA224, and SHA256
  • Compliant with FIPS Publication 180-2
• Configurable processing period
• Programmable bus burden