2.10.1 Introduction

The Integrity Check Monitor (ICM) is a DMA controller that performs hash calculation over multiple memory regions through the use of transfer descriptors located in memory. The Hash function is based on the Secure Hash Algorithm (SHA). The SHA module produces an N-bit message digest each time a block is read and a processing period ends. N is 160 for SHA1, 224 for SHA224, 256 for SHA256, 384 for SHA384, 512 for SHA512.

The ICM integrates two modes of operation:

The first one is used to hash a list of memory regions and save the digests to memory (ICM Hash Area).
The second mode is an active and continuous monitoring of the memory. In that mode, the hash function is evaluated and compared to the digest located at a predefined memory address (ICM Hash Area). If a mismatch occurs, an interrupt is raised. Memory integrity monitoring can be considered as a background service and the mandatory bandwidth is very limited.