31.2.11.1 CFG Read Protect (CRP)

CRP *RP bits provide read protection for CFM pages. Some CFM pages may contain secret information accessible only to the BootROM code. The BootROM can protect and lock these page before it exits. The BootCfg page contains values to be used by the BootROM to program the CRP register before allowing boot flash to execute. See the device spec for this location do so. When read protected, read of this page cause a bus error.

If TrustZone is enabled on the device, then pages not used by the BootROM could be left unlock such that trusted code has the option to select the page settings. However, if the device is not a TrustZone device then the BootROM should lock the protection setting while keeping the page readable.

When read protected, reads of this space generate a bus error, return data of all 1’s and do not report SEC/DED ECC or Parity errors. Internal sources such as CRC and FLT are blocked (via return data of all 1’s) w/o generation of an access error.

Local Lock Bits

The user may optionally select to prevent further writes to a CRP register bits by also setting associated local LOCK bits (in the same register) when writing the CRP value.

When a local lock bit is set (BCnRPLOCK = 1, n = 1 or 2), subsequent writes to that register (even if the unlock sequence is followed) have no effect, creating a “write once’ register. Local LOCK bits revert to the unlocked state at reset.

VSS Page Protect

For device families that have an HSM option, the VSS pages are always read protected from sources other than the HSM. The FCR protects VSS from internal source such as the CRC and FLT. CRC logic is blocked from reading VSS pages and FLT logic cannot inject or capture faults for reads or writes of VSS pages.