13.6 IDAU Watermark Regions

Enter a short description of your topic here (optional).

Watermark regions are divided into a secure, non-secure callable, and non-secure subregions. The security attributes for each subregion is fixed but the size of the non-secure callable and non-secure subregions are programmable. The size of the secure subregion is derived from programmed size of the non-secure callable and non-secure subregions, where the secure subregion size = region size - nonsecure callable subregion size - non-secure subregion size.

Security filtering is performed based on the subregion security attribute. Non-secure bus requests to an address within the secure subregion are rejected with a slave bus error. Non-secure data accesses to an address within the non-secure callable region are also rejected with a slave bus error, however, nonsecure instruction fetches are accepted. All other combinations are allowed.

For this type of region, the RSTATUSAn.TYPE=3 and 2^{RSTATUSBn.GRAN} specifies the granularity in bytes for subregion sizing.

The lower address of the secure subregion is given by RSTATUSAn.ADDR[31:10] * 2¹⁰ and the upper address by RSTATUSAn.ADDR[31:10] * 2¹⁰ + RSECSZn.SZM * 2^{RSTATUSBn.GRAN} - 1

The lower address of the non-secure callable subregion is given by RSTATUSAn.ADDR[31:10] * 2¹⁰ + RSECSZn.SZM * 2^{RSTATUSBn.GRAN} and the upper address is RSTATUSAn.ADDR[31:10] * 2¹⁰ + (RSECSZn.SZM + RNSCSZn.SZM) * 2^{RSTATUSBn.GRAN} - 1 when RNSCSZn.SZM is greater than 0.

The lower address of the non-secure subregion is RSTATUSAn.ADDR[31:10] * 2¹⁰ + (RSECSZn.SZM + RNSCSZn.SZM) * 2^{RSTATUSBn.GRAN} and the upper address is given by RSTATUSAn.ADDR[31:10] * 2¹⁰ + 2^{RSTATUSAn.SIZE} - 1 when RNSSZn.SZM is greater than 0.

RSECSZn.SZM provides the size of the secure subregion, RNSCSZx.SZM the size of the non-secure callable subregion, and RNSSZn.SZM the size of the non-secure subregion. The RSECSZn.SZM field is updated each time the application updates the non-secure callable or non-secure subregions sizes. A subregion does not manifest if R*SZn.SZM=0.

Program the subregion sizes through the RCTRL register by issuing the NSCSZ or NSSZ command and providing a sizing value in RCTRL.ARG equal to the desired size in bytes divided by 2^{RSTATUSBn.GRAN}. Attempting to size the non-secure callable or non-secure subregions greater than 2^{RSTATUSAn.SIZE} or sizing either region such that the combined size of non-secure callable and non-secure subregions is greater than 2^{RSTATUSAn.SIZE} results in setting STATUS.CFGERR and ignoring the command.

Watermark regions are active only when CTRLA.ENABLE=1. If CTRLA.ENABLE=0, watermark regions are treated as exempt.

Figure 13-4. WATERMARK REGION WITH ONLY A SECURE SUBREGION

Figure 13-5. WATERMARK REGION WITH ONLY A NON-SECURE SUBREGION

Figure 13-6. Watermark Region with a Secure and Non-Secure Callable Subregion

Figure 13-7. Watermark Region With a Secure and Non-Secure Subregion

Figure 13-8. Watermark Region with a Non-Secure Callable and Non-Secure Subregion

Figure 13-9. Watermark Region with all three Subregions