35.11 PIC32CM SG Specific Secure Access Protection

Depending on the H2PB configuration defined by the user in BOOTCFG fuses, the PORT module can either be configured as secure or mix-secure. Secure or non-secure transactions can then be filtered by the H2PB bridge. When a write is allowed by the H2PB bridge, it is still subject to the PAC write protection if enabled.

When the PORT is configured as secure:

• Secure accesses are granted by the H2PB bridge
• Non-secure reads are blocked in the H2PB bridge, return 0 and generates a bus error
• Non-secure writes are blocked in the H2PB bridge, and generates a bus error

When the PORT is configured as mix-secure, it is possible to open up individual pins for non-secure access. This is done using the NONSEC registers. When a pin has been set as non-secure, it can be handled from the non-secure code. Since only secured code has the rights to modify the NONSEC register, an interrupt-based mechanism has been added to let non-secured code know when this register has been changed by the secured code. A single flag called NSCHK in the INTFLAG register will rise should changes, conditioned by the NSCHK register, occur in the NONSEC register.

When the PORT is configured as mix-secure, secure, or non-secure accesses, follow these rules: