27.10 Privilege Protection of AHB and APB

User/Privilege protection is supported through the filtering of each client access with the host User/Privilege protection bit.

The Protection Unit adds the ability to manage the access rights for Privilege and User accesses. The access rights are defined through the hardware and software configuration of the device. The operating mode is the following:

  • The Bus Hosts transmit requests with the Privilege or User access right.
  • The MATRIX, according to its configuration and the request, grants or denies the access.

The client address space is divided into one or more client regions. The client regions are generally contiguous parts of the client address space. The client region is potentially split into an access denied area (upper part) and a protected region which can be split (lower part), unless the client-protected region occupies the whole client region. The protected region itself may or may not be split into one Privilege-eligible area and one User area. The Privilege-eligible area may be independently Privileged for read access and for write access.

For one client region, the following characteristics are configured by hardware or software:

  • Base Address of the client region
  • The Max Size of the client region—a maximum size for the region’s physical content
  • The Top Size of the client-protected region—the actually programmed or fixed size for the region’s physical content
  • The Split Size of the client-protected region—the size of one of the two protected areas of the region
  • Whether Split Size is defined downward from the top of the protected region, or upward from its base address

    The following figure shows how the terms defined here are implemented in a Client address space.

Figure 27-1. Generic Partitioning of the Client Address Space

A set of MATRIX protection registers are used to specify, for each client, client-protected region or client-protected area, the protection mode required for accessing this client, client-protected region or client-protected area. See MATRIX_PSRx, MATRIX_PASSRx and MATRIX_PRTSRx.

Additional MATRIX protection registers are used to specify, for each peripheral bus client, the protection mode required for accessing this client (see MATRIX_PPSELRx).

The MATRIX registers can only be accessed in Privileged mode.

The MATRIX propagates the protection bit down to the clients to let them perform additional protection checks, and the MATRIX itself allows or not the access to the clients via its embedded protection unit.

Access violations may be reported either by a client through the bus error response (example from the system-to-peripheral bus (AHB/APB Bridge)), or by the MATRIX embedded protection unit. In both cases, a bus error response is sent to the offending host and the error is flagged in the Host Error Status Register. An interrupt can be sent if it has been enabled for that host by writing into the Host Error Interrupt Enable Register. Thus, the offending host is identified. The offending address is registered in the Host Error Address Registers, so that the client and the targeted protected region are also known.

Depending on the hardware parameters and software configuration, the address space of each client-protected region may or may not be split into two parts: one User and one Privileged.

Five different protection types of clients are supported. The number of protected regions is set by design for each client, independently, from 1 to 8, totaling from 1 up to 16 protected areas for each protection-configurable client.