Memory System and Memory Partitioning

The memory space is partitioned into Non-Secure and Secure memory regions:

The Cortex-M23 provides two ways for managing the security configurations of the device.

The first solution consists in using the Cortex-M23 SAU (Security Attribution Unit), which is a Memory Protection Unit (MPU) like hardware embedded in the core. The role of the SAU is to manage all the Secure and Non-Secure transactions coming from the core. However, using the SAU implies that the security configuration must be propagated somewhere else in the MCU architecture for security awareness.

The second approach, which is the one used for SAM L11 devices, is articulated around a centralized Implementation Defined Attribution Unit (IDAU), which is a hardware unit external to the core.

For SAM L11 devices, the IDAU is coupled to the Cortex-M23 and manages all the security configurations related to the core. In addition, the IDAU propagates all the security configurations to the memory controllers. The IDAU, Flash, Data Flash and SRAM embedded memories can be split in sub-regions, which are reserved either for the Secure or for the Non-Secure application. Therefore, the SAU is not required and is absent from SAM L10/L11 devices.

The peripherals security attribution is managed by the Peripherals Access Controller (PAC). The PAC and each peripheral can be allocated either to the Secure or to the Non-Secure application, with the exception of the PAC, NVMCTRL, and DSU.

  1. 1.The PAC and NVMCTRL peripherals are always secured.
  2. 2.The DSU peripheral is always non-secured.

Both IDAU and PAC security configurations are stored in NVM fuses, which are read after each reset during Boot ROM execution and are loaded after Boot ROM verifications into their respective registers.

The peripherals security attribution (using PAC) is locked before exiting the Boot ROM execution sequence, that is, it is not possible to change a peripheral's configuration (Secure or Non-Secure) during application execution. However, the security attribution of each peripheral, excluding the PAC, NVMCTRL, and DSU, can be modified using the NONSECx NVM fused from the User Row (UROW) during application execution, hence it can be considered after any reset.