The Access control lists (ACL) peripheral is designed to assign and enforce access permissions to different regions of the on-chip flash memory map.
Flash memory regions can be assigned individual ACL permission schemes. The following registers are involved:
There are four defined ACL permission schemes, each with different combinations of read/write permissions, as shown in the following table.
Read | Write | Protection description |
---|---|---|
0 | 0 | No protection. Entire region can be executed, read, written, or erased. |
0 | 1 | Region can be executed and read, but not written or erased. |
1 | 0 | Region can be written and erased, but not executed or read. |
1 | 1 | Region is locked for all access until next reset. |
Access control to a configured region is enforced by the hardware two CPU clock cycles after the ADDR, SIZE, and PERM registers for an ACL instance have been successfully written. The protection is only enforced if a valid start address of the flash page boundary is written into the ADDR register, and the values of the SIZE and PERM registers are not zero.
The ADDR, SIZE, and PERM registers can only be written once. All ACL configuration registers are cleared on reset (by resetting the device from any reset source), which is also the only way of clearing the configuration registers. To ensure that the desired permission schemes are always enforced by the ACL peripheral, the device boot sequence must perform the necessary configuration.
Debugger read access to a read-protected region will be Read-As-Zero (RAZ), while debugger write access to a write-protected region will be Write-Ignored (WI).
Base address | Domain | Peripheral | Instance | Secure mapping | DMA security | Description | Configuration | |
---|---|---|---|---|---|---|---|---|
0x41080000 | NETWORK | ACL | ACL | NS | NA |
Access control lists |
This ACL can only protect network core's local memory. |
Register | Offset | Security | Description | |
---|---|---|---|---|
ACL[n].ADDR | 0x800 |
Start address of region to protect. The start address must be word-aligned. |
||
ACL[n].SIZE | 0x804 |
Size of region to protect counting from address ACL[n].ADDR. Writing a '0' has no effect. |
||
ACL[n].PERM | 0x808 |
Access permissions for region n as defined by start address ACL[n].ADDR and size ACL[n].SIZE |
||
ACL[n].UNUSED0 | 0x80C |
Reserved |
Address offset: 0x800 + (n × 0x10)
Start address of region to protect. The start address must be word-aligned.
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | |||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW1 |
ADDR |
Start address of flash region n. The start address must point to a flash page boundary. |
Address offset: 0x804 + (n × 0x10)
Size of region to protect counting from address ACL[n].ADDR. Writing a '0' has no effect.
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | A | |||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW1 |
SIZE |
Size of flash region n in bytes. Must be a multiple of the flash page size. |
Address offset: 0x808 + (n × 0x10)
Access permissions for region n as defined by start address ACL[n].ADDR and size ACL[n].SIZE
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | |||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
B | RW1 |
WRITE |
Configure write and erase permissions for region n. Writing a '0' has no effect. |
||||||||||||||||||||||||||||||||
Enable |
0 |
Allow write and erase instructions to region n. |
|||||||||||||||||||||||||||||||||
Disable |
1 |
Block write and erase instructions to region n. |
|||||||||||||||||||||||||||||||||
C | RW1 |
READ |
Configure read permissions for region n. Writing a '0' has no effect. |
||||||||||||||||||||||||||||||||
Enable |
0 |
Allow read instructions to region n. |
|||||||||||||||||||||||||||||||||
Disable |
1 |
Block read instructions to region n. |