SPU is the central point in the system to control access to memories, peripherals and other resources.
The main features of SPU are the following:
External domain access protection, controlling access rights from other MCUs
SPU provides a register interface to control the various internal logic blocks that monitor access to memory-mapped slave devices (RAM, flash, peripherals, etc) and other resources (device pins, DPPI channels, etc).
For memory-mapped devices like RAM, flash, and peripherals, the internal logic checks the address and attributes (e.g. read, write, execute, secure) of the incoming transfer to block it if necessary. A secure resource can be accessed by a given master based on the following factors:
The Simplified view of SPU protection shows a simplified view of the SPU registers controlling several internal modules.
An error is reported through dedicated error signals. For security state violations from an M33 master this will be a SecureFault exception, for other violations this will be an SPU event. The SPU event can be configured to generate an interrupt towards the CPU.
Other resources like pins and DPPI channels are protected by comparing the security attributes of the protected resource with the security attribute of the peripheral that wants to access it. SPU is the only place where those security attributes can be configured.
SPU also controls custom logic for an Arm TrustZone for Cortex®-M enabled CPU.
Custom logic is shown as the implementation defined attribution unit (IDAU) in figure Simplified view of SPU protection. Full support is provided for the following:
SPU provides the necessary registers to configure the security attributes for memory regions and peripherals. However, as a requirement to use SPU, the secure attribution unit (SAU) needs to be disabled and all memory set as non-secure in the Arm core. This will allow SPU to control the IDAU and set the security attribution of all addresses as originally intended.
The flash memory space is divided into 64 regions of 16 KiB, each with configurable permissions settings.
For each region, the following types of permissions can be configured:
Permissions can be set independently. For example, it is possible to configure a flash region to be accessible only through secure transfer, being read-only (no write allowed) and non-executable (no code fetch allowed). For each region, permissions can be set and then locked by using the FLASHREGION[n].PERM.LOCK bit, to prevent subsequent modifications.
The debugger can step through execute-protected memory regions.
The following figure shows the N=64 flash regions, each of size 16 KiB.
SPU provides support for the definition of non-secure callable (NSC) sub-regions to allow non-secure to secure function calls.
A non-secure callable sub-region can only exist within an existing secure region and its definition is done using the following registers:
The NSC sub-region will be defined starting with the highest address in that region and descending. The following figure illustrates the NSC sub-regions and the registers used for their definition.
The NSC sub-region will only be defined when the following are true:
If FLASHNSC[i].REGION and FLASHNSCj].REGION have the same value, there is only one sub-region defined as NSC, with the size given by the maximum of FLASHNSC[i].SIZE and FLASHNSC[j].SIZE.
If FLASHNSC[i].REGION defines a non-secure region, then there is no non-secure callable region defined and the selected region stays non-secure.
SPU and the logic controlled by it will respond with a certain behavior once an access violation is detected.
The following actions will happen once the logic controlled by SPU detects an access violation on one of the flash ports:
The following table summarizes the SPU behavior based on the type of initiator and access violation.
Master type | Security violation | Read/Write/Execute protection violation |
---|---|---|
Arm Cortex-M33 | SecureFault exception | BusFault exception, FLASHACCERR event |
EasyDMA | RAZ/WI, FLASHACCERR event | RAZ/WI, FLASHACCERR event |
Other masters | RAZ/WI, FLASHACCERR event | RAZ/WI, FLASHACCERR event |
For the Arm Cortex-M33 master, the SecureFault exception will take precedence over the BusFault exception if a security violation occurs simultaneously with another type of violation.
The user information configuration registers (UICR) and factory information configuration registers (FICR) are always considered as secure. FICR registers are read-only. UICR registers can be read and written by secure code only.
Writing new values to user information configuration registers must follow the procedure described in NVMC — Non-volatile memory controller. Code execution from FICR and UICR address spaces will always be reported as an access violation except during a debug session.
The RAM memory space is divided into 64 regions of 8 KiB, each with configurable permissions settings.
For each region, the following types of permissions can be configured:
Permissions can be set independently. For example, it is possible to configure a RAM region to be accessible only through secure transfer, being read-only (no write allowed) and non-executable (no code fetch allowed). For each region, permissions can be set and then locked to prevent subsequent modifications by using the RAMREGION[n].PERM.LOCK bit.
The following figure shows the RAM memory space divided into N=64 regions, each of 8 KiB.
SPU provides support for the definition of non-secure callable (NSC) sub-regions to allow non-secure to secure function calls.
A non-secure callable sub-region can only exist within an existing secure region. It is defined by the following registers:
The NSC sub-region will be defined starting with the highest address in that region and descending. The following figure shows the NSC sub-regions and the registers used for their definition.
The NSC sub-region will only be defined when the following are true:
If RAMNSC[i].REGION and RAMNSC[j].REGION have the same value, there is only one sub-region defined as NSC, with the size given by the maximum of RAMNSC[i].SIZE and RAMNSC[j].SIZE.
If RAMNSC[i].REGION defines a non-secure region, then there is no non-secure callable region defined and the selected region stays non-secure.
SPU and the logic it controls will respond with a certain behavior once an access violation is detected.
The following actions will happen once the logic controlled by the SPU detects an access violation on one of the RAM ports:
The following table summarizes the SPU behavior based on the type of initiator and access violation.
Master type | Security violation | Read/Write/Execute protection violation |
---|---|---|
Arm Cortex-M33 | SecureFault exception | BusFault exception, RAMACCERR event |
EasyDMA | RAZ/WI, RAMACCERR event | RAZ/WI, RAMACCERR event |
Other masters | RAZ/WI, RAMACCERR event | RAZ/WI, RAMACCERR event |
For the Arm Cortex-M33 master, the SecureFault exception will take precedence over the BusFault exception if a security violation occurs simultaneously with another type of violation.
Access controls are defined by the characteristics of the peripheral.
Peripherals can have their security attribute set as one of the following:
The full list of peripherals and their corresponding security attributes can be found in Memory. For each peripheral with ID n, PERIPHID[n]. PERM will show whether the security attribute for this peripheral is configurable or not.
If not hardcoded, the security attribute can configured using the PERIPHID[id].PERM.
At reset, all user-selectable and split security peripherals are set to be secure with secure DMA where present.
Secure code can access both secure peripherals and non-secure peripherals.
Peripherals with split security are defined to handle use-cases when both secure and non-secure code needs to control the same resource.
When peripherals with split security have their security attribute set to non-secure, access to specific registers and bitfields within some registers is dependent on the security attribute of the bus transfer. For example, some registers will not be accessible for a non-secure transfer.
When peripherals with split security have their security attribute set to secure, then only secure transfers can access their registers.
See Peripherals for an overview of split security peripherals. Respective peripheral chapters explain the specific security behavior of each peripheral.
Peripherals that have non-secure security mapping have their address starting with 0x4XXXXXXX. Peripherals that have secure security mapping have their address starting with 0x5XXXXXXX.
Peripherals with a user-selectable security mapping are available at an address starting with the following:
Access to a secure peripheral using the 0x4XXXXXXX address range will result in bus error, regardless if the CPU is executing secure or non-secure code.
Similarly, a CPU running secure code attempting to access a non-secure peripheral using the 0x5XXXXXXX address range will result in bus error.
Peripherals with a split security mapping are available at an address starting with the following:
Any attempt to access the 0x50000000 to 0x5FFFFFFF address range from non-secure code will be ignored and generate a SecureFault exception.
The following table contains the address mapping for the three peripheral types in each configuration.
Security-features and configuration | Mapped at 0x4XXXXXXX? | Mapped at 0x5XXXXXXX? |
---|---|---|
Secure peripheral | No | Yes |
Non-secure peripheral | Yes | No |
Split-security peripheral, with attribute=secure | No | Yes |
Split-security peripheral, with attribute=non-secure | Yes, restricted functionality | Yes |
Peripherals containing a DMA master can be configured so the security attribute of the DMA transfers is different from the security attribute of the peripheral itself. This allows a secure peripheral to do non-secure data transfers to or from the system memories.
The following conditions must be met:
Then it is possible to select the security attribute of the DMA transfers using the field DMASEC (PERIPHID[n].PERM.DMASEC == Secure and PERIPHID[n].PERM.DMASEC == NonSecure) in PERIPHID[n].PERM.
Peripherals send error reports once access violation is detected.
The following actions will happen if the logic controlled by the SPU detects an access violation on one of the peripherals:
Access to device pins can be controlled by SPU. A pin can be declared as secure so that only secure peripherals or secure code can access it. Pins declared as non-secure can be accessed by both secure and non-secure peripherals or code.
The security attribute of each pin can be individually configured in SPU's GPIOPORT[n].PERM register. When the secure attribute is set for a pin, only peripherals that have the secure attribute set will be able to read the value of the pin or change it.
Peripherals can select the pins they need access to through their PSEL registers. If a peripheral has its attribute set to non-secure, but one of its PSEL registers selects a pin with the attribute set to secure, the SPU controlled logic will ensure that the pin selection is not propagated. In addition, the pin value will always be read as zero, to prevent a non-secure peripheral from obtaining a value from a secure pin. Access to other pins with attribute set as non-secure will not be blocked.
Pins can be assigned to other domains than the application domain by changing the MCUSEL value in the GPIO PIN_CNF[n] register. Domains that do not have a pin assigned to them cannot control a pin or read its status. Any pin configuration set in a domain that doesn't have ownership of that pin will not take effect until the MCUSEL is updated to assign that pin to the domain. Within each domain, pin access is controlled by that domain's local security configuration and peripheral PSEL registers. This is illustrated in the following figure:
The SPU setting will still count when the APP domain accesses its local GPIO peripheral, as local registers are still writable even though MCUSEL is set to a different domain. Any changes in the APP GPIO peripheral done to a GPIO controlled by another domain will not affect the GPIO pad until MCUSEL is changed to APP.
Access to DPPI channels can be restricted. A channel can be declared as secure so that only secure peripherals can access it.
The security attribute of a DPPI channel is configured in DPPI[n].PERM (n=0..0). When the secure attribute is set for a channel, only peripherals that have the secure attribute set will be able to publish events to this channel or subscribe to this channel to receive tasks.
The DPPI controller peripheral (DPPIC) is a split security peripheral, i.e., its security behavior depends on the security attributes of both the DPPIC and the accessing party. See Special considerations regarding the DPPIC configuration registers for more information about the DPPIC security behavior.
If a non-secure peripheral wants to publish an event on a secure DPPI channel, the channel will ignore the event. If a non-secure peripheral subscribes to a secure DPPI channel, it will not receive any events from this channel. The following figure illustrates the principle of operation of the security logic for a subscribed channel:
No error reporting mechanism is associated with the DPPI access control logic.
DPPI channels can be enabled, disabled and grouped through the DPPI controller (DPPIC). The DPPIC is a split-security peripheral, and handles both secure and non-secure accesses.
A non-secure peripheral access will only be able to configure and control DPPI channels defined as non-secure in SPU's DPPI[n].PERM register(s). A secure peripheral access can control all DPPI channels, independently of the configuration in the DPPI[n].PERM register(s).
The DPPIC allows the creation of group of channels to be able to enable or disable all channels within a group simultaneously. The security attribute of a group of channels (secure or non-secure) is defined as follows:
A non-secure access to a DPPIC register, or a bitfield controlling a channel marked as secure in DPPI[n].PERM register(s), will be ignored:
No exceptions are thrown when a non-secure access targets a register or bitfield controlling a secure channel. For example, if the bit i is set in the DPPI[n].PERM register (declaring the DPPI channel i as secure), then:
For the channel configuration registers (DPPIC.CHG[n]), access from non-secure code is only possible if the included channels are all non-secure, whether the channels are enabled or not. If a DPPIC.CHG[g] register included one or more secure channels, then the group g is considered as secure and only a secure transfer can read or write DPPIC.CHG[g]. A non-secure write will be ignored and a non-secure read will return zero.
The DPPIC can subscribe to secure or non-secure channels through SUBSCRIBE_CHG[n] registers in order to trigger task for enabling or disabling groups of channels. But an event from a non-secure channel will be ignored if the group subscribing to this channel is secure. An event from a secure channel can trigger both secure and non-secure tasks.
Other domains with their own CPUs can access peripherals, flash and RAM memories. The SPU allows controlling accesses from those bus masters.
The external domains can access application MCU memories and peripherals. External domains are assigned security attributes as described in register EXTDOMAIN[n].PERM.
Domain | Capability register | Permission register |
---|---|---|
Network MCU | EXTDOMAIN[n].PERM (n=0..0), SECUREMAPPING field | EXTDOMAIN[n].PERM (n=0..0), SECATTR field |
The figure below illustrates how the security control units are used to assign security attributes to transfers initiated by the external domains:
Flash and RAM regions, as well as non-secure and secure peripherals, are assigned unique Arm TrustZone IDs.
The Arm TrustZone ID should not be mistaken for the peripheral ID used to identify peripherals.
The following table lists the Arm TrustZone ID allocation.
Regions | Arm TrustZone Cortex-M ID |
---|---|
Flash regions 0..63 | 0..63 |
RAM regions 0..63 | 64..127 |
UICR | 252 |
FICR | 252 |
CACHEDATA | 252 |
CACHEINFO | 252 |
Non-secure peripherals | 253 |
Secure peripherals | 254 |
Base address | Domain | Peripheral | Instance | Secure mapping | DMA security | Description | Configuration | |
---|---|---|---|---|---|---|---|---|
0x50003000 | APPLICATION | SPU | SPU | S | NA |
System protection unit |
Register | Offset | Security | Description | |
---|---|---|---|---|
EVENTS_RAMACCERR | 0x100 |
A security violation has been detected for the RAM memory space |
||
EVENTS_FLASHACCERR | 0x104 |
A security violation has been detected for the flash memory space |
||
EVENTS_PERIPHACCERR | 0x108 |
A security violation has been detected on one or several peripherals |
||
PUBLISH_RAMACCERR | 0x180 |
Publish configuration for event RAMACCERR |
||
PUBLISH_FLASHACCERR | 0x184 |
Publish configuration for event FLASHACCERR |
||
PUBLISH_PERIPHACCERR | 0x188 |
Publish configuration for event PERIPHACCERR |
||
INTEN | 0x300 |
Enable or disable interrupt |
||
INTENSET | 0x304 |
Enable interrupt |
||
INTENCLR | 0x308 |
Disable interrupt |
||
CAP | 0x400 |
Show implemented features for the current device |
||
CPULOCK | 0x404 |
Configure bits to lock down CPU features at runtime |
||
EXTDOMAIN[n].PERM | 0x440 |
Access for bus access generated from the external domain n List capabilities of the external domain n |
||
DPPI[n].PERM | 0x480 |
Select between secure and non-secure attribute for the DPPI channels |
||
DPPI[n].LOCK | 0x484 |
Prevent further modification of the corresponding PERM register |
||
GPIOPORT[n].PERM | 0x4C0 |
Select between secure and non-secure attribute for pins 0 to 31 of port n |
Retained |
|
GPIOPORT[n].LOCK | 0x4C4 |
Prevent further modification of the corresponding PERM register |
||
FLASHNSC[n].REGION | 0x500 |
Define which flash region can contain the non-secure callable (NSC) region n |
||
FLASHNSC[n].SIZE | 0x504 |
Define the size of the non-secure callable (NSC) region n |
||
RAMNSC[n].REGION | 0x540 |
Define which RAM region can contain the non-secure callable (NSC) region n |
||
RAMNSC[n].SIZE | 0x544 |
Define the size of the non-secure callable (NSC) region n |
||
FLASHREGION[n].PERM | 0x600 |
Access permissions for flash region n |
||
RAMREGION[n].PERM | 0x700 |
Access permissions for RAM region n |
||
PERIPHID[n].PERM | 0x800 |
List capabilities and access permissions for the peripheral with ID n |
Address offset: 0x100
A security violation has been detected for the RAM memory space
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
EVENTS_RAMACCERR |
A security violation has been detected for the RAM memory space |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x104
A security violation has been detected for the flash memory space
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
EVENTS_FLASHACCERR |
A security violation has been detected for the flash memory space |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x108
A security violation has been detected on one or several peripherals
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
EVENTS_PERIPHACCERR |
A security violation has been detected on one or several peripherals |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x180
Publish configuration for event RAMACCERR
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | A | A | A | A | A | A | A | ||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
CHIDX |
[255..0] |
DPPI channel that event RAMACCERR will publish to. |
|||||||||||||||||||||||||||||||
B | RW |
EN |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable publishing |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable publishing |
Address offset: 0x184
Publish configuration for event FLASHACCERR
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | A | A | A | A | A | A | A | ||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
CHIDX |
[255..0] |
DPPI channel that event FLASHACCERR will publish to. |
|||||||||||||||||||||||||||||||
B | RW |
EN |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable publishing |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable publishing |
Address offset: 0x188
Publish configuration for event PERIPHACCERR
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | A | A | A | A | A | A | A | ||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
CHIDX |
[255..0] |
DPPI channel that event PERIPHACCERR will publish to. |
|||||||||||||||||||||||||||||||
B | RW |
EN |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable publishing |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable publishing |
Address offset: 0x300
Enable or disable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
RAMACCERR |
Enable or disable interrupt for event RAMACCERR |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
|||||||||||||||||||||||||||||||||
B | RW |
FLASHACCERR |
Enable or disable interrupt for event FLASHACCERR |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
|||||||||||||||||||||||||||||||||
C | RW |
PERIPHACCERR |
Enable or disable interrupt for event PERIPHACCERR |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
Address offset: 0x304
Enable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
RAMACCERR |
Write '1' to enable interrupt for event RAMACCERR |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
B | RW |
FLASHACCERR |
Write '1' to enable interrupt for event FLASHACCERR |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
C | RW |
PERIPHACCERR |
Write '1' to enable interrupt for event PERIPHACCERR |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
Address offset: 0x308
Disable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
RAMACCERR |
Write '1' to disable interrupt for event RAMACCERR |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
B | RW |
FLASHACCERR |
Write '1' to disable interrupt for event FLASHACCERR |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
C | RW |
PERIPHACCERR |
Write '1' to disable interrupt for event PERIPHACCERR |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
Address offset: 0x400
Show implemented features for the current device
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | R |
TZM |
Show Arm TrustZone status |
||||||||||||||||||||||||||||||||
NotAvailable |
0 |
Arm TrustZone support not available |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Arm TrustZone support is available |
Address offset: 0x404
Configure bits to lock down CPU features at runtime
Write '1' to any position to set the corresponding lock bit, which will remain set until the next reset
Any '0' writes to this register will be ignored
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID |
E |
D |
C |
B |
A |
||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
LOCKSVTAIRCR |
Write '1' to prevent updating the secure interrupt configuration until the next reset When set to '1', this lock bit prevents changes to:
|
||||||||||||||||||||||||||||||||
Locked |
1 |
Disables writes to the VTOR_S, AIRCR.PRIS, and AIRCR.BFHFNMINS registers |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
These registers can be updated |
|||||||||||||||||||||||||||||||||
B | RW |
LOCKNSVTOR |
Write '1' to prevent updating the non-secure vector table base address until the next reset When set to '1', this lock bit prevents changes to the Non-secure interrupt vector table base address register VTOR_NS |
||||||||||||||||||||||||||||||||
Locked |
1 |
The address of the non-secure vector table is locked |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
The address of the non-secure vector table can be updated |
|||||||||||||||||||||||||||||||||
C | RW |
LOCKSMPU |
Write '1' to prevent updating the secure MPU regions until the next reset When set to '1', this lock bit prevents changes to programmed Secure MPU memory regions and all writes to the registers are ignored |
||||||||||||||||||||||||||||||||
Locked |
1 |
Disables writes to the MPU_CTRL, MPU_RNR, MPU_RBAR, MPU_RLAR, MPU_RBAR_An and MPU_RLAR_An from software or from a debug agent connected to the processor in Secure state |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
These registers can be updated |
|||||||||||||||||||||||||||||||||
D | RW |
LOCKNSMPU |
Write '1' to prevent updating the Non-secure MPU regions until the next reset When set to '1', this lock bit prevents changes to programmed Non-secure MPU memory regions already programmed. All writes to the registers are ignored. |
||||||||||||||||||||||||||||||||
Locked |
1 |
Disables writes to the MPU_CTRL_NS, MPU_RNR_NS, MPU_RBAR_NS, MPU_RLAR_NS, MPU_RBAR_A_NSn and MPU_RLAR_A_NSn from software or from a debug agent connected to the processor |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
These registers can be updated |
|||||||||||||||||||||||||||||||||
E | RW |
LOCKSAU |
Write '1' to prevent updating the secure SAU regions until the next reset When set to '1', this lock bit prevents changes to Secure SAU memory regions already programmed. All writes to the registers are ignored. |
||||||||||||||||||||||||||||||||
Locked |
1 |
Disables writes to the SAU_CTRL, SAU_RNR, SAU_RBAR and SAU_RLAR registers from software or from a debug agent connected to the processor |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
These registers can be updated |
Address offset: 0x440 + (n × 0x4)
Access for bus access generated from the external domain n
List capabilities of the external domain n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | A | |||||||||||||||||||||||||||||||
Reset 0x00000002 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | R |
SECUREMAPPING |
Define configuration capabilities for TrustZone Cortex-M secure attribute This does not affect DPPI in the external domain |
||||||||||||||||||||||||||||||||
NonSecure |
0 |
The bus access from this external domain always have the non-secure attribute set |
|||||||||||||||||||||||||||||||||
Secure |
1 |
The bus access from this external domain always have the secure attribute set |
|||||||||||||||||||||||||||||||||
UserSelectable |
2 |
Non-secure or secure attribute for bus access from this domain is defined by the EXTDOMAIN[n].PERM register |
|||||||||||||||||||||||||||||||||
B | RW |
SECATTR |
Peripheral security mapping This bit has effect only if EXTDOMAIN[n].PERM.SECUREMAPPING reads as UserSelectable |
||||||||||||||||||||||||||||||||
NonSecure |
0 |
Bus accesses from this domain have the non-secure attribute set |
|||||||||||||||||||||||||||||||||
Secure |
1 |
Bus accesses from this domain have secure attribute set |
|||||||||||||||||||||||||||||||||
C | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x480 + (n × 0x8)
Select between secure and non-secure attribute for the DPPI channels
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | f | e | d | c | b | a | Z | Y | X | W | V | U | T | S | R | Q | P | O | N | M | L | K | J | I | H | G | F | E | D | C | B | A | |||
Reset 0xFFFFFFFF | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A-f | RW |
CHANNEL[i] (i=0..31) |
Select secure attribute |
||||||||||||||||||||||||||||||||
Secure |
1 |
Channel i has its secure attribute set |
|||||||||||||||||||||||||||||||||
NonSecure |
0 |
Channel i has its non-secure attribute set |
Address offset: 0x484 + (n × 0x8)
Prevent further modification of the corresponding PERM register
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Locked |
1 |
DPPI[n].PERM register can't be changed until next reset |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
DPPI[n].PERM register content can be changed |
Address offset: 0x4C0 + (n × 0x8)
This register is a retained register
Select between secure and non-secure attribute for pins 0 to 31 of port n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | f | e | d | c | b | a | Z | Y | X | W | V | U | T | S | R | Q | P | O | N | M | L | K | J | I | H | G | F | E | D | C | B | A | |||
Reset 0xFFFFFFFF | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A-f | RW |
PIN[i] (i=0..31) |
Select secure attribute attribute for PIN i. |
||||||||||||||||||||||||||||||||
Secure |
1 |
Pin i has its secure attribute set |
|||||||||||||||||||||||||||||||||
NonSecure |
0 |
Pin i has its non-secure attribute set |
Address offset: 0x4C4 + (n × 0x8)
Prevent further modification of the corresponding PERM register
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Locked |
1 |
GPIOPORT[n].PERM register can't be changed until next reset |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
GPIOPORT[n].PERM register content can be changed |
Address offset: 0x500 + (n × 0x8)
Define which flash region can contain the non-secure callable (NSC) region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B |
A |
A |
A |
A |
A |
A |
||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
REGION |
Region number |
||||||||||||||||||||||||||||||||
B | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x504 + (n × 0x8)
Define the size of the non-secure callable (NSC) region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | A | A | A | ||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
SIZE |
Size of the non-secure callable (NSC) region n |
||||||||||||||||||||||||||||||||
Disabled |
0 |
The region n is not defined as a non-secure callable region. Normal security attributes (secure or non-secure) are enforced. |
|||||||||||||||||||||||||||||||||
32 |
1 |
The region n is defined as non-secure callable with size 32 bytes |
|||||||||||||||||||||||||||||||||
64 |
2 |
The region n is defined as non-secure callable with size 64 bytes |
|||||||||||||||||||||||||||||||||
128 |
3 |
The region n is defined as non-secure callable with size 128 bytes |
|||||||||||||||||||||||||||||||||
256 |
4 |
The region n is defined as non-secure callable with size 256 bytes |
|||||||||||||||||||||||||||||||||
512 |
5 |
The region n is defined as non-secure callable with size 512 bytes |
|||||||||||||||||||||||||||||||||
1024 |
6 |
The region n is defined as non-secure callable with size 1024 bytes |
|||||||||||||||||||||||||||||||||
2048 |
7 |
The region n is defined as non-secure callable with size 2048 bytes |
|||||||||||||||||||||||||||||||||
4096 |
8 |
The region n is defined as non-secure callable with size 4096 bytes |
|||||||||||||||||||||||||||||||||
B | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x540 + (n × 0x8)
Define which RAM region can contain the non-secure callable (NSC) region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B |
A |
A |
A |
A |
A |
A |
||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
REGION |
Region number |
||||||||||||||||||||||||||||||||
B | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x544 + (n × 0x8)
Define the size of the non-secure callable (NSC) region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | A | A | A | ||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
SIZE |
Size of the non-secure callable (NSC) region n |
||||||||||||||||||||||||||||||||
Disabled |
0 |
The region n is not defined as a non-secure callable region. Normal security attributes (secure or non-secure) are enforced. |
|||||||||||||||||||||||||||||||||
32 |
1 |
The region n is defined as non-secure callable with size 32 bytes |
|||||||||||||||||||||||||||||||||
64 |
2 |
The region n is defined as non-secure callable with size 64 bytes |
|||||||||||||||||||||||||||||||||
128 |
3 |
The region n is defined as non-secure callable with size 128 bytes |
|||||||||||||||||||||||||||||||||
256 |
4 |
The region n is defined as non-secure callable with size 256 bytes |
|||||||||||||||||||||||||||||||||
512 |
5 |
The region n is defined as non-secure callable with size 512 bytes |
|||||||||||||||||||||||||||||||||
1024 |
6 |
The region n is defined as non-secure callable with size 1024 bytes |
|||||||||||||||||||||||||||||||||
2048 |
7 |
The region n is defined as non-secure callable with size 2048 bytes |
|||||||||||||||||||||||||||||||||
4096 |
8 |
The region n is defined as non-secure callable with size 4096 bytes |
|||||||||||||||||||||||||||||||||
B | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x600 + (n × 0x4)
Access permissions for flash region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | E | D | C | B | A | ||||||||||||||||||||||||||||||
Reset 0x00000017 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
EXECUTE |
Configure instruction fetch permissions from flash region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow instruction fetches from flash region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block instruction fetches from flash region n |
|||||||||||||||||||||||||||||||||
B | RW |
WRITE |
Configure write permission for flash region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow write operation to region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block write operation to region n |
|||||||||||||||||||||||||||||||||
C | RW |
READ |
Configure read permissions for flash region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow read operation from flash region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block read operation from flash region n |
|||||||||||||||||||||||||||||||||
D | RW |
SECATTR |
Security attribute for flash region n |
||||||||||||||||||||||||||||||||
Non_Secure |
0 |
Flash region n security attribute is non-secure |
|||||||||||||||||||||||||||||||||
Secure |
1 |
Flash region n security attribute is secure |
|||||||||||||||||||||||||||||||||
E | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x700 + (n × 0x4)
Access permissions for RAM region n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | E | D | C | B | A | ||||||||||||||||||||||||||||||
Reset 0x00000017 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | RW |
EXECUTE |
Configure instruction fetch permissions from RAM region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow instruction fetches from RAM region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block instruction fetches from RAM region n |
|||||||||||||||||||||||||||||||||
B | RW |
WRITE |
Configure write permission for RAM region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow write operation to RAM region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block write operation to RAM region n |
|||||||||||||||||||||||||||||||||
C | RW |
READ |
Configure read permissions for RAM region n |
||||||||||||||||||||||||||||||||
Enable |
1 |
Allow read operation from RAM region n |
|||||||||||||||||||||||||||||||||
Disable |
0 |
Block read operation from RAM region n |
|||||||||||||||||||||||||||||||||
D | RW |
SECATTR |
Security attribute for RAM region n |
||||||||||||||||||||||||||||||||
Non_Secure |
0 |
RAM region n security attribute is non-secure |
|||||||||||||||||||||||||||||||||
Secure |
1 |
RAM region n security attribute is secure |
|||||||||||||||||||||||||||||||||
E | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
Address offset: 0x800 + (n × 0x4)
List capabilities and access permissions for the peripheral with ID n
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | F | E | D | C | B | B | A | A | |||||||||||||||||||||||||||
Reset 0x00000012 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A | R |
SECUREMAPPING |
Define configuration capabilities for Arm TrustZone Cortex-M secure attribute |
||||||||||||||||||||||||||||||||
NonSecure |
0 |
This peripheral is always accessible as a non-secure peripheral |
|||||||||||||||||||||||||||||||||
Secure |
1 |
This peripheral is always accessible as a secure peripheral |
|||||||||||||||||||||||||||||||||
UserSelectable |
2 |
Non-secure or secure attribute for this peripheral is defined by the PERIPHID[n].PERM register |
|||||||||||||||||||||||||||||||||
Split |
3 |
This peripheral implements the split security mechanism. Non-secure or secure attribute for this peripheral is defined by the PERIPHID[n].PERM register. |
|||||||||||||||||||||||||||||||||
B | R |
DMA |
Indicates if the peripheral has DMA capabilities and if DMA transfer can be assigned to a different security attribute than the peripheral itself |
||||||||||||||||||||||||||||||||
NoDMA |
0 |
Peripheral has no DMA capability |
|||||||||||||||||||||||||||||||||
NoSeparateAttribute |
1 |
Peripheral has DMA and DMA transfers always have the same security attribute as assigned to the peripheral |
|||||||||||||||||||||||||||||||||
SeparateAttribute |
2 |
Peripheral has DMA and DMA transfers can have a different security attribute than the one assigned to the peripheral |
|||||||||||||||||||||||||||||||||
C | RW |
SECATTR |
Peripheral security mapping This bit has effect only if PERIPHID[n].PERM.SECUREMAPPING reads as UserSelectable or Split |
||||||||||||||||||||||||||||||||
Secure |
1 |
Peripheral is mapped in secure peripheral address space |
|||||||||||||||||||||||||||||||||
NonSecure |
0 |
If SECUREMAPPING == UserSelectable: Peripheral is mapped in non-secure peripheral address space. If SECUREMAPPING == Split: Peripheral is mapped in non-secure and secure peripheral address space. |
|||||||||||||||||||||||||||||||||
D | RW |
DMASEC |
Security attribution for the DMA transfer This bit has effect only if PERIPHID[n].PERM.SECATTR is set to secure |
||||||||||||||||||||||||||||||||
Secure |
1 |
DMA transfers initiated by this peripheral have the secure attribute set |
|||||||||||||||||||||||||||||||||
NonSecure |
0 |
DMA transfers initiated by this peripheral have the non-secure attribute set |
|||||||||||||||||||||||||||||||||
E | RW |
LOCK |
|||||||||||||||||||||||||||||||||
Unlocked |
0 |
This register can be updated |
|||||||||||||||||||||||||||||||||
Locked |
1 |
The content of this register can't be changed until the next reset |
|||||||||||||||||||||||||||||||||
F | R |
PRESENT |
Indicate if a peripheral is present with ID n |
||||||||||||||||||||||||||||||||
NotPresent |
0 |
Peripheral is not present |
|||||||||||||||||||||||||||||||||
IsPresent |
1 |
Peripheral is present |