The key management unit (KMU) enforces access policies to a subset region of user information configuration register (UICR). This subset region is used for storing cryptographic key values inside the key slots, which the CPU has no access to.
In total there are 128 key slots available, where each key slot can store one 128-bit key value together with an access policy and a destination address for the key value. Multiple key slots can be combined in order to support key sizes larger than 128 bits. The access policy of a key slot governs if and how a key value can be used, while the destination address determines where in the memory map the KMU pushes the key value upon a request from the CPU.
Key slots can be configured to be pushed directly into write-only key registers in cryptographic accelerators, like e.g. CryptoCell, without exposing the key value itself to the CPU. This enables the CPU to use the key values stored inside the key slots for cryptographic operations without being exposed to the key value.
Access to the KMU, and the key slots in the UICR, is only allowed from secure mode.
From a functional view the UICR is divided into two different regions, one-time programmable (OTP) memory and key storage.
One-time programmable (OTP) memory is typically used for holding values that are written once, and then never to be changed again throughout the product lifetime. The OTP region of UICR is emulated by placing a write-once per halfword limitation on registers defined here.
The key storage region contains multiple key slots, where each slot consists of a key header and an associated key value. The key value is limited to 128 bits. Any key size greater than 128 bits must be divided and distributed over multiple key slot instances.
Key headers are allocated an address range of 0x400 in the UICR memory map, allowing a total of 128 keys to be addressable inside the key storage region.
Access control to the underlying UICR infopage in flash is enforced by a hardware finite-state machine (FSM). The FSM can allow or block transactions, depending both on the security of the transaction (secure or non-secure) and on the type of register being written and/or read.
Access type | Key headers | Key values |
---|---|---|
Read | Allowed | Restricted |
Write | Restricted | Restricted |
Any restricted access requires an explicit key slot selection through the KMU register
interface. Any illegal access to restricted key slot registers will be blocked and word
0xDEADDEAD
will be returned on the AHB.
The OTP region has individual access control behavior, while access control to the key storage region is configured on a per key slot basis. The KMU FSM operates on only one key slot instance at a time, and the permissions and the usage restriction for a key value associated with a key slot can be configured individually.
The UICR content can be protected against device-internal NVMC.ERASEALL requests, in addition to device-external ERASEALL requests, through the CTRL-AP interface. This feature is useful if the firmware designers want to prevent the OTP region from being erased.
Since enabling this step will permanently disable erase for the UICR, the procedure requires an implementation defined 32-bit word to be written into the UICR's ERASEPROTECT register.
In case of a field return handling, it is still possible to erase the UICR even if the ERASEPROTECT is set. If this functionality is desired, the secure boot code must implement a secure communication channel over the CTRL-AP mailbox interface. Upon successful authentication of the external party, the secure boot code can temporarily re-enable the CTRL-AP ERASEALL functionality.
This section describes the specific KMU and UICR behavior in more detail, to help the reader get a better overview of KMU's features and the intended usage.
The OTP region of the UICR contains a user-defined static configuration of the device. The KMU emulates the OTP functionality by placing a write-once per halfword limitation of registers defined in this region, i.e. only halfwords containing all '1's can be written.
An OTP write transaction must consist of a full 32-bit word. Both halfwords can either be written simultaneously or one at a time. The KMU FSM will block any write to a halfword in the OTP region, if the initial value of this halfword is not 0xFFFF. When writing halfwords one at a time, the non-active halfword must be masked as 0xFFFF, otherwise the request will be blocked. For example, writing 0x1234XXXX to an OTP destination address which already contains the value 0xFFFFAABB, must be configured as 0x1234FFFF. The OTP destination address will contain the value 0x1234AABB after both write transactions have been processed.
The KMU will also only allow secure AHB write transactions into the OTP region of the UICR. Any AHB write transaction to this region that does not satisfy the above requirements will be ignored, and the STATUS.BLOCKED register will be set to '1'.
The key storage region of the UICR can contain multiple keys of different type, including symmetrical keys, hashes, public/private key pairs and other device secrets. One of the key features of the KMU, is that these device secrets can be installed and made available for use in cryptographic operations without revealing the actual secret values.
Keys in this region will typically have a certain life span. The region is not designed to be used for per-session derived keys where the non-secure side (i.e. application) is participating in the key exchange.
All key storage is done through the concept of multiple key slots, where each key slot instance consists of one key header and an associated key value. Each key header supports the configuration of usage permissions and an optional secure destination address.
The key header secure destination address option enables the KMU to push the associated key value over a dedicated secure APB to a pre-configured secure location within the memory map. Such locations typically include a write-only key register of the hardware cryptographic accelerator, allowing the KMU to distribute keys within the system without compromising the key values.
One key slot instance can store a key value of maximum 128 bits. If a key size exceeds this limit, the key value itself must be split over multiple key slot instances.
State | Push | Read | Write | Description |
---|---|---|---|---|
Active (1) | Enabled (1) | Enabled (1) | Enabled (1) | Default flash erase value. Key slot cannot be pushed, write is enabled. |
Active (1) | Enabled (1) | Enabled (1) | Disabled (0) | Key slot is active, push is enabled. Key slot VALUE registers can be read, but write is disabled. |
Active (1) | Enabled (1) | Disabled (0) | Disabled (0) | Key slot is active, push is enabled. Read and write to key slot VALUE registers are disabled. |
Active (1) | Disabled (0) | Enabled (1) | Disabled (0) | Key slot is active, push is disabled. Key slot VALUE registers can be read, but write is disabled. |
Revoked (0) | - | - | - | Key slot is revoked. Cannot be read or pushed over secure APB regardless of the permission settings. |
The KMU FSM is designed to process only one key slot at a time, effectively operating as a memory protection unit for the key storage region. Whenever a key slot is selected, the KMU will allow access to writing, reading, and/or pushing the associated key value according to the selected slot configuration.
A key slot must be selected prior to use, by writing the key slot ID into the KMU SELECTKEYSLOT register. Because the reset value of this register is 0x00000000, there is no key slot associated with ID=0 and no slot is selected by default. All key slots are addressed using IDs from 1 to 128.
SELECTED status is set when a key slot is selected, and a read or write access to that keyslot occurs.
BLOCKED status is set when any illegal access to key slot registers is detected.
When the use of the particular key slot is stopped, the key slot selection in SELECTKEYSLOT must be set back to '0'.
By default, all KMU key slots will consist of a 128-bit key value of '1's, where the key headers have no secure destination address, or any usage and read restrictions.
Writing a key slot into UICR is a five-step process.
In case the total key size is greater than 128 bits, the key value itself must be split into 128-bit segments and written to multiple key slot instances. Steps 1 through 5 above must be repeated for the entire key size.
Key slots that are configured as readable can have their key value read directly from the UICR memory map by the CPU.
Readable keys are typically used during the secure boot sequence, where the CPU is involved in falsifying or verifying the integrity of the system. Since the CPU is involved in this decision process, it makes little sense not to trust the CPU having access to the actual key value but ultimately trust the decision of the integrity check. Another use-case for readable keys is if the key type in question does not have a HW peripheral in the platform that is able to accept such keys over secure APB.
Key slots that are configured as non-readable cannot be read by the CPU regardless of the mode the system is in and must be pushed over secure APB in order to use the key value for cryptographic operations.
The secure APB destination address is set in the key slot configuration DEST register. Such destination addresses are typically write-only key registers in a hardware cryptographic accelerators memory map. The secure APB allows key slots to be utilized by the software side, without exposing the key value itself.
All key slots within the key storage area can be marked as revoked.
To revoke any key slots, write to the STATE field in the KEYSLOT.CONFIG[ID-1].PERM register. The following rules apply to keys that have been revoked:
The KMU uses a STATUS register to indicate its status of operation. The SELECTED bit will be asserted whenever the currently selected key slot is successfully read from or written to.
All read or write operations to other key slots than what is currently selected in KMU->SELECTKEYSLOT will assert the BLOCKED bit. The BLOCKED bit will also be asserted if the KMU fails to select a key slot, or if a request has been blocked due to an access violation. Normal operation using the KMU should never trigger the BLOCKED bit. If this bit is triggered during the development phase, it indicates that the code is using the KMU incorrectly.
The STATUS register is reset every time register SELECTKEYSLOT is written.
Instance | Base address | TrustZone | Split access | Description | ||
---|---|---|---|---|---|---|
Map | Att | DMA | ||||
KMU : S |
0x50039000 |
HF | NS | NA | Yes |
Key management unit |
Register | Offset | TZ | Description |
---|---|---|---|
TASKS_PUSH_KEYSLOT | 0x0000 |
Push a key slot over secure APB |
|
EVENTS_KEYSLOT_PUSHED | 0x100 |
Key slot successfully pushed over secure APB |
|
EVENTS_KEYSLOT_REVOKED | 0x104 |
Key slot has been revoked and cannot be tasked for selection |
|
EVENTS_KEYSLOT_ERROR | 0x108 |
No key slot selected, no destination address defined, or error during push operation |
|
INTEN | 0x300 |
Enable or disable interrupt |
|
INTENSET | 0x304 |
Enable interrupt |
|
INTENCLR | 0x308 |
Disable interrupt |
|
INTPEND | 0x30C |
Pending interrupts |
|
STATUS | 0x40C |
Status bits for KMU operation |
|
SELECTKEYSLOT | 0x500 |
Select key slot to be read over AHB or pushed over secure APB when TASKS_PUSH_KEYSLOT is started |
Address offset: 0x0000
Push a key slot over secure APB
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
W |
TASKS_PUSH_KEYSLOT |
Push a key slot over secure APB |
||||||||||||||||||||||||||||||||
Trigger |
1 |
Trigger task |
Address offset: 0x100
Key slot successfully pushed over secure APB
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
EVENTS_KEYSLOT_PUSHED |
Key slot successfully pushed over secure APB |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x104
Key slot has been revoked and cannot be tasked for selection
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
EVENTS_KEYSLOT_REVOKED |
Key slot has been revoked and cannot be tasked for selection |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x108
No key slot selected, no destination address defined, or error during push operation
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | ||||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
EVENTS_KEYSLOT_ERROR |
No key slot selected, no destination address defined, or error during push operation |
||||||||||||||||||||||||||||||||
NotGenerated |
0 |
Event not generated |
|||||||||||||||||||||||||||||||||
Generated |
1 |
Event generated |
Address offset: 0x300
Enable or disable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
KEYSLOT_PUSHED |
Enable or disable interrupt for event KEYSLOT_PUSHED |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
|||||||||||||||||||||||||||||||||
B |
RW |
KEYSLOT_REVOKED |
Enable or disable interrupt for event KEYSLOT_REVOKED |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
|||||||||||||||||||||||||||||||||
C |
RW |
KEYSLOT_ERROR |
Enable or disable interrupt for event KEYSLOT_ERROR |
||||||||||||||||||||||||||||||||
Disabled |
0 |
Disable |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Enable |
Address offset: 0x304
Enable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
KEYSLOT_PUSHED |
Write '1' to enable interrupt for event KEYSLOT_PUSHED |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
B |
RW |
KEYSLOT_REVOKED |
Write '1' to enable interrupt for event KEYSLOT_REVOKED |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
C |
RW |
KEYSLOT_ERROR |
Write '1' to enable interrupt for event KEYSLOT_ERROR |
||||||||||||||||||||||||||||||||
Set |
1 |
Enable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
Address offset: 0x308
Disable interrupt
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
KEYSLOT_PUSHED |
Write '1' to disable interrupt for event KEYSLOT_PUSHED |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
B |
RW |
KEYSLOT_REVOKED |
Write '1' to disable interrupt for event KEYSLOT_REVOKED |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
|||||||||||||||||||||||||||||||||
C |
RW |
KEYSLOT_ERROR |
Write '1' to disable interrupt for event KEYSLOT_ERROR |
||||||||||||||||||||||||||||||||
Clear |
1 |
Disable |
|||||||||||||||||||||||||||||||||
Disabled |
0 |
Read: Disabled |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Read: Enabled |
Address offset: 0x30C
Pending interrupts
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | C | B | A | ||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
R |
KEYSLOT_PUSHED |
Read pending status of interrupt for event KEYSLOT_PUSHED |
||||||||||||||||||||||||||||||||
NotPending |
0 |
Read: Not pending |
|||||||||||||||||||||||||||||||||
Pending |
1 |
Read: Pending |
|||||||||||||||||||||||||||||||||
B |
R |
KEYSLOT_REVOKED |
Read pending status of interrupt for event KEYSLOT_REVOKED |
||||||||||||||||||||||||||||||||
NotPending |
0 |
Read: Not pending |
|||||||||||||||||||||||||||||||||
Pending |
1 |
Read: Pending |
|||||||||||||||||||||||||||||||||
C |
R |
KEYSLOT_ERROR |
Read pending status of interrupt for event KEYSLOT_ERROR |
||||||||||||||||||||||||||||||||
NotPending |
0 |
Read: Not pending |
|||||||||||||||||||||||||||||||||
Pending |
1 |
Read: Pending |
Address offset: 0x40C
Status bits for KMU operation
This register is reset and re-written by the KMU whenever SELECTKEYSLOT is written
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | B | A | |||||||||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
R |
SELECTED |
Key slot ID successfully selected by the KMU |
||||||||||||||||||||||||||||||||
Disabled |
0 |
No key slot ID selected by KMU |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Key slot ID successfully selected by KMU |
|||||||||||||||||||||||||||||||||
B |
R |
BLOCKED |
Violation status |
||||||||||||||||||||||||||||||||
Disabled |
0 |
No access violation detected |
|||||||||||||||||||||||||||||||||
Enabled |
1 |
Access violation detected and blocked |
Address offset: 0x500
Select key slot to be read over AHB or pushed over secure APB when TASKS_PUSH_KEYSLOT is started
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | A | A | A | A | A | A | A | |||||||||||||||||||||||||||
Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
ID |
Select key slot ID to be read over AHB, or pushed over secure APB, when TASKS_PUSH_KEYSLOT is started. NOTE: ID=0 is not a valid key slot ID. The 0 ID should be used when the KMU is idle or not in use. NOTE: Index N in UICR->KEYSLOT.KEY[N] and UICR->KEYSLOT.CONFIG[N] corresponds to KMU key slot ID=N+1. |