This section contains the definitions of key concepts.
Access Protection Range (APR)This is the basic unit of memory protection in the SSU. An access protection range covers a specific region of Flash memory, SRAM, or peripherals. Each APR defines read and write access permissions for every LINK. An APR can also be configured as a code region, which enables CPU instruction fetches from that memory region.
LINKIn a C29 CPU subsystem, LINKs form the basis for context-sensitive memory protection. Each LINK can represent one or more regions of executable code. The associated LINK identifier is used to determine what data memory regions (APRs) can be accessed by that code.
STACKSTACKs isolate code execution contexts from each other. Each STACK has a dedicated stack pointer in the C29 CPU, and provides hardware safety and security isolation of code from other STACKs. Every LINK belongs to one and only one STACK, but a STACK can contain multiple LINKs.
ZONEZONEs determine debug and firmware update permissions. While APRs, LINKs, and STACKs are defined
independently for each CPU, ZONEs span the entire device, excluding the
Hardware Security Module (HSM) (which is not governed by the SSU).
HSMThe Hardware Security Manager is a self-contained subsystem within the device that provides key
security services, including secure boot, secure
storage, debug and firmware update security, and
run-time cryptographic services. The HSM is
different from the SSU, which is an integral part
of the application C29 CPU subsystem. The HSM and
SSU perform complementary and orthogonal roles on
the device, except for debug authorization: both
the HSM and SSU must authorize access to a
resource before debug access is enabled to that
resource.
Partial DebugWhen a ZONE is enabled for partial debug, the user is allowed to debug CPU execution (halt, resume, and view CPU registers) but debug read and write accesses to memories that can otherwise be accessed by LINKs in that ZONE are blocked.
Full DebugWhen a ZONE is enabled for full debug, the user can debug the CPU and perform all memory accesses permitted for any LINK within that ZONE.
SECCFGThis is a special Flash region that is designated for storing SSU configuration settings. The values stored in the SECCFG region are loaded into the SSU registers during device boot. Most of these settings cannot be changed during run time, and can only be modified by programming new values into SECCFG and resetting the device.
UPPUser Protection Policy. This is the collection of SSU configuration settings that are programmed into the SECCFG region.
Memory RegionA region of memory configured in SysConfig. This is equivalent to an Access Protection Range (APR).
ModuleIn SysConfig, a Module consists of a LINK, the code memory regions (executable APRs) that are associated with that LINK, the data memory regions (data APRs) and peripherals that belong to the module, and peripheral interrupts associated with the module. In practice, modules allow the user to organize the application into distinct tasks or partitions that can be isolated from one another for functional safety and security.
Shared MemoryIn SysConfig, a Shared Memory consists of one or more APRs that are accessible by multiple Modules. Shared Memories can be used to share data between Modules in a distinct memory range, while maintaining safety protection for other memory regions belonging to those modules.
SandboxIn SysConfig, a Sandbox consists of a STACK, and can contain one or more Modules.
RTOSA Real-Time Operating System, such as FreeRTOS® or AUTOSAR®.