Secure access from CM4

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hello,

Can we make secure access from CM4 in PSoC 6?

Best regards,

0 Likes
1 Solution
MeenakshiR_71
Employee
Employee
100 likes received 50 likes received 25 likes received

Hello user_474444345​,

Yes you can by using the "Cy_Prot_ConfigBusMaster" API and passing the 'secure' parameter as true for "busMaster = CPUSS_MS_ID_CM4".

It may appear that anybody can change this setting i.e. a rogue firmware running in CM4 can claim itself in Secure access mode. However, this is possible only if you have not configured the access restrictions to the MS_CTL registers. In a secure system, typically the write access to the MS_CTL register is controlled and limited to a single master (say CM0+) with protection context 0. As a result, only a proper firmware (most likely defined in a secure area by the user) running with proper access restrictions can change/update these settings - typically this would be part of OS schedulers (which runs with privileged access), which depending on the task change the access restrictions.

We will soon have an application note detailing these principles.

Regards,

Meenakshi Sundaram R

View solution in original post

0 Likes
1 Reply
MeenakshiR_71
Employee
Employee
100 likes received 50 likes received 25 likes received

Hello user_474444345​,

Yes you can by using the "Cy_Prot_ConfigBusMaster" API and passing the 'secure' parameter as true for "busMaster = CPUSS_MS_ID_CM4".

It may appear that anybody can change this setting i.e. a rogue firmware running in CM4 can claim itself in Secure access mode. However, this is possible only if you have not configured the access restrictions to the MS_CTL registers. In a secure system, typically the write access to the MS_CTL register is controlled and limited to a single master (say CM0+) with protection context 0. As a result, only a proper firmware (most likely defined in a secure area by the user) running with proper access restrictions can change/update these settings - typically this would be part of OS schedulers (which runs with privileged access), which depending on the task change the access restrictions.

We will soon have an application note detailing these principles.

Regards,

Meenakshi Sundaram R

0 Likes