SLUUDG7 December   2025 MSPM33C321A

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Overview of Security Functionality
    1. 1.1 Terminology
  5. 2Secure Execution Environment
    1. 2.1 TrustZone
      1. 2.1.1 Implementation Defined Attribution Unit
      2. 2.1.2 Security Attribution Unit
      3. 2.1.3 TrustZone software development
    2. 2.2 Memory Protection Unit
      1. 2.2.1 TrustZone and MPU
    3. 2.3 Global Security Controller
      1. 2.3.1 GSC Memory configuration
        1. 2.3.1.1 Security Exceptions through the GSC & SAU
        2. 2.3.1.2 Priviledge exceptions with GSC & MPU
  6. 3Security Modules
    1. 3.1 AES
      1. 3.1.1 AES Overview
      2. 3.1.2 AES Usage
        1. 3.1.2.1 Configuration
        2. 3.1.2.2 Setup
        3. 3.1.2.3 Operation
    2. 3.2 Keystore
      1. 3.2.1 Overview
      2. 3.2.2 Keystore Usage
        1. 3.2.2.1 Configuration
        2. 3.2.2.2 Setup
        3. 3.2.2.3 Operation
    3. 3.3 SHA2
      1. 3.3.1 SHA Introduction
        1. 3.3.1.1 SHA features
      2. 3.3.2 SHA Performance
      3. 3.3.3 SHA Usage
        1. 3.3.3.1 Configuration
        2. 3.3.3.2 Setup
        3. 3.3.3.3 Operation
    4. 3.4 PKA
      1. 3.4.1 PKA Introduction
        1. 3.4.1.1 PKA features
      2. 3.4.2 PKA Usage
        1. 3.4.2.1 Configuration
        2. 3.4.2.2 Setup
        3. 3.4.2.3 Operation
    5. 3.5 PQC
      1. 3.5.1 ML-DSA
        1. 3.5.1.1 ML-DSA Introduction
        2. 3.5.1.2 ML-DSA Usage
          1. 3.5.1.2.1 Configuration
          2. 3.5.1.2.2 Setup
          3. 3.5.1.2.3 Operation
  7. 4Revision History

2.1.2 Security Attribution Unit

The security attribution unit (SAU) can be used by the programmer to define regions of memories security. The final security level uses both the SAU configuration and the IDAU configuration. For determining a section of memories security level take the higher security level between the SAU and IDAU. For example if the SAU defines a region as secure and the IDAU defines a region as non-secure the region is defined as secure.

On the MSPM33 devices the SAU is built to support defining 8 regions as Secure, non-secure, or non-secure callable.

Defining a region as secure

One major use case for the SAU is for is defining a region as secure or non-secure. To define a region the following steps are taken by writing to the SAU's registers

  1. Selecting which region to configure through the SAU->RNR register
  2. Selecting the regions base address using the SAU->RBAR register
  3. Set the SAU->RLAR to configure the size of the region
  4. Repeat steps 1 - 3 for all regions
  5. Configure the SAU->CTL register to propagate all of the configured regions