SPRADK2A November   2024  – October 2025 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Supplemental Online Information
  6. SSU Overview
  7. Key Concept Definitions
  8. Safety and Security Goals
  9. System Design
  10. Configuring the SSU
    1. 7.1 Flash SECCFG Region
    2. 7.2 SSU Development Life Cycle
    3. 7.3 Using the SysConfig Tool
      1. 7.3.1 Enabling System Security Configuration
      2. 7.3.2 Configuring Application Modules
      3. 7.3.3 Configuring Special Modules
        1. 7.3.3.1 LINK2 Configuration
        2. 7.3.3.2 LINK1 Configuration
        3. 7.3.3.3 Common Code Link Configuration
      4. 7.3.4 Defining Sandboxes
      5. 7.3.5 Adding Shared Memory
  11. Debug Authorization
    1. 8.1 Password-Based Unlock
  12. Debugging the SSU
    1. 9.1 Debugging Build Errors
    2. 9.2 Debugging Runtime Errors
  13. 10SSU Frequently Asked Questions (FAQ)
  14. 11Summary
  15. 12References
  16. 13Revision History

7.3.4 Defining Sandboxes

Use Sandboxes in SysConfig to define groups of Application Modules that must have security isolation from other parts of the application. Each Sandbox is associated with an SSU STACK, and contains at least one Application Module, as well as a stack memory AP range. All LINKs associated with the Application Modules in the Sandbox have read-write access to the Sandbox stack memory; all other LINKs have no access. Each Sandbox is associated with one debug ZONE.

SysConfig defines a SECURE_GROUP in the linker command file for each Sandbox. This setting causes the linker to require protected calls for all function calls from other STACKs into the Sandbox STACK. By default, any unprotected call into a SECURE_GROUP causes the linker to generate an error. SysConfig provides an option to auto-generate trampolines and landing calls to satisfy the protected call requirement. When enabling this option, be sure to review the output linker map file to confirm that no undesired cross-STACK trampolines to untrusted code are generated.

Note: Cross-stack trampolines can add latency due to the requirement to save and restore CPU registers to or from stack memory, potentially impacting application performance. For best performance, implement protected function calls directly in application code by adding __attribute__((c29_protected_call)) to the function definition.
Note: STACK1 configuration can be accessed under the Special Modules tab.