AT32UC3C2512C Automotive Atmel Corporation, AT32UC3C2512C Automotive Datasheet - Page 430

AT32UC3C2512C Automotive

Manufacturer Part Number

AT32UC3C2512C Automotive

Description

Manufacturer

Atmel Corporation

Datasheets

1.AT90CAN128_AUTOMOTIVE.pdf (225 pages)

2.AT32UC3C0512C_AUTOMOTIVE.pdf (1312 pages)

3.AT32UC3C0512C_AUTOMOTIVE.pdf (107 pages)

Current page: 430 of 1312
Download datasheet (20Mb)

22. Secure Access Unit (SAU)

22.1

22.2

9166C–AVR-08/11

Features

Overview

Rev: 1.1.1.3

•

In many systems, erroneous access to peripherals can lead to catastrophic failure. An example

of such a peripheral is the Pulse Width Modulator (PWM) used to control electric motors. The

PWM outputs a pulse train that controls the motor. If the control registers of the PWM module

are inadvertently updated with wrong values, the motor can start operating out of control, possi-

bly causing damage to the application and the surrounding environment. However, sometimes

the PWM control registers must be updated with new values, for example when modifying the

pulse train to accelerate the motor. A mechanism must be used to protect the PWM control reg-

isters from inadvertent access caused by for example:

To improve the security in a computer system, the AVR32UC implements a Memory Protection

Unit (MPU). The MPU can be set up to limit the accesses that can be performed to specific

memory addresses. The MPU divides the memory space into regions, and assigns a set of

access restrictions on each region. Access restrictions can for example be read/write if the CPU

is in supervisor mode, and read-only if the CPU is in application mode. The regions can be of dif-

ferent size, but each region is usually quite large, e.g. protecting 1 kilobyte of address space or

more. Furthermore, access to each region is often controlled by the execution state of the CPU,

i.e. supervisor or application mode. Such a simple control mechanism is often too inflexible (too

coarse-grained chunks) and with too much overhead (often requiring system calls to access pro-

tected memory locations) for simple or real-time systems such as embedded microcontrollers.

Usually, the Secure Access Unit (SAU) is used together with the MPU to provide the required

security and integrity. The MPU is set up to protect regions of memory, while the SAU is set up

to provide a secure channel into specific memory locations that are protected by the MPU.

These specific locations can be thought of as fine-grained overrides of the general coarse-

grained protection provided by the MPU.

• Errors in the software code

• Transient errors in the CPU caused by for example electrical noise altering the execution path

Remaps registers in memory regions protected by the MPU to regions not protected by the MPU

Programmable physical address for each channel

Two modes of operation: Locked and Open

of the program

– In Locked Mode, access to a channel must be preceded by an unlock action

– In Open Mode, all channels are permanently unlocked

• An unlocked channel remains open only for a specific amount of time, if no access is

• Only one channel can be open at a time, opening a channel while another one is open

• Access to a locked channel is denied, a bus error and optionally an interrupt is returned

• If a channel is relocked due to an unlock timeout, an interrupt can optionally be

performed during this time, the channel is relocked

locks the first one

generated

AT32UC3C

430

AT32UC3C2512C Automotive Atmel Corporation, AT32UC3C2512C Automotive Datasheet - Page 430

AT32UC3C2512C Automotive

Related parts for AT32UC3C2512C Automotive