The Dual Code Security
Module (DCSM) is an integrated hardware security feature designed to
protect proprietary code and data stored in on-chip memories from
unauthorized access and reverse engineering. The DCSM provides
comprehensive access control mechanisms that prevent visibility to
secure memory contents through debugging tools (such as JTAG
interfaces) or unauthorized code execution.
Key Security
Features
DCSM provides two
independent security zones (Zone 1 and Zone 2), each with dedicated
secure resources and identical security mechanisms.
- Dual-Zone Protection: Two independent security zones
(Zone 1 and Zone 2) allow distinction of code ownership and
protection of multiple software modules on a single device.
Each zone operates with identical security mechanisms but
manages dedicated secure resources independently.
- CSM Password-Based Access Control: Each zone is protected
by a 128-bit password stored in One-Time Programmable (OTP)
memory. Access to secure memory contents requires successful
execution of the Password Match Flow (PMF) using the correct
password.
- Emulation Code Security Logic (ECSL): A 64-bit password
mechanism prevents unauthorized users from single-stepping
through secure code during debug sessions while maintaining
CSM protection
- Flexible Memory Allocation: On-chip RAM blocks and Flash
sectors can be dynamically allocated to either security zone
through configuration settings, providing flexibility in
partitioning secure and non-secure code regions.
- Execute-Only Protection: Critical code sections can be
designated as execute-only, allowing the CPU to fetch and
execute instructions while blocking all read access
attempts, even from other secure code.
- JTAG Lock Feature: The ability to completely disable JTAG
access to the device through password-protected JTAGLOCK
functionality, available exclusively in Zone 1.
- CRC Lock Feature: The ability to prohibit the VCU from
calculating CRC on secure memories.
The DCSM operates
transparently without interrupting CPU execution—unauthorized read
attempts to secure memory simply return zero values, allowing code
execution to continue normally