RM0367 Rev 7 131/1043
RM0367 Firewall (FW)
141
5.3 Firewall functional description
5.3.1 Firewall AMBA bus snoop
The Firewall peripheral is snooping the AMBA buses on which the memories (volatile and
non-volatile) are connected. A global architecture view is illustrated in Figure 8.
Figure 8. STM32L0x3 firewall connection schematics
5.3.2 Functional requirements
There are several requirements to guaranty the highest security level by the application
code/data which needs to be protected by the Firewall and to avoid unwanted Firewall alarm
(reset generation).
Debug consideration
In debug mode, if the Firewall is opened, the accesses by the debugger to the protected
segments are not blocked. For this reason, the Read out level 2 protection must be active in
conjunction with the Firewall implementation.
If the debug is needed, it is possible to proceed in the following way:
• A dummy code having the same API as the protected code may be developed during
the development phase of the final user code. This dummy code may send back
coherent answers (in terms of function and potentially timing if needed), as the
protected code should do in production phase.
• In the development phase, the protected code can be given to the customer-end under
NDA agreement and its software can be developed in level 0 protection. The customer-
end code needs to embed an IAP located in a write protected segment in order to allow
future code updates when the production parts will be Level 2 ROP.
MS32388V3
CORTEX M0+
DMA
Flash program
memory and data
EEPROM
I
N
T
E
R
F
A
C
E
B
U
S
M
A
T
R
I
X
FIREWALL
SRAM
AHB Master 1
AHB Master 2
AHB Slave
AHB Slave
To Next Page
Loading...
Need help?
General
