Posted on November 09, 2016 at 14:57Hello,
I'm trying to use the firewall on STM32L486 MCU and I'm faced with a problem.
I have a security code with one entry point and a private data that should be protected by firewall.
I'm trying to prevent reading of private data directly. Only the protected code should operate the private data.
Security code and private data are placed in internal flash.
Security code starts at address 0x0803D004, size 0x0FFC (code segment).
Firewall entry point should be placed with 4 bytes offset from code segment start address.
Private data starts at address 0x0803E000, size 0x1000 (non-volatile data segment).
According to STM32L486 reference manual the firewall is configured as follow:
FIREWALL->CSSA = 0x0803D000; //code segment start address
FIREWALL->CSL = 0x1000; //code segment length
FIREWALL->NVDSSA = 0x0803E000; //non-volatile data segment start address
FIREWALL->NVDSL = 0x1000; //non-volatile data segment length
Test 1. Main application is running into internal flash. Main application is calling protected code - everything is ok.
Test 2. Main application is running into internal flash. Main application is reading private data directly - system reset is occurred as expected.
But my main application should be run into external flash.
Test 3. Main application is running into external flash. Main application is calling protected code - everything is ok.
And the main problem...
Test 4. Main application is running into external flash. Direct reading of private data is successfull.
I expected that direct reading will cause the system reset. But it's not happening
Firewall is configured properly, security code and private data are placed at the appropriate addresses.
Hope you will give me some good suggestions.
Thanks,
#firewall #stm32l486
