
104
32099I–01/2012
AT32UC3L016/32/64
9.
Secure Access Unit (SAU)
Rev: 1.1.0.3
9.1
Features
 Remaps registers in memory regions protected by the MPU to regions not protected by the MPU
 Programmable physical address for each channel
 Two modes of operation: Locked and Open
– In Locked Mode, access to a channel must be preceded by an unlock action
 An unlocked channel remains open only for a specific amount of time, if no access is
performed during this time, the channel is relocked
 Only one channel can be open at a time, opening a channel while another one is open
locks the first one
 Access to a locked channel is denied, a bus error and optionally an interrupt is returned
 If a channel is relocked due to an unlock timeout, an interrupt can optionally be
generated
– In Open Mode, all channels are permanently unlocked
9.2
Overview
In many systems, erroneous access to peripherals can lead to catastrophic failure. An example
of such a peripheral is the Pulse Width Modulator (PWM) used to control electric motors. The
PWM outputs a pulse train that controls the motor. If the control registers of the PWM module
are inadvertently updated with wrong values, the motor can start operating out of control, possi-
bly causing damage to the application and the surrounding environment. However, sometimes
the PWM control registers must be updated with new values, for example when modifying the
pulse train to accelerate the motor. A mechanism must be used to protect the PWM control reg-
isters from inadvertent access caused by for example:
 Errors in the software code
 Transient errors in the CPU caused by for example electrical noise altering the execution path
of the program
To improve the security in a computer system, the AVR32UC implements a Memory Protection
Unit (MPU). The MPU can be set up to limit the accesses that can be performed to specific
memory addresses. The MPU divides the memory space into regions, and assigns a set of
access restrictions on each region. Access restrictions can for example be read/write if the CPU
is in supervisor mode, and read-only if the CPU is in application mode. The regions can be of dif-
ferent size, but each region is usually quite large, e.g. protecting 1 kilobyte of address space or
more. Furthermore, access to each region is often controlled by the execution state of the CPU,
i.e. supervisor or application mode. Such a simple control mechanism is often too inflexible (too
coarse-grained chunks) and with too much overhead (often requiring system calls to access pro-
tected memory locations) for simple or real-time systems such as embedded microcontrollers.
Usually, the Secure Access Unit (SAU) is used together with the MPU to provide the required
security and integrity. The MPU is set up to protect regions of memory, while the SAU is set up
to provide a secure channel into specific memory locations that are protected by the MPU.
These specific locations can be thought of as fine-grained overrides of the general coarse-
grained protection provided by the MPU.