Table of Contents
Advertisement
RM0351
Opening the Firewall
As soon as the Firewall is enabled, it is closed. It means that most of the accesses to the
protected segments are forbidden (refer to
properties). In order to open the Firewall to interact with the protected segments, it is
mandatory to apply the "call gate" sequence described hereafter.
"call gate" sequence
The "call gate" is composed of 3 words located on the first three 32-bit addresses of the
base address of the code segment and of the Volatile data segment if it is declared as
not shared (VDS = 0) and executable (VDE = 1).
–
–
To open the Firewall, the code currently executed must jump to the 2
gate" and execute the code from this point. The 2nd word and 3rd word execution must not
be interrupted by any intermediate instruction fetch; otherwise, the Firewall is not
considered open and comes back to a close state. Then, executing the 3
receiving the intermediate instruction fetch would generate a system reset as a
consequence.
As soon as the Firewall is opened, the protected segments can be accessed as described in
Section 4.3.4: Segment accesses and
Closing the Firewall
The Firewall is closed immediately after it is enabled (clearing the FWDIS bit in the system
configuration register).
To close the Firewall, the protected code must:
•
Write the correct value in the Firewall Pre Arm Flag into the FW_CR register.
•
Jump to any executable location outside the Firewall segments.
If the Firewall Pre Arm Flag is not set when the protected code jumps to a non protected
segment, a reset is generated. This control bit is an additional protection to avoid an
undesired attempt to close the Firewall with the private information not yet cleaned (see the
note below).
For security reasons, following the application for which the Firewall is used, it is advised to
clean all private information from CPU registers and hardware cells.
1st word: Dummy 32-bit words always closed in order to protect the "call gate"
opening from an access due to a prefetch buffer.
2nd and 3rd words: 2 specific 32-bit words called "call gate" and always opened.
DocID024597 Rev 3
Section 4.3.4: Segment accesses and
properties.
Firewall (FW)
nd
word of the "call
rd
word after
127/1693
132
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32L4x6 and is the answer not in the manual?