User Manual
Apollo3 Blue Datasheet
DS-A3-0p9p1 Page 812 of 909 2019 Ambiq Micro, Inc.
All rights reserved.
This 32-bit word contains the customer programmable security.
Table 1174: SECURITY Register
3
1
3
0
2
9
2
8
2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0
1
9
1
8
1
7
1
6
1
5
1
4
1
3
1
2
1
1
1
0
0
9
0
8
0
7
0
6
0
5
0
4
0
3
0
2
0
1
0
0
RSVD
SECPOL
KEYWRAP
RSVD
SECBOOTONRST
RSVD
SECBOOT
PLONEXIT
SDBG
BOOTLOADER_AT_RESET
EN_CUST_INFO_ERASE
EN_CUST_INFO_PROG
SECURE_LOCK
SRAM_WIPE
SWO_CTRL
DEBUG_PROT
Table 1175: SECURITY Register Bits
Bit Name Reset RW Description
31:27 RSVD 0x3f
Reserved.
26:24 SECPOL 0x7
Defines the minimum security level required
DIS = 0x0 - No policy enforced
AUTH = 0x1 - If bit[0] is set, Authentication is required
ENC = 0x2 - If bit[1] is set, Encryption is required
ARB = 0x4 - If bit[2] is set, Anti-Rollback is required (future support)
23:20 KEYWRAP 0xf
Key wrap method used to validate customer program image. (used by boot-
loader SW)
NOWRAP = 0x0 - No key wrap
XORWRAP = 0x1 - XOR based key wrap
AES128WRAP = 0x2 - AES-128 based key wrap
19 RSVD 0x1
Reserved.
18:16
SEC-
BOOTONRST
0x7
Enable secure boot at warm reset. All other encodings not listed will result in
an error.
SBOREN = 0x2 - Secure boot on reset enable
SBORDIS = 0x5 - Secure boot on reset disabled
15 RSVD 0x1
Reserved.
14:12 SECBOOT 0x7
Enable secure boot. All other encodings not listed will result in an error.
SBEN = 0x2 - Secure boot enable
SBDIS = 0x5 - Secure boot disabled
11 PLONEXIT 0x1
Flash Protection Lock on bootloader exit. (used by bootloader SW)
PLNS = 0x0 - Protection lock will remain not set, allowing customer firmware
to set.
PLS = 0x1 - Flash Protection lock will be set before handoff to customer
firmware.