here is a conception question regarding the MPU usage.
Given that I have to protect some of relatively big size of sensitive data (private keys, specific secrets, parameters etc.) in my µC. However the CSEc does not provide me that big size of memory. Here comes 2 ideas into my mind
1- Encrypt all of the sensitive data w/ AES, then store them in the Flash area in ciphertext form and keep the AES key in CSEc.
2- Use a specific Flash partition to store the sensitive data and limit the access to that area by the MPU (Memory Protection Unit).
Although I assume the Option 1 is better, I can not find any concrete use case where the Option 2 may have disadvantages. Especially Option 2 is interesting if there is no CSEc module is available.
What would you think about the Option 1 and Option 2?
How would you criticize Option 2 from security perspective?
Thanks in advance for your support!