I'm trying to understand the finer details of secure boot for LPC55S69 chips.
What is the meaning of the acronym CC_SOCU in the registers CC_SOCU_PIN, CC_SOCU_DFLT of CMPA and DCFG_CC_SOCU_PIN,DCFG_CC_SOCU_DFLT in CFPA?
And why are there PIN and DFLT versions? And how do the variants in CFPA and CMPA interact?
Despite AN12283, this part of the documentation is quite lacking currently.
These registers ( CC_SOCU_PIN, CC_SOCU_DFLT of CMPA and DCFG_CC_SOCU_PIN,DCFG_CC_SOCU_DFLT in CFPA ) are related with OEM tier1 and teir2 lifecycles states.
• The module maker who is referred as Tier-1 developer can develop secure code and define access rights to his module using CC_SOCU_PIN & CC_SOCU_DFLT.
• Configuration can be such that debug access to secure module is blocked but
non-secure debug is always allowed.
• Once the module is ready, Tier-1 developer can release the module to OEM (a.k.a.
tier-2 developer), but block debug access to secure mode and enable debug access
to non-secure mode.
• Tier-2 developer can develop non-secure module and extend access rights
configuration to that module using CC_SOCU_DFLT_NS and CC_SOCU_PIN_NS.
SoCU_DFLT setting defines the default access rights for corresponding debug domains.
– If bit is set, access is allowed. Otherwise access is denied.
SoCU_PIN setting defines if debug authentication process can modify the access rights defined by SoCU_DFLT:
– If bit is clear, access rights to corresponding debug domain are determined via debug authentication process.
– If bit is set, access right as defined SoCU_DFLT cannot be altered.
Have a nice day,
To add to this: The information is in chapter 51 of the user manual on the debug subsystem.
- UM11126 51.7.1 expands DCFG_CC to "Device Configuration for Credential Constraints"
- 51.7.7 has a glossary that expands a few more things. SOCU is apparently SoC Usage
- PIN appears to mean pin as in pinned or fixed