MCU Secure Storage#

Introduction#

MCU Secure Storage exposes eight 32-bit retention registers (REG0–REG7) for sensitive or persistent data on Si91x. REG0–REG3 are protected by a hardware write key; REG4–REG7 are general-purpose storage in the same block without key gating. Values typically survive reset;

Features#

Per-register access:sl_si91x_secure_storage_write_register and sl_si91x_secure_storage_read_register operate on one register at a time.
Key handling in software: Each sl_si91x_secure_storage_write_register call unlocks then re-locks MCU_STORAGE_WRITE_KEY; hardware only requires that for REG0–REG3; REG4–REG7 use the same sequence for one implementation path.
NWP protection:sl_si91x_secure_storage_enable_protection_and_lock requests write protection through the NWP when enabled in configuration.
Hardware sharing: The same peripheral block is shared with MCU temperature (MCU_TEMP); coordinate use at the application level.

Usage#

Write required data: For each register that must change, call sl_si91x_secure_storage_write_register with mcu_secure_storage_register_t and the 32-bit value. Repeat until all intended REG0–REG7 updates are complete.
** NWP protection:** If ENABLE_SECURE_PROTECTION is 1, call sl_si91x_secure_storage_enable_protection_and_lock once after writes are finished. If it returns SL_STATUS_NOT_AVAILABLE, protection was not compiled in; handle per product policy.
Read back: Use sl_si91x_secure_storage_read_register to read any register (for verification, boot checks, or runtime use).

Notes#

Register contents may already match desired values on a second boot; applications may read first and skip redundant writes.
For more context and an example flow, see the WiSeConnect MCU Secure Storage example application.

Enumerations#

enum

mcu_secure_storage_register_t {

MCU_STORAGE_REG0

MCU_STORAGE_REG1

MCU_STORAGE_REG2

MCU_STORAGE_REG3

MCU_STORAGE_REG4

MCU_STORAGE_REG5

MCU_STORAGE_REG6

MCU_STORAGE_REG7

MCU_STORAGE_REGISTER_LAST

}

Shared hardware note for consumers of this service.

Functions#

sl_status_t

sl_si91x_secure_storage_write_register(mcu_secure_storage_register_t register_index, uint32_t value)

Write a 32-bit value to one secure storage register (MCU_STORAGE_REG0–MCU_STORAGE_REG7). The driver unlocks then re-locks MCU_STORAGE_WRITE_KEY around the store so that writes to REG0–REG3 (hardware key-gated) succeed. REG4–REG7 are not key-gated in hardware; the driver still runs the same unlock/lock sequence for every index (harmless for REG4–REG7), giving one code path and matching this implementation.

sl_status_t

sl_si91x_secure_storage_read_register(mcu_secure_storage_register_t register_index, uint32_t *value)

Read a 32-bit value from one secure storage register (MCU_STORAGE_REG0–MCU_STORAGE_REG7).

sl_status_t

sl_si91x_secure_storage_enable_protection_and_lock(void)

Request MCU secure storage write protection through the M4–NWP secure handshake (SL_SI91X_MCU_SECURE_STORAGE_ENABLE_PROTECTION). Use when NWP-backed protection is required (for example before sleep or a secure handoff). When protection is disabled in configuration (ENABLE_SECURE_PROTECTION is 0), this API returns SL_STATUS_NOT_AVAILABLE and performs no handshake.

Enumeration Documentation#

mcu_secure_storage_register_t#

mcu_secure_storage_register_t

Shared hardware note for consumers of this service.

Secure storage and the MCU temperature sensor (MCU_TEMP) share the same hardware block; do not use both concurrently without coordination.

Enumeration of the eight MCU secure storage data registers (REG0–REG7).

Enumerator
MCU_STORAGE_REG0	MCU Storage register 0.
MCU_STORAGE_REG1	MCU Storage register 1.
MCU_STORAGE_REG2	MCU Storage register 2.
MCU_STORAGE_REG3	MCU Storage register 3.
MCU_STORAGE_REG4	MCU Storage register 4.
MCU_STORAGE_REG5	MCU Storage register 5.
MCU_STORAGE_REG6	MCU Storage register 6.
MCU_STORAGE_REG7	MCU Storage register 7.
MCU_STORAGE_REGISTER_LAST	Sentinel: invalid index (not a storage register)

Function Documentation#

sl_si91x_secure_storage_write_register#

sl_status_t sl_si91x_secure_storage_write_register (mcu_secure_storage_register_t register_index, uint32_t value)

Parameters

Type	Direction	Argument Name	Description
mcu_secure_storage_register_t	[in]	register_index	Target register; must be less than MCU_STORAGE_REGISTER_LAST.
uint32_t	[in]	value	32-bit value to write.

None.

Returns

sl_status_t SL_STATUS_OK on success, SL_STATUS_INVALID_PARAMETER if register_index is out of range. For more information on status codes, refer to SL STATUS DOCUMENTATION.

sl_si91x_secure_storage_read_register#

sl_status_t sl_si91x_secure_storage_read_register (mcu_secure_storage_register_t register_index, uint32_t * value)

Read a 32-bit value from one secure storage register (MCU_STORAGE_REG0–MCU_STORAGE_REG7).

Parameters

Type	Direction	Argument Name	Description
mcu_secure_storage_register_t	[in]	register_index	Source register; must be less than MCU_STORAGE_REGISTER_LAST.
uint32_t *	[out]	value	Pointer to location that receives the read value; must not be NULL.

None.

Returns

sl_status_t SL_STATUS_OK on success, SL_STATUS_NULL_POINTER if value is NULL, or SL_STATUS_INVALID_PARAMETER if register_index is out of range. For more information on status codes, refer to SL STATUS DOCUMENTATION.

sl_si91x_secure_storage_enable_protection_and_lock#

sl_status_t sl_si91x_secure_storage_enable_protection_and_lock (void )

Parameters

Type	Direction	Argument Name	Description
void	N/A

Secure protection must be enabled in configuration: ENABLE_SECURE_PROTECTION set to 1 in sl_si91x_secure_storage_config.h. Call after required register values have been written.

Returns

sl_status_t SL_STATUS_OK if the handshake succeeds; SL_STATUS_NOT_AVAILABLE if protection is not enabled in configuration; otherwise the error status returned from the handshake. For more information on status codes, refer to SL STATUS DOCUMENTATION.