SAUL Access Outside of SYSFW

This guide describes which cryptographic accelerator features are available for access outside of System Firmware and how host software may gain access to the its resources.


SAUL is the crypto accelerator subsystem in TIs K3 family of devices. Each SoC has one or more instances of this subsystem. On High Secure (HS) devices, portions of an SAUL subsystem are dedicated to support authentication and decryption services in System Firmware, while other portions are freely avable for host software to access. System Firmware does not use any SAUL resources on General Purpose (GP) devices, and on HS devices with multiple SAUL instances System Firmware does not use the resources on the additional instances. For example:


SoC Number of SA2UL instances Device Used by System Firmware Host access available
am64x 1 AM64X_DEV_SA2_UL0 Yes Limited
am65x 1 AM6_DEV_SA2_UL0 Yes Limited
j721e 2 J721E_DEV_MCU_SA2_UL0 Yes Limited
J721E_DEV_SA2_UL0 No Yes
j721s2 2 J721S2_DEV_SA2_CPSW_PSILSS0 No Yes
J721S2_DEV_SA2_UL0 No Yes
j784s4 2 J784S4_DEV_SA2_CPSW_PSILSS0 No Yes
J784S4_DEV_SA2_UL0 No Yes
j7200 1 J7200_DEV_MCU_SA2_UL0 Yes Limited


SoC Number of SA3UL instances Used by System Firmware Host access available
am62ax 1 Yes No
am62x 1 Yes No
j721s2 1 Yes No
j784s4 1 Yes No


This does not cover the overview of SAUL or its functional description - please refer to the device TRM for further details.

SAUL Resource Availability

The following table describes the access policies for all SAUL instances on GP and HS devices

Resource SAUL instance GP Policy HS Policy
Control MMR Primary Open Access Read-only access
Others Open Access
MMRA Primary Open Access Reserved for System Firmware. System Firmware enables all engines at device boot. Software must confirm engine status from base control MMR.
Others Open Access
ECC Aggregator MMR (for SAUL memories) Primary Open Access Open Access
TRNG MMR Primary Open Access. Engine must be enabled by host software. Open access. Engine is enabled indefinitely by System Firmware and cannot be modified.
Others Open Access. Engine must be enabled by host software.
PKA MMR Primary Open Access. Engine must be enabled by host software. Reserved for System Firmware. Not availablere for host access.
Others Open Access. Engine must be enabled by host software.
PSIL Threads Primary Full access to all threads 0:M-1 and 0:N-1, where M refers to the total number of ingress threads and N refers to the total egress threads (M * 2 = N). All related engines must beenabled by host software. System Firmware owns secure threads: ingress thread 0, egress thread 0,1. Open access to ingress thread 1:M-1 and egress threads 2:N-1 only.
Others Open Access to all threads. All related engines must be enabled by host software.

Resource Access

Resources listed as open to host software may be accessed through various API available in System Firmware

MMR access

Open MMR regions can be accessed as follows:

  • On GP devices, MMRs are open for read/write at device boot
  • On HS devices, MMRs are behind unowned firewall regions and configured for read/write access by all initiators (wildcard access). Permissions can be updated through TISCI_MSG_SET_FWL_REGION API. Firewall ownership can be transitioned by TISCI_MSG_CHANGE_FWL_OWNER API in case the host would like to enforce stricter control access to the module.
    • TRNG values may be used for deriving sensitive data (e.g. key generation). Host software may claim firewall ownership and restrict all read/write permissions to just itself in order to prevent eavesdroppers from obtaining the TRNG values. The host can then choose to release the firewall ownership by setting the owner back to none if other hosts require direct access to the module.

Read-only regions are owned by System Firmware and have permissions set up such that all hosts may read the MMR.

PSIL thread access

All PSIL thread pairing and unpairing is performed by the TISCI_MSG_RM_PSIL_PAIR and TISCI_MSG_RM_PSIL_WRITE API.