How it Works
NXP
Loading...
AN13094
Application Note
13 pgs1.3 Mb0
Table of contents
Loading...

NXP AN13094, LPC55S Application Note

AN13094
Using FreeRTOS on LPC55Sxx Series Microcontrollers with TrustZone
Rev. 0 — January 15, 2020
by: NXP Semiconductors

Contents

1 Introduction

The LPC55Sxx series MCU is a microcontroller based on the Arm Cortex®-M33 core, using the ARMv8-M architecture with TrustZone enabled. LPC55S69 is one of the high-performance MCUs, including two Cortex-M33 cores, and CPU0 supports the security extension of TrustZone-M. FreeRTOS is a lightweight embedded operating system. It has the characteristics of open source code, portability, tailorability, and flexible scheduling strategy. It can be easily transplanted to various embedded controllers and has been widely used in various embedded products. This document takes an LPC55S69 as example to describe how to use FreeRTOS in an ARMv8-M processor that supports TrustZone.
®

2 Features of TrustZone technology

TrustZone technology has the following features:
1 Introduction......................................1
2 Features of TrustZone technology
........................................................ 1
3 Security environment configuration
........................................................ 2
3.1 TEE tool....................................... 2
3.2 Secure/Non-secure state switch
.....................................................3
4 FreeRTOS usage with TrustZone... 4
4.1 FreeRTOS example with
TrustZone in SDK v2.8.................5
4.2 A safer way to use FreeRTOS...11
5 Reference......................................12
Application Note
• Allows users to divide memory map into Secure and Non-Secure regions.
• Blocks the debugging of secure code/data when not authenticated.
• CPU includes Security Attribution Unit (SAU) as well as a duplication of NVIC, MPU, SYSTICK, core control registers, etc. Secure/Non-Secure codes have access to their own allocated resources.
• Stack management expands from two-stack pointers in original Cortex-M, Main Stack Pointer (MSP) and Process Stack Pointer (PSP), to four, providing the above pairs individually to both Secure and Non-Secure.
• Introduces the concept of Secure Gateway opcode to allow secure code to define a strict set of entry points into it from a Non-secure code.
TrustZone technology address some of the following security requirements of embedded systems directly.
• Data protection
Sensitive data are stored in Secure memory spaces and are only accessed by Secure software. Only after security check or authentication, non-secure software can access to Secure APIs providing services to the Non-secure domain.
• Firmware protection
The pre-loaded firmware is stored in Secure memories to prevent it from being reverse engineered and compromised by malicious attacks. TrustZone technology for ARMv8-M can work with extra protection techniques. For example, device level read-out protection, a technique that is commonly used in the industry today, can be used with TrustZone technology for ARMv8-M to protect the completed firmware of the final product.
• Operation protection
Software for critical operations can be pre-loaded as Secure firmware and the appropriate peripherals can be configured to permit access from the Secure state only. In this way, the operations can be protected from intrusion from the Non-secure side.
• Secure boot
NXP Semiconductors
Security environment configuration
The Secure boot mechanism enables the confidence in the platform, as it will always boot from Secure memory.

3 Security environment configuration

This section introduces how to configure the security environment to use TrustZone technology to protect the important resources of the system. LPC55S69 provides two levels of protection: CPU-level protection and system-level protection. TrustZone is located inside CPU0 and belongs to CPU-level protection. In addition, LPC55S69 uses secure AHB controller to provide a layer of system-level protection, as shown in Figure 1.
Figure 1. Two-level protection of LPC55S69
The configuration of the LPC55S69 security environment includes two parts: the configuration of TrustZone and the configuration of the Secure AHB controller. The configuration of TrustZone is mainly the configuration of SAU.

3.1 TEE tool

The configuration of the security environment can be implemented by manually configuring the corresponding registers, or by using NXP’s Trusted Execution Environment (TEE) tool. It is recommended that developers use TEE tool to quickly implement the configuration of TrustZone and secure AHB controller. Figure 2 shows the GUI interface of TEE tool.
Using FreeRTOS on LPC55Sxx Series Microcontrollers with TrustZone, Rev. 0, January 15, 2020
Application Note 2 / 13
NXP Semiconductors
Security environment configuration
Figure 2. GUI interface of TEE tool
For details on using TEE tool, see
User Guide for MCUXpresso Config Tools (Desktop)
(document GSMCUXCTUG).

3.2 Secure/Non-secure state switch

After configuring the security environment of LPC55S69, users can use some special functions in the actual project to switch between secure and non-secure states. Here are two special functions: Non-secure Callable (NSC function/Entry function) and Non-secure function.
• NSC function
NSC functions are the secure functions that can be called by non-secure functions. NSC function needs to be defined with the __attribute__((cmse_nonsecure_entry)) attribute. The example is as below.
__attribute__((cmse_nonsecure_entry)) void vToggleGreenLED(void)
{
/* Toggle the on-board green LED. */
GPIO_PortToggle(GPIO, LED_PORT, (1U << GREEN_LED_PIN));
}
• Non-secure function
Non-secure functions are the functions that can be called by secure functions. Non-secure function needs to be defined with the __attribute_((cmse_nonsecure_call)) attribute. The example is as below.
Typedef void _attribute_((cmse_nonsecure_call)) nsfunc(void);
Nsfunc *FunctionPointer;
FunctionPointer = cmse_nsfptr_create((nsfunc *) (0x21000248u));
If (cmse_is_nsfptr(FunctionPointer))
FunctionPointer();
NOTE
Non-secure functions must be called by the way of function pointers.
Using FreeRTOS on LPC55Sxx Series Microcontrollers with TrustZone, Rev. 0, January 15, 2020
Application Note 3 / 13
NXP Semiconductors
FreeRTOS usage with TrustZone
For more details about secure/non-secure state switching, see documents on TrustZone technology for ARMv8-M Architecture.

4 FreeRTOS usage with TrustZone

This section describes how to run FreeRTOS in LPC55S69 with TrustZone enabled. Officially FreeRTOS provides FreeRTOS examples that support TrustZone to run on LPC55S69. FreeRTOS can be downloaded from Free RTOS. The path of LPC55S69 example is
FreeRTOS/Demo/CORTEX_MPU_M33F_NXP_LPC55S69_MCUXpresso
, as shown in Figure 3.
Figure 3. LPC55S69 FreeRTOS example
FreeRTOS provide documents about this demo. The documents can be downloaded from RTOS.
NXP's LPC55S69 SDK also provides a FreeRTOS example that supports TrustZone. The project name is the path of the example is
freertos_tzm
project is as shown in Figure 4.
/SDK_2.8.2_LPCXpresso55S69_IAR/boards/lpcxpresso55s69/rtos_examples/freertos_tzm
freertos_tzm
and
. The
Using FreeRTOS on LPC55Sxx Series Microcontrollers with TrustZone, Rev. 0, January 15, 2020
Application Note 4 / 13
Loading...
+ 9 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use