How it Works
NXP Semiconductors
Loading...
LPC55S6
Application Note
12 pgs740.05 Kb0

NXP Semiconductors LPC55S6 Application Note

AN12326
LPC55S6x Secure GPIO and Usage
Rev. 0 — 15 January 2019
Contents
1 Background
LPC55S6x has Secure GPIO module whose usage is closely related to normal GPIO, TrustZone, and Secure AHB Controller. This section briefly introduces these functions. For more information, refer to LPC55S6x User Manual.
1.1 TrustZone and Secure AHB Controller
1.1.1 TrustZone
TrustZone for Armv8-M are available on all LPC55S6x devices to protect secure resources from malicious code. Such secure resources may include secure memory blocks (code/data), and secure peripherals. It is achieved by segmentation of address space into either Secure (S) or Non-secure (NS). TrustZone can filter address access from CPU0 based on specific security attribute (S, NS) assigned to that address space.
As shown in Fig 1, CM33 CPU in Secure state (CPU-S) can execute instructions from Secure memory (S-memory), but not allowed to execute instructions directly from Non-secure memory (NS-memory). However, CPU­S can access data in both S-memory and NS-memory. CPU-NS can execute instructions only from NS-memory, and not allowed to execute instructions from S-memory. CPU-NS can access data only in NS-memory, but not allowed to access data from S-memory.
1 Background..........................................1
1.1 TrustZone and Secure
AHB Controller........................ 1
1.2 Normal GPIO...........................3
2 Secure GPIO, Secure GPIO Mask
and Secure PINT................................4
2.1 Secure GPIO Mask.................6
2.2 Secure GPIO...........................6
2.3 Secure PINT........................... 6
3 Usage.................................................... 6
3.1 Use Secure GPIO Mask to protect Secure digital
peripherals which need IO...... 6
3.2 Set one IO to Secure GPIO.... 7
3.3 Usage of Secure PINT............8
4 Example................................................ 9
4.1 Environment............................9
4.2 Steps and result......................9
5 Conclusion..........................................11
6 Revision history................................. 11
Application Note
NXP Semiconductors
Background
Figure 1. Secure state and Non-secure state view for TrustZone
In summary:
• NS application code “trust” that secure code, does not corrupt/modify NS code or data inadvertently or on purpose to create malfunction or hazard
• S application code does not “trust” NS application code and disallows access to a CPU-NS
1.1.2 Secure AHB Controller
The LPC55S6x implements second layer of protection with Secure AHB Controller to provide secure trusted execution at system­level.
With Secure AHB Controller, you can configure security access rules for each peripheral.
By default, CM33 CPU in Secure state (CPU-S) can access the peripherals in both S-state and NS-state. CM33 CPU in Non­secure state (CPU-NS) can only access the peripherals in NS-state. As shown in Fig 2.
LPC55S6x Secure GPIO and Usage, Rev. 0, 15 January 2019
Application Note
2 / 12
NXP Semiconductors
Background
Figure 2. Secure-state and Non-secure state view for TrustZone and Secure AHB Controller
1.2 Normal GPIO
Normal GPIO is the most common digital peripheral in a microcontroller. Normal GPIO of LPC MCU is very flexible and powerful. Like SPI, UART and so on, a normal GPIO is also a digital peripheral in the MCU. Following is a simple block diagram of the normal GPIO. The normal GPIO can read a pin state regardless of pin function configured. For example, if this pin is configured as UART, then the pin state can be read via normal GPIO read.
LPC55S6x Secure GPIO and Usage, Rev. 0, 15 January 2019
Application Note
3 / 12
NXP Semiconductors
Secure GPIO, Secure GPIO Mask and Secure PINT
Figure 3. Normal GPIO
2 Secure GPIO, Secure GPIO Mask and Secure PINT
Due to the architecture of normal GPIO, all digital IO pins states are readable through normal GPIO module from the GPIO read path, independent of which function is chosen for this pin as aforementioned. As a result, there is a possibility of leaking information from secure resource(S).
For example, when a UART is configured as a Secure peripheral, which means that this UART is only allowed to be accessed by the Secure-world (i.e. code), not by the Non-secure world.
However, in this case, the UART pin states can still be monitored by Non-secure world through normal GPIO read path as shown in Fig 3. Hence, the Non-secure world can get all the Secure UART’s information.
To solve this issue and safeguard incoming data on Secure peripherals, Secure GPIO Mask is implemented on LPC55S6x.
LPC55S6x Secure GPIO and Usage, Rev. 0, 15 January 2019
Application Note
4 / 12
Loading...
+ 8 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use