Zilog EZ80F91GA User Manual

ZGATE

™

Technologies

ZGATE™ Embedded Security Development Kit

User Manual

UM024502-1012

www.zilog.com

ZGATE Embedded Security Development Kit

Warning:

User Manual

DO NOT USE THIS PRODUCT IN LIFE SUPPORT SYSTEMS.

LIFE SUPPORT POLICY

ZILOG’S PRODUCTS ARE NOT AUTHORIZED FOR USE AS CRITICAL COMPONENTS IN LIFE SUPPORT DEVICES OR SYSTEMS WITHOUT THE EXPRESS PRIOR WRITTEN APPROVAL OF THE PRESIDENT AND GENERAL COUNSEL OF ZILOG CORPORATION.

As used herein

Life support devices or systems are devices which (a) are intended for surgical implant into the body, or (b) support or sustain life and whose failure to perform when properly used in accordance with instructions for use provided in the labeling can be reasonably expected to result in a significant injury to the user. A critical component is any componen t in a li fe supp ort device o r syste m whose failure to p erform ca n be re asonably expected to cause the failure of the life support device or system or to affect its safety or effectiveness.

Document Disclaimer

©2012 Zilog, Inc. All rights reserved. Information in this publication concerning the devices, applications, or technology described is intended to suggest possible uses and may be superseded. ZILOG, INC. DOES NOT ASSUME LIABILITY FOR OR PROVIDE A REPRESENTATION OF ACCURACY OF THE INFORMATION, DEVICES, OR TECHNOLOGY DESCRIBE D IN THIS DOCUMENT. ZILOG ALSO DOES NOT ASSUME LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT RELATED IN ANY MANNER TO USE OF INFORMATION, DEVICES, OR TECHNOLOGY DESCRIBED HEREIN OR OTHERWISE. The information contained within this document has been verified according to the general principles of electrical and mechanical engineering.

ZGATE, eZ80, eZ80Acclaim! and eZ80AcclaimPl us! are trademarks or registered trademarks of Zilog, Inc. All other product or service names are the property of their respective owners.

UM024502-1012

Revision History

Each instance in the Revision History table below reflects a change to this document from its previous version. For more details, click the appropriate links in the table.

Revision

Date

Oct 2012

Level Description Page

02 Corrected figures for improved image quality. 17

01 Original issue. n/a

ZGATE Embedded Security Development Kit

User Manual

, 35, 36, , 39, 41,

37 42

iii

UM024502-1012 Revision History

ZGATE Embedded Security Development Kit

Caution:

User Manual

Safeguards

The following precautions must be observed when working with the devices described in this document.

Always use a grounding strap to prevent damage resulting from electrostatic discharge (ESD).

Safeguards UM024502-1012

Revision History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii

Safeguards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iv

List of Figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi

The ZGATE Embedded Security Development Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Kit Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Kit Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Download and Install the ZDS II Software and Documentation . . . . . . . . . . . . . . . . . 4

Download and Install the Source Code and Documentation . . . . . . . . . . . . . . . . . . . 4

Installing the USB Smart Cable Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Windows 7 32/64 Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Windows Vista 32/64 Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Windows XP Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Installing the FTDI USB-to-UART Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Connecting the ZGATE Embedded Security Development Board to your PC . . . . . 8

Starting the ZGATE Demo Sample Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Recovering the ZGATE Image in eZ80F91 Internal Flash . . . . . . . . . . . . . . . . . . . 12

Using the ZGATE Demo Sample Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Persistent ZGATE Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Altering the ZGATE Static Configuration Settings . . . . . . . . . . . . . . . . . . . . . . 18

Integrating an Existing ZTP Application with ZGATE . . . . . . . . . . . . . . . . . . . . . . 20

ZGATE Embedded Security Development Kit

User Manual

ZGATE Packet Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Static Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Stateful Packet Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Threshold-Based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

ZGATE Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Logging to the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

ZGATE Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

ZGATE (Persistent) Start-Up Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Sample ZGATE Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Format of a ZGATE Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

UM024502-1012 Table of Contents

ZGATE Embedded Security Development Kit User Manual

ZGATE Run-Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

ZGATE Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Using the ZGATE Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

ZGATE Threshold Filtering Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

ZGATE Startup Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

ZGATE Logging Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

ZGATE Memory Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

ZGATE Shell Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

zg_show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

zg_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

zg_restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

zg_save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

zg_logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

ZGATE API Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

ZGATE_st_filter_eth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

ZGATE_initialize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

ZGATE_AddShellCmds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

ZGATE_WebInit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

ZGATE_get_received_stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

ZGATE_get_blocked_stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

get_th_config_string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

ZGATE_eth_frame_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

ZGATE_eth_addr_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

ZGATE_ip_prot_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

ZGATE_ip_addr_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

ZGATE_tcp_port_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

ZGATE_udp_port_filtering_type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

ZGATE_th_filtering_on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

ZGATE_filtering_on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

ZGATE_set_th_interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

ZGATE_set_th_HW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

ZGATE_set_th_LW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

ZGATE_add_tcp_port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

ZGATE_remove_tcp_port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

ZGATE_add_udp_port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

ZGATE_remove_udp_port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

ZGATE_add_eth_addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

ZGATE_remove_eth_addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Table of Contents UM024502-1012

ZGATE Embedded Security Development Kit

User Manual

ZGATE_add_eth_frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

ZGATE_remove_eth_frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

ZGATE_add_ip_addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

ZGATE_remove_ip_addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

ZGATE_add_ip_prot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

ZGATE_remove_ip_prot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

ZGATE_get_list_size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

ZGATE_use_default_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

ZGATE_save_config_changes_to_persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

ZGATE_enable_logging_to_screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

ZGATE_disable_logging_to_screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

ZGATE_enable_logging_to_file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

ZGATE_disable_logging_to_file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

ZGATE_set_max_logfile_size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

ZGATE_get_logging_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

ZGATE_build_UDP_port_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

ZGATE_build_TCP_port_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

ZGATE_build_ip_addr_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

ZGATE_build_ip_prot_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

ZGATE_build_eth_addr_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

ZGATE_build_eth_frame_list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

inet_pton . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

eth_string_to_num . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

vii

Appendix A. ZGATE Embedded Security Development Board . . . . . . . . . . . . . . . . . . 105

Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Power Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Jumper Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Zilog Developer Studio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

ZDS II Flash Loader Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

ZDS II Sample Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Appendix B. Schematic Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Appendix C. Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Customer Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

UM024502-1012 Table of Contents

ZGATE Embedded Security Development Kit User Manual

viii

Table of Contents UM024502-1012

List of Figures

Figure 1. The ZGATE Embedded Security Development Kit . . . . . . . . . . . . . . . . . . . 2

Figure 2. A Successful USB-to-UART Driver Installation . . . . . . . . . . . . . . . . . . . . . . 8

Figure 3. Connecting the Six-Conductor Ribbon Cable to the Serial or USB Smart Cable 9

Figure 4. Debug Connector J1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Figure 5. USB-to-UART Port 3 Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 6. Example Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Figure 7. The ZGATE Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Figure 8. TCP Port Number Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

ZGATE Embedded Security Development Kit

User Manual

Figure 9. The ZGATE Filtering List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Figure 10. The Threshold Filtering Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . 40

Figure 11. The Startup Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Figure 12. The ZGATE Logging Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . 43

Figure 13. The ZGATE Embedded Security Development Board . . . . . . . . . . . . . . . 105

Figure 14. ZGATE Embedded Security Development Kit Block Diagram . . . . . . . . 106

Figure 15. Female Plug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Figure 16. ZTP Sample Projejcts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Figure 17. RZK Sample Projejcts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Figure 18. Schematic Diagram #1 of 4: USB and Serial Interfaces . . . . . . . . . . . . . . 111

Figure 19. Schematic Diagram #2 of 4: EMAC Interface . . . . . . . . . . . . . . . . . . . . . . 112

Figure 20. Schematic Diagram #3 of 4: Memory Interface . . . . . . . . . . . . . . . . . . . . 113

Figure 21. Schematic Diagram #4 of 4: eZ80F91 MCU . . . . . . . . . . . . . . . . . . . . . . . 114

UM024502-1012 List of Figures

ZGATE Embedded Security Development Kit User Manual

List of Figures UM024502-1012

List of Tables

Table 1. ZGATE000100ZCOG Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Table 2. Global Settings Allowable Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Table 3. ZGATE Memory Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Table 4. ZGATE Embedded Security Development Board Jumper Settings . . . . . 108

ZGATE Embedded Security Development Kit

User Manual

UM024502-1012 List of Tables

ZGATE Embedded Security Development Kit User Manual

xii

List of Tables UM024502-1012

ZGATE Embedded Security Development Kit

The ZGATE Embedded Security Development Kit

ZGATE technology incorporates the eZ80F91 MCU and Zilog’s full-featured TCP/IP stack with a world-class embedded firewall. This highly-configurable firewall protects the ZTP networking layers from attack by discarding suspicious packets before they reach ZTP and your embedded application. The ZGATE firewall includes a static packet filtering engine that filters packets according to user-defined configuration rules and a stateful packet inspection engine that can automatically filter suspicious packets based on unusual activity . Additionally, select ZGA TE products include threshold-filtering mechanisms that can minimize the affect of packet floods.

Zilog’s ZGATE Embedded Security Development Kit, part number ZGATE000100ZCOG , provides a general-purpose platform for creating a design based on this eZ80F91 microcontroller, which has been preprogrammed with a ZGATE security code. The eZ80F91 MCU is a member of Zilog’s eZ80AcclaimPlus! product family, which offers an on-chip EMAC and Flash memory.

User Manual

This document provides instructions for setting up and configuring your Security Development features and ZDS II.

The first sections of this document guide you through the following tasks:

•

Download and Install the ZDS II Software and Documentation on page 4

•

Installing the USB Smart Cable Driver on page 4

•

Installing the FTDI USB-to-UART Driver on page 7

•

Connecting the ZGATE Embedded Security Development Board to your PC on page 8

•

Starting the ZGATE Demo Sample Program on page 11

Further details, including memory configurations, jumper settings and a listing of sample projects can be found in Appendix A. page 105.

Figure 1 shows an image of the ZGATE Embedded Security Development Kit.

Board and includes schematic diagrams and a discussion of Board

ZGATE Embedded Security Development Board on

ZGATE Embedded

UM024502-1012

ZGATE Embedded Security Development Kit User Manual

Figure 1. The ZGATE Embedded Security Development Kit

Kit Contents

Table 1 lists the contents of the ZGATE Embedded Security Development Kit.

Table 1. ZGATE000100ZCOG Contents

Item Description Quantity

1 ZGATE Embedded Security Development Board 1 2 USB Smart Cable 1 3 6-Circuit Ribbon Cable 1 4 A (male) to Mini-B USB Cable 1 5 ZGATE Embedded Security Development Kit Flyer (FL0145) 1

The ZGATE Embedded Security Development Kit UM024502-1012

Kit Features

The key features of the ZGATE Embedded Security Development Kit are:

•

ZGATE Embedded Security Development Board, which includes: – eZ80F91 MCU operating at 50 MHz, with 256 KB of internal Flash memory and

8 KB of internal SRAM memory – On-chip Ethernet Media Access Controller (EMAC) –8 MB of Flash memory – Up to 1 MB of off-chip SRAM memory – A USB interface that provides:

○ Power to the Board with overcurrent protection

○ Connection to the eZ80F91 MCU’s UART0 block

ZGATE Embedded Security Development Kit

User Manual

– DB9 connected to the eZ80F91 MCU’s UART1 block – Optional external power connection – Ethernet port and PHY – Real-Time Clock support – One 64-pin header with all available GPIO ports connected to it

•

USB Smart Cable

•

ZDS II Software and Documentation (free download)

Supported Operating Systems

The ZGATE Embedded Security Development Board supports the following operating systems:

•

Microsoft Windows 7 (32-bit/64-bit)

•

Microsoft Windows Vista (32-bit/64-bit)

•

Microsoft Windows XP

UM024502-1012 Kit Features

ZGATE Embedded Security Development Kit

Note:

User Manual

Download and Install the ZDS II Software and Documentation

Observe the following steps to install your ZDS II software and documentation.

If you have already installed ZDS II – eZ80Acclaim! <version> and have downloaded the ZGATE software and documentation by following the procedure on the paper insert in your kit (FL0145), skip ahead to the Installing the USB Smart Cable Driver section.

1. Prior to connecting the ZGATE Embedded Security Development Board to your development PC, download ZDS II for eZ80Acclaim! v5.2.1 (or later) from the

Downloadable Software category in the Zilog Store.

2. Run the software installation file and follow the on-screen instructions to install ZDS II.

Download and Install the Source Code and Documentation

ZGATE software and documentation is available as a downloadable file from the Zilog Store. Observe the following brief procedure to download and install your ZGATE software.

1. In a web browser, visit the Zilog Store

loadable Software

list, click SD00019. On the ZGATE Software and Documentation files to your hard drive.

2. When the download is complete, unzip the file to your hard drive. Double-click the installation file named screen instructions.

ZGATE Software and Documentation; the Product ID for this software is

to present a list of the Zilog software available in the Store. In this

Product Details page, click the Add to Cart button to download the

ZGATE000100ZCOG_<version>.exe, and follow the on-

. At the top left, under Categories, click Down-

Installing the USB Smart Cable Driver

The USB Smart Cable can be installed on PCs that run on Windows 7 (32- and 64-bit), Windows Vista (32- and 64-bit) and Windows XP operating systems. The procedures in this section will guide you through the USB Smart Cable installation process.

1. If you’re a first-time visitor to the Zilog Store, you will first be required to register as a Zilog Store user before downloading your software. Returning visitors must log in to purchase or download.

The ZGATE Embedded Security Development Kit UM024502-1012

Windows 7 32/64 Systems

Observe the following steps to install the USB Smart Cable on a Windows 7 system.

1. Connect the USB Smart Cable to a USB port on your development PC. When the PC detects the new hardware, it will display the Installing device driver software dialog.

2. Windows automatically searches for the driver; this process can take a few moments. Because there is no option to terminate this search process, wait for the search to complete.

If the driver was previously installed, Windows will automatically install the USB Smart Cable driver. If this is the case, skip ahead to Step 9 driver, close the search dialog and proceed to the next step.

ZGATE Embedded Security Development Kit

User Manual

. If Windows cannot find the

3. From the

Device Manager in the Search field to cause the Device Manager to appear in a list of

Start menu, navigate via the Search Programs and files menu, and enter

search results.

4. From this search list, click which presents a list of devices that operate on your PC. Find to view a sublist of additional devices, and right-click your mouse on

Cable

5. In the submenu that appears, click

6. In the

7. Click the

Update Driver Software – USB Smart Cable dialog that appears, click the

Browse my computer for driver Software option.

Browse... button to browse to one of the following driver directories,

Device Manager to open the Device Manager dialog,

Other devices, toggle it

USB Smart

Update Driver Software....

depending on the configuration of your PC. On 32-bit Windows 7 systems, navigate to:

<ZDS II Installation Directory>\device drivers\USB\x32 <ZDS II Installation CD>\device drivers\USB\x32

On 64-bit Windows 7 systems, navigate to:

<ZDS II Installation Directory>\device drivers\USB\x64 <ZDS II Installation CD>\device drivers\USB\x64

8. Click Next to install the driver. On 32-bit: Windows systems, a security dialog will appear; select

9. Click

Close after the Wizard finishes the installation.

Install this driver software anyway.

Windows Vista 32/64 Systems

Observe the following steps to install the USB Smart Cable on a Windows Vista system.

1. Connect the USB Smart Cable to a USB port on the development PC.

UM024502-1012 Installing the USB Smart Cable Driver

ZGATE Embedded Security Development Kit

Note:

User Manual

2. After the PC detects the new hardware, it will display the Found New Hardware Wizard dialog box. Click

3. Depending on your development PC’s User Account Control settings, Windows may ask for permission to continue the installation. Click

Locate and install driver software (recommended).

Continue.

4. When the Insert the Disc dialog appears, select

options.

5. Select For Driver

.inf

Browse...

Click the

Browse my computer for driver software (advanced)

dialog, which prompts you to key in or browse for the location of the driver’ s

file. Depending on the type of computer you use (32- bit or 64-bit), use the

button to navigate to one of the following paths, then click the

On 32-bit Vista systems, navigate to:

<ZDS II Installation>\device drivers\USB\x32 <ZDS II Installation CD>\device drivers\USB\x32

On 64-bit Vista systems, navigate to:

<ZDS II Installation>\device drivers\USB\x64 <ZDS II Installation CD>\device drivers\USB\x64

6. When the Wind ows Security dialog prompts you whether to install or not install, cli ck

Install this driver software anyway and wait until the installation is completed (W in-

dows may prompt you more than once).

7. When the software has been installed successfully, click

Windows XP Systems

button to display the

I don’t have the disc. Show me other

Windows couldn’t find driver

dialog.

to display the Browse

button.

Close.

Observe the following steps to install the USB Smart Cable on a Windows XP system.

1. Connect the USB Smart Cable to a USB port on the development PC. When the PC detects the new hardware, it will display the Found New Hardware Wizard dialog.

2. In the Wizard, select

Install from a list or specific location (Advanced)

, and click

If the Windows Hardware Installation dialog appears, click Continue Anyway.

3. In the Please choose your search and installations dialog, select

driver in these locations and include this location in search

4. Use the

<ZDS II Installation>\device drivers\USB\x32 <ZDS II Installation CD>\Device Drivers\USB\x32

The ZGATE Embedded Security Development Kit UM024502-1012

Browse... button to navigate to one of the following paths:.

Search for the best

ZGATE Embedded Security Development Kit

5. Click Next to locate the appropriate driver.

User Manual

6. Click

Next, then click Finish to complete the installation.

Installing the FTDI USB-to-UART Driver

An FTDI USB-to-UART driver is required to allow your PC to communicate through its USB port to the on-chip UART of the ZGATE Embedded Security MCU. Observe the following procedure to perform these connections.

1. Ensure that the USB cable is not plugged in to the ZGATE Embedded Security Development Board’s P3 connector.

2. Navigate to the following filepath and double-click the CDM20802_setup.exe file to begin the driver installation.

<ZDS II Installation>\device drivers\FTDI Uart <ZDS II Installation CD>\Device Drivers\FTDI Uart

3. The installation process will begin and you should observe output similar to the following messages on the screen of your PC:

32-bit OS detected <installation path>\dpinstx86.exe Installation driver FTDI CDM driver installation process completed...

4. When the installation is complete, plug in the Mini-B connector of the second USB cable into the Board, and the larger A connector into the USB port of your PC.

5. If the driver installation was successful, the Ports (COM & LPT) section of the Device Manager will display USB Serial Port (COMx) or similar message, as highlighted in Figure 2.

UM024502-1012 Installing the FTDI USB-to-UART Driver

ZGATE Embedded Security Development Kit

Note:

Caution:

User Manual

Figure 2. A Successful USB-to-UART Driver Installation

T o launch the Device Manager on Windows 7 systems, launch the Start menu, enter device manager in the Search programs and files field, and press the Enter key.



To open the Device manager on earlier Windows systems, navigate via the following path:



Start

→

Control Panel

→

System

→

Hardware

→

Device Manager

→

Ports (COM& LPT)

Connecting the ZGATE Embedded Security Development Board to your PC

Observe the following procedure to connect the ZGATE Embedded Security Board to your PC.

Disconnect or turn off the power to the ZGA TE Embedded Security Develo pment Board before connecting or disconnecting the USB Smart Cable.

The ZGATE Embedded Security Development Kit UM024502-1012

ZGATE Embedded Security Development Kit

User Manual

1. Ensure that the following default jumper settings are configured (see Table 4 on page 108 for reference):

J11 OUT J12 1–2 J26 IN J25 2–3 J24 1–2 J23 1–2

2. Connect one end of the 6-circuit ribbon cable provided in your Kit to the USB Smart Cable unit, ensuring that the ribbon’s male connector is aligned correctly with the female connector on the unit, as indicated by the red stripe in Figure 3.

Figure 3. Connecting the Six-Conductor Ribbon Cable to the Serial or USB Smart Cable

3. Connect the other end of the ribbon cable to Debug Connector J1 on the Development Board. Ensure that Pin 1 on the ribbon cable is aligned with Pin 1 on the target connector, as highlighted in Figure 4.

UM024502-1012 Connecting the ZGATE Embedded Security

ZGATE Embedded Security Development Kit User Manual

Figure 4. Debug Connector J1

4. Connect an Ethernet CAT5 cable to P1 and to your Ethernet hub.

5. With the USB A (male) to Mini-B cable, connect Port P3 on the ZGATE Embedded Security Development Board to a USB port on the development PC to apply power to the Development Board, as highlighted in Figure 5.

The ZGATE Embedded Security Development Kit UM024502-1012

ZGATE Embedded Security Development Kit

Note:

User Manual

Figure 5. USB-to-UART Port 3 Connector

To use the USB port as a power source, adjust the shunt on J12 to the 1–2 position.

Starting the ZGATE Demo Sample Program

The ZGATE Embedded Security Development Kit includes a sample program that demonstrates how the ZGATE API can be used to enhance the security of a ZTP application. The ZGATE Demo program includes source code to implement several shell commands that modify the filtering behavior of ZGATE at run time. In addition the ZGATE Demo program includes a sample web page with dynamically generated content that can be used to modify ZGATE’s configuration using a web browser.

Before starting the ZGATE Demo it is necessary to first complete the installation of ZDS II and the Zilog TCP/IP Software Suite (ZTP). In addition to run the ZGATE Demo shell commands it will be necessary to setup a terminal emulation program (such as HyperTerminal or Tera Term). The terminal program should be configured for 8N1 with no flow control.

To get started with the ZGATE Demo use the following procedure.

UM024502-1012 Starting the ZGATE Demo Sample Program

ZGATE Embedded Security Development Kit User Manual

1. Launch ZDS II by navigating from the Windows Start menu to Programs → Zilog

ZDS II – eZ80Acclaim! <Version>

→ ZDS II – eZ80Acclaim! <Version>.

2. From the

File menu in ZDS II, select Open Project, and navigate to the following file-

path:

<ZDS Install>\ZTP\ZTP<version>_Lib\ZTP\SamplePrograms\ZGATE_Demo

3. Select the ZGATE_Demo_ZGATE000100ZCOG.zdsproj project from within the

ZGATE_Demo folder and click Open. A list of source files will appear in the Work-

space panel section.

4. From the

Build menu, select Set Active Configuration to open the Select Configura-

tion dialog box.

5. Select

6. From the

7. On the Debugger page, select

8. Click

9. If you are prompted to rebuild any affected files, click

10. To run the application, select

RAM, then click OK to close the Select Configuration dialog box.

Project menu in ZDS II, select Settings to open the Project Settings dialog

box. In the Project Settings dialog box, click the

ZGATE000100ZCOG_RAM from the Target list, then

USB Smart Cable from the Debug Tool drop-down menu.

select

OK to close the Project Settings dialog box.

from the menu bar, then click

Rebuild All.

Go from the Debug menu.

Debugger tab.

Yes. Otherwise, choose Build

11. After the application has started, console output should be visible in the terminal emulation program.

For information about how to use the

Using the ZGATE Demo Sample Program

ZGATE_Demo sample program, please refer to the

section on page 13.

Recovering the ZGATE Image in eZ80F91 Internal Flash

The ZGATE demo program will not function unless the ZGATE binary image is present in eZ80F91 internal Flash memory. If the ZGATE internal Flash image is accidentally erased or overwritten, please contact the Zilog Technical Support team gramming the ZGATE binary image into eZ80F91 internal Flash.

After the ZGATE binary image has been restored, it may be necessary to reprogram the ZGATE demo application into the ZGATE Embedded Security Development Board. To learn more, refer to the Starting the ZGATE Demo Sample Program

The ZGATE Embedded Security Development Kit UM024502-1012

for assistance in repro-

section on page 11.

ZGATE Embedded Security Development Kit

Using the ZGATE Demo Sample Program

When the ZGATE Demo program starts, the standard ZTP start-up messages are displayed on the console, along with the ZGATE start-up information, as the following example shows.

.100 Mbps Full-Duplex Link established

Querying DHCP Server...

DHCP OK

Initializing network stack...

IF IP addr Def Gtway state type H/W addr

User Manual

0 192.168.2.29 192.168.2.1 UP Ethernet 0 :90:23:0 :1 :1 1 192.168.2.1 192.168.2.2 DOWN PPP --

Initializing File System... Manufacturer code : 0x1 Device Id: S29GL064NTB Failed Formatting Invalid Volume : EXTFDone FTPD ready TELNETD ready Thu, 4 Sep 2012 9:38:21

ZGATE Firewall v1.00a

HTTPD ready Login: A Trap is generated

A Trap is generated

When prompted, log in using anonymous as both the username and the password. At this point, the ZGATE Demo functions similarly to the standard ZTP Demo applica-

tion, with the exception that the ZGATE image stored in eZ80F91 internal Flash memory is protecting the ZTP Demo application from suspicious network activity.

To understand how ZGATE protects ZTP applications, try the following procedure:

1. Start the ZGATE Demo program.

2. On a PC running a terminal emulation program (such as HyperTerminal), open a web browser such as Internet Explorer or Firefox.

UM024502-1012 Using the ZGATE Demo Sample Program

ZGATE Embedded Security Development Kit User Manual

3. In the browser’s URL field, enter the IP address of the ZGATE Demo program’s Ethernet interface. For example, the IP address of the Ethernet interface displayed in the sample code above is

192.168.2.29.

4. When the ZGATE Demo program home page appears, click the

TCP Port link on the

left side of the page.

5. The TCP Port page displays TCP numbers which ZGATE is either forwarding to ZTP or blocking from ZTP. When the TCP Port list is operating in WHITELIST FILTERING Mode (default setting), port numbers listed on the page are forwarded to ZTP; port numbers not listed are blocked from ZTP. When the TCP Port list is operating in BLACKLIST FILTERING Mode, port numbers listed on the page are blocked from ZTP; port numbers not listed are forwarded to ZTP. Upon initial observation, note that TCP ports 20 and 21 (used for FTP) are forwarded, meaning that ZGATE will pass any incoming packets destined for those ports to ZTP.

6. With the FTP po rts set to Forwarding Mode, open a command prompt on your PC and attempt to establish an FTP session to ZTP. As an example, to establish an FTP connection to IP address 192.168.2.29, enter the following command at the command prompt:

ftp 192.168.2.29

Next, log in with anonymous as the username and password. Performing a dir command shows that FTP is working. Enter the

quit command to terminate the FTP con-

nection to ZTP.

7. Return to your browser and delete the numbers 20 and 21 from the list of TCP port numbers. After both boxes are empty, click the

Update button to send the changes to

ZGATE. After a moment, the web page will be redrawn with the deleted port numbers removed from the list.

8. Switch back to the command prompt and attempt to establish another FTP connection with ZTP, as you did in Step 6

. This time, however, this connection will fail because

ZGATE is blocking TCP ports 20 and 21 from reaching ZTP.

9. After the FTP connection attempt times out, switch to the ZTP console program and enter the

zg_show stats command to display the program’s current statistics. The

output will appear similar to the following example:

[ZTP EXTF:/]>zg_show stats

ZGATE filtering enabled

ZGATE filtering statistics – packets processed by ZGATE

Ethernet IP UDP TCP Packets received 0 481 174 15

The ZGATE Embedded Security Development Kit UM024502-1012

ZGATE Embedded Security Development Kit

Note:

User Manual

Packets blocked 0 175 174 3

Three TCP packets (i.e., attempts to establish an FTP connection) were blocked because of the change made on the ZGATE TCP Port web page.

10. To reenable FTP, return to your browser and click the

Add button two times to create

two empty boxes at the end of the list. In the first box, enter the number 20; in the second box, enter the number 21. Click the

Update button.

11. Return to the command prompt on the PC and reattempt to establish an FTP connection with ZTP. This time, the connection should succeed.

12. Return to the browser and delete the number 80 from the list of TCP port numbers, then click the

Update button. This time, the web page will not refresh because TCP

port 80 is now blocked; unless the browser receives information from TCP port 80, it will not be able to refresh the display.

13. To verify that TCP port 80 has been blocked, switch to the ZTP console program and enter the

zg_show tcp command. The output will appear similar to the following

example:

ZTP EXTF:/]>zg_show tcp

ZGATE filtering enabled

TCP filtering configuration TCP port whitelist {1,7,22,23,25,37,42,43,57,88,107,115,162,179,264,443,546,547,99 2,8081,20,21}

[ZTP EXTF:/]>

As you can see, port 80 was removed from the list of TCP port numbers that ZGATE forwarded to ZTP.

14. T o reenable browser access to ZTP, enter the following command on the ZTP console:

zg_config add tcp_port 80

15. Next, issue the zg_show tcp command to verify that TCP port 80 is reenabled.

16. Return to your browser one final time to refresh the web page. The browser should again be able to retrieve pages from ZTP.

UM024502-1012 Using the ZGATE Demo Sample Program

ZGATE Embedded Security Development Kit

Note:

User Manual

Persistent ZGATE Configuration Changes

The ZGATE configura tion changes made in the previous section only affect the run-time behavior of ZGATE; these run-time changes are lost each time ZGA TE is restarted. To validate this scenario, reload the TCP Port configuration page in the web browser and again disable TCP ports 20 and 21 (FTP), which will prevent the PC from establishing an FTP connection with ZGATE. However, if you restart the ZGATE Demo (by entering the

reboot command on the ZTP console program), you should discover that the PC will

again be able to establish an FTP connection to ZTP. To modify the boot-time (i.e., persistent) configuration of ZGATE, it is necessary to save

the run-time changes to a configuration file named Observe the following procedure to create/update the configuration settings across multiple reboots.

zg_rules.usr in the file system.

zg_rules.usr file to save ZGATE

The following procedure will not work properly if the Zilog File System (ZFS) is not enabled in the ZTP project.

1. Restart the ZGATE Demo program.

2. On the PC running the terminal emulation program, open a web browser such as Internet Explorer or Firefox.

3. In the browser’s URL field, enter the IP address of the ZGATE Demo program’s Ethernet interface.

4. When the ZGATE Demo program home page appears, click the TCP Port link on the left side of the page.

5. Delete port numbers 20 and 21 from the list of TCP Ports, if present, then click the

Update button.

6. In the list of navigation links on the left of the page, click the

Startup Settings link.

7. In the first section of the output, the current boot time configuration settings are displayed in blue text, as shown in the Figure 6 example. A full listing of these settings follows this figure.

The ZGATE Embedded Security Development Kit UM024502-1012

ZGATE Embedded Security Development Kit

User Manual

Figure 6. Example Configuration Settings

G, INTERVAL=240 G, HW_THRESHOLD=2000 G, LOG_TO_SCREEN=OFF G, LOGGING=OFF G, MAX_TH_LOGFILE_SIZE=5 G, MAX_LOGFILE_SIZE=10 C, 1, ETH_ADDR_FILTER, NONE C, 2, ETH_FRAME_FILTER, NONE C, 3, IP_SRC_ADDR_FILTER, NONE C, 4, IP_PROTOCOL_FILTER, WHITELIST C, 5, TCP_PORT_FILTER, WHITELIST C, 6, UDP_PORT_FILTER, WHITELIST

UM024502-1012 Using the ZGATE Demo Sample Program

ZGATE Embedded Security Development Kit User Manual

C, 7, ICMP_TYPE_FILTER, NONE R, 1, WHITELIST, ENABLED, TCP_PORT, {1,7,20,21,22,23,25,37,42,43,57,80,88,107,115} R, 2, WHITELIST, ENABLED, TCP_PORT, {162,179,264,443,546,547,992,8081} R, 3, WHITELIST, ENABLED, UDP_PORT, {1,7,22,37,42,53,67,68,69,80,88,123,161,162} R, 4, WHITELIST, ENABLED, UDP_PORT, {179,264,514,520,546,547,992} R, 5, WHITELIST, ENABLED, IP_PROT, {1,2,3,4,6,8,9,17}

In the above configuration settings, observe that in the tcp_port list, both FTP ports 20 and 21 are listed, even though these ports were removed from the (run-time or dynamic) TCP Port configuration page. This example should explain why FTP access is reenabled each time the system is restarted.

To cause the changes made to the run-time TCP Port configuration to be persistent (i.e., used each time the system is restarted), click the

Use Dynamic button.

As a result of this procedure, the next time ZGATE restarts, FTP access will not be allowed until it is explicitly added back to the white list, either through the web interface or by using the

zg_config add tcp_port 20 21 shell command.

Altering the ZGATE Static Configuration Settings

Browsing through the Eth Address, Eth Frame Type and IP Address pages of the ZTP Demo program shows that the filtering mode of each of these pages is set to Disabled. As a result, ZGATE will not examine these parameters when determining whether to forward or block packets from ZTP. Furthermore, none of the ZGATE shell commands or web pages can be used to dynamically enable these filtering options at run time. The filtering mode for these parameters is set at the moment the system is started, and can only be modified by either of the following two methods:

•

Modify the settings in the ZGATE_Conf.c file that is linked to the ZGATE Demo project and rebuild the project. (To learn more, please refer to the Restoring the

ZGATE Default Static Configuration section on page 19.)

•

Modify the zg_rules.usr configuration file resident in the file system using FTP (described below).

Consider a scenario in which it might be necessary to alter ZGATE’s persistent configuration settings to prevent untrusted PCs from accessing ZTP. Such a situation could arise if there is a guest machine on the local network that should not be allowed to access a ZGATE-protected ZTP device. This situation requires blacklist filtering, which causes ZGATE to discard packets that originate from untrusted (blacklisted) sources.

The ZGATE Embedded Security Development Kit UM024502-1012

+ 97 hidden pages

Zilog EZ80F91GA User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Revision History

Safeguards

Table of Contents

List of Figures

List of Tables

The ZGATE Embedded Security Development Kit

Kit Contents

Kit Features

Supported Operating Systems

Download and Install the ZDS II Software and Documentation

Download and Install the Source Code and Documentation

Installing the USB Smart Cable Driver

Windows 7 32/64 Systems

Windows Vista 32/64 Systems

Windows XP Systems

Installing the FTDI USB-to-UART Driver

Connecting the ZGATE Embedded Security Development Board to your PC

Starting the ZGATE Demo Sample Program

Recovering the ZGATE Image in eZ80F91 Internal Flash

Using the ZGATE Demo Sample Program

Persistent ZGATE Configuration Changes

Altering the ZGATE Static Configuration Settings