The ability to separate the secure and non-secure parts of your application is extremely useful for many applications, especially those concerned with IP protection and maintaining a strong Root of Trust for application updates.
While this ability to provide isolation is extremely useful for many applications, for other applications, isolation isn’t required. To support these use cases, it’s also possible to implement what we call a “flat” application, where TrustZone isolation is minimized.
A flat project exists (almost!) completely within TrustZone’s secure region. However, it’s important to understand that TrustZone is still active, so there can be some issues that we have to manage.
There are a few things that are important to understand:
Any code placed in external memory (such as OSPI or QSPI) will be non-secure.
The Ethernet Direct Memory Access Controller (EDMAC) is designed to be a non-secure bus master, so the associated Ethernet RAM buffers must be placed in non-secure RAM.
In many cases, the development tools will automatically manage the required Device Lifecycle Management (DLM) manipulation and TrustZone boundary setting in the background. This must be manually duplicated for production programming.
In a flat project that includes the Ethernet controller, all code, data, and peripherals are placed in a single secure region, except for the EDMAC RAM buffers, which must remain in the non-secure region. This requires configuration of the Implementation Defined Attribution Unit (IDAU), which must be programmed into the nonvolatile memory using serial programming commands when the device lifecycle is in the Secure Software Development (SSD) state. For more information, see the Security Features section in your chosen RA microcontroller hardware manual.
It’s important to highlight here that to modify the TrustZone boundaries you will need access to the boot mode of the device, and you will need to do this even for a flat project if you are using Ethernet. This means that you not only need access to the debug interface but also to the boot interface of the device.
If you are having problems with the Ethernet controller on these devices, one of the first things we would recommend is that you check that the TrustZone boundaries are configured correctly in the IDAU and that the DLM state is set to SSD.
领先同行瑞萨RA6以太网控制器的配置问题
在这篇博客中,我们将讨论在采用Arm TrustZone技术的RA系列微控制器上开发使用以太网控制器的“平面”应用时,许多人遇到的最常见问题之一。目前,这包括RA6M4和RA6M5微控制器石英贴片晶振。
瑞萨晶振厂家在基于Arm Cortex -M33内核的最新一代微控制器上引入了TrustZone。TrustZone为应用程序隔离提供了一个解决方案,以补充许多此类产品的高级安全功能。TrustZone将MCU和应用程序分为安全和非安全区域。安全区域中的代码可以访问安全和不安全的内存和设备资源,但是不安全区域中的代码只能访问不安全的内存和设备资源。
将应用程序的安全部分和非安全部分分开的能力对于许多应用程序来说是非常有用的,尤其是那些关注IP保护和维护应用程序更新的强大信任根的应用程序。
平面项目存在(差不多!)完全在TrustZone的安全区域内。但是,重要的是要了解TrustZone仍然处于活动状态,因此可能会有一些问题需要我们管理。
任何放在外部存储器中的代码(如OSPI或QSPI)都是不安全的。
以太网直接内存访问控制器(EDMAC)被设计为非安全总线主机,因此相关的以太网RAM缓冲区必须放在非安全RAM中。
在许多情况下,开发工具会在后台自动管理所需的设备生命周期管理(DLM)操作和信任区边界设置。这必须为生产编程手动复制。
进口晶振在包含以太网控制器的平面项目中,所有代码、数据和外设都放在一个安全区域,只有EDMAC RAM缓冲区除外,它必须放在非安全区域。这需要配置实现定义的属性单元(IDAU ),当设备生命周期处于安全软件开发(SSD)状态时,必须使用串行编程命令将它编程到非易失性存储器中。
小体积晶振 | 品牌 | 描述 | 系列 | 频率 |
XAL335150.000000K | Renesas晶振 | XTAL OSC XO 150.0000MHZ LVDS SMD | XAL | 150 MHz |
XAL335133.000000K | Renesas晶振 | XTAL OSC XO 133.0000MHZ LVDS SMD | XAL | 133 MHz |
XAL335106.250000I | Renesas晶振 | XTAL OSC XO 106.2500MHZ LVDS SMD | XAL | 106.25 MHz |
XAL335106.000000I | Renesas晶振 | XTAL OSC XO 106.0000MHZ LVDS SMD | XAL | 106 MHz |
XAL335200.000000K | Renesas晶振 | XTAL OSC XO 200.0000MHZ LVDS SMD | XAL | 200 MHz |
XAL336200.000000I | Renesas晶振 | XTAL OSC XO 200.0000MHZ LVDS SMD | XAL | 200 MHz |
XAL335266.000000K | Renesas晶振 | XTAL OSC XO 266.0000MHZ LVDS SMD | XAL | 266 MHz |
XAL335300.000000K | Renesas晶振 | XTAL OSC XO 300.0000MHZ LVDS SMD | XAL | 300 MHz |
XAL335135.000000K | Renesas晶振 | XTAL OSC XO 135.0000MHZ LVDS SMD | XAL | 135 MHz |
XAL336125.000000I | Renesas晶振 | XTAL OSC XO 125.0000MHZ LVDS SMD | XAL | 125 MHz |
XAL325033.333300K | Renesas晶振 | XTAL OSC XO 33.3333MHZ LVDS SMD | XAL | 33.3333 MHz |
XAL336100.000000I | Renesas晶振 | XTAL OSC XO 100.0000MHZ LVDS SMD | XAL | 100 MHz |
XAL326033.333330I | Renesas晶振 | XTAL OSC XO 33.33333MHZ LVDS | XAL | 33.33333 MHz |
XAL330051.840000K | Renesas晶振 | XTAL OSC XO 51.8400MHZ LVDS SMD | XAL | 51.84 MHz |
XAL326864.000000I | Renesas晶振 | XTAL OSC XO 864.0000MHZ LVDS SMD | XAL | 864 MHz |
XAL526864.000000I | 差分晶振 | XTAL OSC XO 864.0000MHZ LVDS SMD | XAL | 864 MHz |
XAL335100.000000K | Renesas晶振 | CLCC 3.20X2.50X0.90 MM, 2.10MM P | XAL | 100 MHz |
XAL335080.000000K | Renesas晶振 | CLCC 3.20X2.50X0.90 MM, 2.10MM P | XAL | 80 MHz |
XAL535033.000000K | Renesas晶振 | CLCC 5.00X3.20X1.10 MM, 2.54MM P | XAL | 33 MHz |
XAL325500.000000K | Renesas晶振 | XTAL OSC XO 500.0000MHZ LVDS SMD | XAL | 500 MHz |
XAL525500.000000K | Renesas晶振 | XTAL OSC XO 500.0000MHZ LVDS SMD | XAL | 500 MHz |
XAL525780.000000I | Renesas晶振 | CLCC 5.00X3.20X1.10 MM, 2.54MM P | XAL | 780 MHz |
XAL525150.000000K | Renesas晶振 | CLCC 5.00X3.20X1.10 MM, 2.54MM P | XAL | 150 MHz |
XAL335250.000000K | Renesas晶振 | CLCC 3.20X2.50X0.90 MM, 2.10MM P | XAL | 250 MHz |
XAL335A00.000000K | Renesas晶振 | CLCC 3.20X2.50X0.90 MM, 2.10MM P | XAL | 1 GHz |
XAL335500.000000K | Renesas晶振 | CLCC 3.20X2.50X0.90 MM, 2.10MM P | XAL | 500 MHz |