Investigating ARM Cortex® M33 core with TrustZone® – transition from non-secure to secure world

You might purchase a Cortex® M33 microcontroller with TrustZone® where the supplier has installed a secure ROM. Or you might be an IOT developer using LPC55S69 in your own application where you have partitioned the code into secure and non-secure partitions. At some point with Cortex® M33 core with the TrustZone® security extension you’ll want to transition from non-secure into the secure world. Or (put more elegantly), you’ll want to call one of the secure functions supported when the Cortex® M33 core is in the Secure state.

That’s the topic for this week’s video.

How will you know what secure functions are available? And what parameters are necessary to call these functions? You’ll be provided with a header file veneer_table.h and a secure object library named project_name_CMSE_lib.o. Together these 2 modules describe everything that you need to know to call a secure function and transition from the Non-Secure to the Secure state.

Just two objects – *.o and *.h define resources available in the Secure world
Continue reading
Advertisements

Investigating ARM Cortex® M33 core with TrustZone® – running TrustZone® example projects in MCUXpresso IDE

Last week I wrote about why we need the TrustZone® security extension for ARMv8-M. There are software use-cases where it can be very helpful to partition the software into 2 separate worlds, secure and non-secure. TrustZone® acts as the gatekeeper between these two worlds and manages how the core transitions between the worlds. The ARMv8-M architecture introduces two new States for the core – secure and non-secure. Cortex® M33 core (and M23 core also) is implemented to ARMv8-M standard and of course supports the two new states.

ARMv8-M architecture introduces 2 states for the core – secure and Non-secure
Continue reading

Linking Bootloader Applications with Eclipse and FreeMarker Scripts

Bootloaders are a fine thing: With this I can load any applications I like. Power comes with some complexity, and a bootloader alone is a complex thing already. But this applies to the application part too: I need to link the application to a certain offset in the memory space so it can be loaded by the bootloader, plus the application typically needs to add some extra information to be used by the bootloader. This article describes how to build a bootloader application with Eclipse (MCUXpresso IDE) using the MCUXpresso SDK.

Build Configuration for Bootloader Application

Continue reading

Investigating ARM Cortex® M33 Core with TrustZone® – What is TrustZone® anyway?

After the Getting Started material from the previous weeks, today we are ready to investigate TrustZone®. We all remember TrustZone® – it is that magic piece of embedded IP that miraculously solves all of our IOT security problems – right? It’s true that TrustZone® is an embedded component related to security, but not in the way that you think.

Non-trusted software can dump out our keys to a cloud server hosted by malign third-party

Before we get stuck into all the fancy technical details, let us at first stop and think about some of the challenges that we face with embedded systems, and what can be done about them. This week I simply address the topic: What is TrustZone® and Why do we need it??

Continue reading

Stack Canaries with GCC: Checking for Stack Overflow at Runtime

Stack overflows are probably the number 1 enemy of embedded applications: a call to a a printf() monster likely will use too much stack space, resulting in overwritten memory and crashing applications. But stack memory is limited and expensive on these devices, so you don’t want to spend too much space for it. But for sure not to little too. Or bad things will happen.

The Eclipse based MCUXpresso IDE has a ‘Heap and Stack Usage’ view which can be used to monitor the stack usage and shows that a stack overflow happened:

Heap and Stack Usage

Heap and Stack Usage

But this is using the help of the debugger: how to catch stack overflows at runtime without the need of a debugger? There is an option in the GNU gcc compiler to help with this kind of situation, even if it was not originally intended for something different. Continue reading

Investigating ARM Cortex® M33 core with TrustZone® – Using the Clocks Config Tool

Clocks. I’ve always found the clock setting of a microcontroller one of the hardest things to get right during my embedded career. If I re-use the clocks setup from the development board it is easy. But if the development board runs from a crystal and I want to use the free-running internal clock, or if I change to a different frequency crystal (and keep the same PLL output frequency) it always gets difficult. To be honest I’ve developed some projects early in my career and never been 100% certain at what frequency the core, flash and peripherals are running.

That’s not good.

The Config Tools within the MCUXpresso brand have greatly simplified setting up the pins, clocks, peripherals (and next week – Trusted Execution Environment 🙂 ) on NXP microcontrollers. So I’m going to quickly show you how to set up 3 different clock arrangements, and output the main clock to an output pin named CLK_OUT.

Continue reading

Eclipse JTAG Debugging the ESP32 with a SEGGER J-Link

When Espressif released in 2014 their first WiFi ESP8266 transceiver, they took over at least the hobby market with their inexpensive wireless devices. Yet again, the successor ESP32 device is used in many projects. Rightfully there are many other industrial Wi-Fi solutions, but Espressif opened up the door for Wi-Fi in many low cost projects. Many projects use the ESP devices in an Arduino environment which basically means decent debugging except using printf() style which is … hmmm … better than nothing.

What is maybe not known to many ESP32 users: there *is* actually a way to use JTAG with the ESP32 devices :-). It requires some extra tools and setup, but with I have a decent Eclipse based way to debug the code. And this is what this article is about: how to use a SEGGER J-Link with Eclipse and OpenOCD for JTAG debugging the ESP32.

Roboter with ESP32 and JTAG Debug Port

Robot with ESP32 and JTAG Debug Port

Continue reading

Investigating ARM Cortex® M33 core with TrustZone® – Using the Pins Config Tool

Well let’s face it, modern microcontrollers are complicated. The User Manual for the LPC55S69 has 1148 pages (Rev 1.3) and that does not include any of the electrical characteristics – see the Datasheet (129 pages) nor does it include the details around the core or instruction set (see ARM documentation) . So there is a lot of technical information to read, and don’t get me started on the pin multiplexing… Well actually, do get me started on the pin multiplexing because that is my focus this week.

This week I turned my attention to writing a very simple example project in MCUXpresso IDE to run on the ARM Cortex® M33 core inside the LPC55S69. As in previous weeks I am again using the LPC55S69-EVK from NXP. My plan is to use this board every week but I have learned recently a few details about a new ultra-low-cost board. It’s going to be AMAZING and I’ll share more details with you when I can.

Continue reading

Investigating ARM Cortex® M33 core with TrustZone® – Setting up your environment and creating your first project with MCUXpresso IDE

This is the second of my 17-part video tutorial series investigating the ARM Cortex® M33 core with TrustZone® security extension. My preferred platform for this investigation is the LPC55S69 from NXP, and of course it is necessary to have a development board and IDE. So I’m using the LPC55S69-EVK with NXP’s MCUXpresso IDE and the MCUXpresso Software Development Kit (SDK).

This week the video is really low on theory, but high on practical, step-by-step information to get started with these tools. Maybe you are similar to me, and make the same mistake every time?? I get the self-assembly furniture home from the store, or open the box containing the new development board and just get started. At some point it doesn’t work properly and that’s the time I must read the supporting information.

Well, with this video I show you beginning-to-end in just over 10 minutes, and you won’t need to refer to any other material.

During the video I show you the following steps:

Continue reading

NXP MCUXpresso IDE 11.0.1 available

NXP has released an update of the Eclipse based V11 IDE. This is right on time for the new semester starting mid of September where this IDE will be used in several labs.

MCUXpresso IDE V11.0.1

MCUXpresso IDE V11.0.1

Continue reading

Investigating ARM Cortex® M33 core with TrustZone® – Unboxing and Getting Started

Hi, I’m Mark from embeddedpro® in the United Kingdom and Erich’s allowed me to be a guest blogger here on mcuoneclipse. At many industry events, trade shows and conferences I’ve seen and given presentations about TrustZone®, but have not found tutorials or practical information online.

So I’m creating a 17 part video tutorial series (it will be published weekly here) investigating the ARM Cortex® M33 core with the TrustZone® security extension. Each week from now until the end-of-year holidays I will let you know what I’ve found out with a blog here, and a video blog on youtube. My friends at NXP have given me a LPC55S69-EVK board as the basis for my experiments:

LPC55S69-EVK (linked from nxp.com)

This is my first quick post showing the unboxing of the LPC55S69-EVK and the out-of-box experience.

Continue reading

Programming the ESP32 with an ARM Cortex-M USB CDC Gateway

The Espressif ESP32 devices are getting everywhere: they are inexpensive, readily available and Espressif IDF environment and build system actually is pretty good and working well for me including Eclipse (see “Building and Flashing ESP32 Applications with Eclipse“). The default way to program an ESP32 is to a) enter UART bootloader by pressing some push buttons and b) flash the application with ESP-IDF using a USB cable.

That works fine if the ESP32 is directly connected to the host PC. But in my case it is is behind an NXP Kinetis K22FX512 ARM Cortex-M4F microcontroller and not directly accessible by the host PC. So I had to find a way how to allow boot loading the ESP32 through the ARM Cortex-M which is the topic of this article.

TTGO ESP32 MICRO-D4 Module

TTGO ESP32 MICRO-D4 Module

Continue reading

DIY Stepper Motor Clock with NXP LPC845-BRK

This project is about building a stepper motor clock around the NXP LPC845-BRK board. The design is using a combination of 3D printed and laser cut parts and costs below $15.

Stepper Clock Acrylic Face White Hands

Stepper Clock Acrylic Face White Hands

Continue reading

Building and Flashing ESP32 Applications with Eclipse

The new semester is approaching in a very fast way, and so is the new lecture and lab module ‘Advanced Distributed Systems’ at the Lucerne University. For that module we are going to build a new ‘Sumo’ style robot with WLAN capabilities using the ESP32 chip. It will be a new robot PCB, and below is the current robot (based on NXP K22FX512) with the WLAN module connected to it:

Zumo connected to TTGO ESP32 module

Zumo connected to TTGO ESP32 module

Continue reading

Tutorial: How to Optimize Code and RAM Size

It is great if vendors provide a starting point for my own projects. A working ‘blinky’ is always a great starter. Convenience always has a price, and with a ‘blinky’ it is that the code size for just ‘toggling a GPIO pin’ is exaggerated. For a device with a tiny amount of RAM and FLASH this can be concerning: will my application ever fit to that device if a ‘blinky’ takes that much? Don’t worry: a blinky (or any other project) can be easily trimmed down.

Binky on NXP LPC845-BRK Board

Binky on NXP LPC845-BRK Board

I use a ‘blinky’ project here just as an example: the trimming tips can apply to any other kind of projects too.

Continue reading

OpenPnP Solder Dispenser Sneak Preview

Many of you are aware of that DIY Pick&Place machine build documented in “Building a DIY SMT Pick&Place Machine with OpenPnP and Smoothieboard (NXP LPC1769)“.

That machine has now been modified to dispense solder paste. I did not had time yet to describe the build, but as I have received recently many questions: here are some pre-information about the build:

Solder Paste Dispenser

Solder Paste Dispenser

Continue reading

Restoring Default Firmware on Seeed Arch Mix NXP i.MX RT1052 Board

In my previous article “Debug and Execute Code from FLASH on the Seeed Arch Mix NXP i.MX RT1052 Board” I explained how to take complete control over the board and flash and debug a firmware. Of course this overwrites the one which comes by default shipped on the board. This article is about how to restore or update the original firmware.

Restored Seeed Firmware

Restored Seeed Firmware

Continue reading

Debug and Execute Code from FLASH on the Seeed Arch Mix NXP i.MX RT1052 Board

In my previous article “Seeed Studio Arch Mix NXP i.MX RT1052 Board” I described how I can use and debug the Seeed Arch Mix Board. But so far I only had things running in RAM. Ultimately I want to use the QSPI FLASH memory on the device with my firmware and running code on it. This article shows how to get from RAM execution to SPI FLASH in-place execution (XiP).

Seeed Arch Mix NXP i.MX RT1052 Board

Seeed Arch Mix NXP i.MX RT1052 Board

Continue reading

Seeed Studio Arch Mix NXP i.MX RT1052 Board

The Seeed Studio ‘Arch Mix’ board is a small and versatile development board with an NXP i.MX RT1052 on it, and it costs only $29.90. So I was not able to resist and just have ordered one so I can explore it.

Seeed Arch Mix Top Side

Seeed Arch Mix Top Side

Continue reading