For this last blog in the series Investigating ARM Cortex® M33 core I decided to explore the expansion features of the LPC55S69-EVK. This board has three expansion ports (PMOD, Arduino Duo, Mikroe click) and I picked the Mikroe expansion port. Why? Only because I had good experience with these boards with the Hexiwear project.
And because I have been doing some work this month with AWS IOT I wanted to get my LPC55S69-EVK onto my office WiFi network for the Christmas holidays. I know that the MCUXpresso SDK for lpcxpresso55s69 version 2.6.3 has a built-in WiFi example named qca_demo, and so that is what I am investigating today.
That WiFi example supports three WiFi shield boards, and I picked the Mikroe WiFi 10 click board. It’s part number MIKROE-3432 and available from all of the usual catalogue distributors.
Throughout this series I’ve been using the LPC55S69 microcontroller from NXP as a platform to investigate the ARM Cortex® M33 core. NXP designed the LPC55S69 with two Cortex M33 cores and so this week I’m investigating these in more detail.
You’ll remember that when ARM launch a processor core it will have a number of optional features. This is shown very clearly on the LPC55S69. The 150 MHz primary core – cpu0 – is a full implementation of Cortex® M33 and includes the optional components FPU, MPU, DSP, ITM and the TrustZone® features.
If you ask your colleagues about ARM Cortex® M33 core, they’ll most likely remember that the ARMv8-M architecture adds the (optional!) TrustZone® security extension. But one, overlooked but significant new feature in ARMv8-M is the new coprocessor interface.
With the LPC55S69 microcontroller, NXP decided to add an extremely powerful DSP Accelerator onto this coprocessor interface, named PowerQuad. In this week’s video series I’m investigating the PowerQuad, and the functions that it provides.
Last week I investigated the In-System Programming feature in the boot ROM of the LPC55S69. Using the command-line program blhost I was able to erase the flash and download simple LED blinky programs. Of course, the functions that erase and program the flash are present in the boot ROM.
Wouldn’t it be great if we could call those program and erase functions from our own software running on the LPC55S69?
Of course, we can. This is the NXP feature In-Application Programming, and this week I’ll show you how to interface to the Flash Driver in the boot ROM from software. Since the program and erase functions are running from ROM, this avoids the normal considerations about using flash for non-volatile storage.
During my research about the TrustZone® security extension over the last weeks I’ve had the HeartBleed exploit from 2014 in my mind. How would TrustZone® help us manage that type of ‘no bounds check’ exploit? Of course, TrustZone® was first widely available when NXP introduced the Cortex® M33 family LPC55S69 in 1Q2019 and wasn’t available back in 2014, but I wanted to put it to the test.
When we are learning about TrustZone® it does not take long to recognise that it is the security attributes for memory that define memory regions to be Secure, Non-Secure or Non-Secure Callable. This week’s video shows how the Cortex® M33 core with TrustZone® extension can test the security attributes for every read, write and execute from memory (without impacting performance). And how the security attributes are set with the Trusted Execution Environment configuration tool inside MCUXpresso IDE.
You might purchase a Cortex® M33 microcontroller with TrustZone® where the supplier has installed a secure ROM. Or you might be an IOT developer using LPC55S69 in your own application where you have partitioned the code into secure and non-secure partitions. At some point with Cortex® M33 core with the TrustZone® security extension you’ll want to transition from non-secure into the secure world. Or (put more elegantly), you’ll want to call one of the secure functions supported when the Cortex® M33 core is in the Secure state.
That’s the topic for this week’s video.
How will you know what secure functions are available? And what parameters are necessary to call these functions? You’ll be provided with a header file veneer_table.h and a secure object library named project_name_CMSE_lib.o. Together these 2 modules describe everything that you need to know to call a secure function and transition from the Non-Secure to the Secure state.
Last week I wrote about why we need the TrustZone® security extension for ARMv8-M. There are software use-cases where it can be very helpful to partition the software into 2 separate worlds, secure and non-secure. TrustZone® acts as the gatekeeper between these two worlds and manages how the core transitions between the worlds. The ARMv8-M architecture introduces two new States for the core – secure and non-secure. Cortex® M33 core (and M23 core also) is implemented to ARMv8-M standard and of course supports the two new states.
After the Getting Started material from the previous weeks, today we are ready to investigate TrustZone®. We all remember TrustZone® – it is that magic piece of embedded IP that miraculously solves all of our IOT security problems – right? It’s true that TrustZone® is an embedded component related to security, but not in the way that you think.
Before we get stuck into all the fancy technical details, let us at first stop and think about some of the challenges that we face with embedded systems, and what can be done about them. This week I simply address the topic: What is TrustZone® and Why do we need it??
Clocks. I’ve always found the clock setting of a microcontroller one of the hardest things to get right during my embedded career. If I re-use the clocks setup from the development board it is easy. But if the development board runs from a crystal and I want to use the free-running internal clock, or if I change to a different frequency crystal (and keep the same PLL output frequency) it always gets difficult. To be honest I’ve developed some projects early in my career and never been 100% certain at what frequency the core, flash and peripherals are running.
That’s not good.
The Config Tools within the MCUXpresso brand have greatly simplified setting up the pins, clocks, peripherals (and next week – Trusted Execution Environment 🙂 ) on NXP microcontrollers. So I’m going to quickly show you how to set up 3 different clock arrangements, and output the main clock to an output pin named CLK_OUT.