getting started with c-trust and the sam l11...with the folder selected (and additional folder...
TRANSCRIPT
STZAN0111EN0100 1
Application
Note
STZAN0111EN0200
Revision 2.00
October 2019
Getting Started with C-Trust and the SAM L11
Introduction This application note describes the use of the security development tool C-Trust, an extension of IAR
Embedded Workbench, with the Microchip® SAM L10 and SAM L11 Xplained Pro evaluation kit. The
Xplained Pro MCU series evaluation kits include an on-board embedded debugger; hence external
tools are not required to program or debug the microcontroller, however, the IAR Systems I-jet™
debugging probe will be used in this note. The Xplained Pro extension kit offers additional peripherals
to extend the features of the board and ease the development of custom security designs.
Target Devices This application note refers to the following Secure Elements :
Microchip ATSAML11E16A-AU microcontrollers
Related Documents SAM L10/L11 Xplained Pro User Guide (available at Microchip website)
Embedded Trust/C-Trust User Guide
STZAN0111EN0100 2
1. Kit Overview The Microchip SAM L11 Xplained Pro Evaluation kit is a hardware platform for the evaluation of the
Microchip SAM L11 device. The Evaluation kit part number is as follows:
• SAM L11 Xplained Pro: DM320205
The kit offers a set of features that enables the user to get started with the microcontroller peripherals
immediately and to obtain an understanding of how to integrate the device in their required design.
This application note is primarily concerned with the SAM L11 device and evaluation kit. Figure 1 shows
the features of the SAM L10 Xplained Pro Evaluation Kit which has similar features to the SAM L11 kit.
Figure 1: SAM L10 Xplained Pro Evaluation kit features
Please refer to the Hardware User Guide (section 4) of the SAM L10/L11 Xplained Pro User Guide (see
Related Documents) for details of the implementation of connectors and headers on the Xplained Kit.
STZAN0111EN0100 3
2. Getting Started Download and install the following :
IAR Embedded Workbench for Arm provided by IAR Systems
C-Trust extension to IAR Embedded Workbench provided by IAR Systems
Refer to the Installation and Licensing Quick Reference Guide available from the IAR Systems website
to determine PC system requirements.
Launch C-Trust in IAR Embedded for Arm. The tool will open as per that shown in Figure 2.
Figure 2: IAR Embedded Workbench for Arm opening screen
Click on Example Projects -> Embedded Trust -> Getting Started -> SAML11 Open Project (see
Figure 3)
Figure 3: Open Getting Started project
An explorer dialog will open requiring the destination folder for the project to be located. Direct the
open dialog box to the folder to be used for the project and click “Select Folder”.
STZAN0111EN0100 4
With the folder selected (and additional folder expansion), the IDE will look like that shown in Figure 4.
Figure 4: IAR Embedded Workbench with Getting Started project loaded
Click on the Project tab and select “Create New Project” in the dropdown menu. The dialog box shown
in Figure 5 will be displayed. We wish to add security to the Getting Started project we have just loaded
so click on Secure Boot Manager in the “Create New Project” dialog box and click “OK”.
Figure 5: Select Secure Boot Manager in Create New Project dialog box
An explorer dialog will open requiring a filename for the Secure Boot Manager project. Enter the
filename to be used into the open dialog box and click “Save”. In this example we have used SBM as
the filename.
The IDE will now load the additional Secure Boot Manager project and look like that shown in Figure
6.
STZAN0111EN0100 5
Figure 6: IDE with Secure Boot Manager project loaded and active
Please read the Readme.txt file that is displayed in the IDE. This file includes important configuration
information for projects that are to have security added i.e. integrated with a Secure Boot Manager.
Please note the optimisation settings required for the SAM L11due to size limitations of the internal
Flash of the device.
2.1 Configuring the Secure Boot Manager The Secure Boot Manager project must now be configured for the SAM L11. The configuration will be
carried out via the Project -> Options… menu provided by the IDE. To access this menu, right click on
the SBM-Debug project and select “Options…” in the dropdown menu (see Figure 7).
Figure 7: Selecting Project -> Options menu
STZAN0111EN0100 6
The menu for Options for node “SBM” will open. Select the “General Options” category and click on
the “Target” tab. Select the Processor Variant device type as “Microchip ATSAML11E16A”. Select
TrustZone with Mode as “Secure”.
Select the “C/C++ Compiler” category and click on the “Optimizations” tab. Select the High -> Size
options.
Select the “Debugger” category and select the “CMSIS DAP” Driver.
Select the “Security” category and click the Enable check box. The C-Trust dialog box shown in Figure
8 should be the resultant display.
Figure 8: C-Trust dialog box
We will now create a Security Context for the Secure Boot Manager project. Please refer to the
application note Using C-Trust to Configure the Security Context (STZAN0105EN0100) for details of
the options available during the configuration of the Security Context.
STZAN0111EN0100 7
2.2 Configuring the Security Context In the Options for node “SBM” -> C-Trust dialog box (see Figure 8) click “New”. The dialog box for
“Create New Security Context” will open (see Figure 9).
Figure 9: Basic Setup of Security Context dialog box
There is only one secure template option available to the C-Trust user. Click on the Production Control
and IP protection only template. The dialog box for the Basic Setup will open (see Figure 10).
Populate the values, in free text, with the secure context name and context location. Note that the
Security Configuration information for Production Control and IP protection only is not required for
this template selection. Figure 10 is an example of a completed Basic Setup configuration. Once the
correct information has been entered, click “Next”.
Figure 10: Security Settings of Security Context dialog box
STZAN0111EN0100 8
The Security Settings configuration dialog box will now be displayed (see Figure 11). There is only
one option that requires configuration, whether to enable the reading of the device ID.
Figure 11: Security Settings of Security Context dialog box
The device ID refers to the silicon unique ID that is available from secure microcontrollers. This is a
unique number which semiconductor manufacturers burn into the silicon during manufacture. The
number is guaranteed to be unique. This number is used by C-Trust to protect the secret provisioned
data that is programmed into the device during the provisioning process. This unique number can be
used as part of the hash for the provisioned data ensuring that the data cannot be transferred to another
microcontroller. It is recommended that the option Enable device read is selected to enable protection
of the provisioned data. Once the option is set click “Next”
The Secure Boot Manager Settings dialog box will now be displayed (see Figure 12). For maximum
security it is recommended to select Full encryption as the update mechanism. This ensures that your
application is fully cryptographically encrypted and signed prior to sending to the target device for
software update. The alternative option of Basic signature checking does not encrypt the application
but simply HASHes the image for checking by the Secure Boot Manager for in-transit modification. The
disadvantage of no encryption is offset by improved boot up time (no decryption process needed).
Please refer to the application note Using C-Trust to Configure the Security Context
(STZAN0105EN0100) for details of the future options available for the Security Context.
STZAN0111EN0100 9
Figure 12: Secure Boot Manager Settings dialog box
Click “Create” to allow C-Trust to create the Security Context. A dialog box will open to confirm the use
of the profile that has just been created, click “Yes”. The dialog box shown in Figure 13 is an example
of the final Security Context created, showing the newly created security context profile (in this
example My Security Context_profile-default).
Figure 13: Completed Security Context example
Click “OK” on the dialog box shown in Figure 13.
The IDE will now return to the screen similar to that as shown in Figure 6 but with the addition of SBM
source and Output folders. Please review the Secure Boot Manager source files. These files are open
source and can be modified by the user. If the user is required to make major modifications to the
Secure Boot Manager source code, it is recommended that the changes be reviewed by Secure Thingz
to ensure security is not compromised.
STZAN0111EN0100 10
2.3 Connecting the SAM L11 Xplained Pro Kit Figure 14 shows the connections available on the SAM L11 Xplained Pro Evaluation Kit. Please connect
the Xplained Pro Kit to the PC that is running the C-Trust software via the Debug USB connector shown
in Figure 14.
Figure 14: Connections of Xplained Pro Kit
2.3.1 Embedded Debugger The Xplained Pro contains the Microchip Embedded Debugger (EDBG) for on-board debugging. The
EDBG is a complex USB device with three interfaces, such as a debugger, virtual COM port, and a data
gateway interface (DGI). Together with C-Trust, the EDBG debugger interface can program and debug
the microcontroller. On the SAM L11 Xplained Pro, the SWD interface is connected between the EDBG
and the microcontroller. The virtual COM Port is connected to a UART on the microcontroller and
provides a straightforward way to communicate with the target application through terminal software. It
offers variable baud rate, parity, and stop bit settings. Note that the settings on the microcontroller must
match the settings given in the terminal software.
STZAN0111EN0100 11
2.4 Provisioning Once the Xplained Pro Kit is connected to the PC that is running C-Trust, click on the Security tab and
select “Provision” (see Figure 15).
Figure 15: Provisioning the SAM L11
C-Trust will now build the Secure Boot Manager project. Once built, the provisioning process will begin.
During the process the device serial number will be read from the SAM L11 that is fitted to the Xplained
Kit. The serial number will then be used as part of the hash for the provisioned data block, if enabled
(see section 2.2). During provisioning the user will witness the reading of the silicon ID with the display
of an activity dialog box that will open temporarily.
Once the provisioning process is complete, it is recommended that the user review both the Debug Log
and Build console displays. In order to display all messages, please right-click within the console
screens and select “All”.
Figure 16: Build messages
Figure 16 shows the build messages for the example Secure Boot Manager provisioning process.
Please note the warning given which highlights the fact that all the private keys used in the provisioning
process are stored on the hard drive of the PC and unprotected. When the application is ready for fully
secure production programming the export function (Security -> Export For Production option – see
Figure 15) will be used and secure keys will be generated by the production system security appliance
prior to programming.
STZAN0111EN0100 12
Now that the Secure Boot Manager has been provisioned into the SAM L11 Xplained Kit, we can now
create a mastered image for the GettingStarted application and install into the kit.
2.5 Master the User Application The focus must now be directed towards the GettingStarted application. Please click the
GettingStarted tab at the bottom of the workspace window on the left of the IDE.
Right-click on the GettingStarted filename and select “Options…” in the dropdown menu (see Figure
17)
Figure 17: GettingStarted project Options
The “Options for node “GettingStarted” dialog box will open (see Figure 18).
Select the “Security” category. This will open the C-Trust configuration dialog box.
We now must add the Security Context that we created in section 2.2 to the GettingStarted user
application. To do this click “Add” (see Figure 18). An explorer window will open. Select the My Security
Context_profile-default file and click “Open”.
As we are about to master a new software image it is important to enter a version number. Enter a
version number in the format xx.xx.xx and then click “OK” (see Figure 18). (Note that 1.0 or 1 is also a
valid input for the version number).
Figure 18: Adding the profile and version number
STZAN0111EN0100 13
We are now ready to master the new software image. Click on the “Security” tab and select “Master”
(see Figure 19). The GettingStarted application will be built and encrypted ready for delivery to the
SAM L11 Xplained Kit.
Figure 19: Mastering the image
Figure 20 shows an example build log during the mastering process. Please note the name of the new
encrypted mastered image that is ready for delivery to the device.
Figure 20: Mastering process build message example
2.6 Updating the software With the software built and mastered we can now download to the SAML11 Xplained kit. To do this
simply click on the “Download and Debug” button. The software image will be downloaded to the
SAML11 into the software update memory slot. Once this has been flashed into memory the SAML11
will be reset, the Secure Boot Manager will follow its immutable boot process, check the update slot for
any new software, will see the new image, verify its version number against the Security Context policy
and if all is well will decrypt the software and Flash it into user memory. The debugger will then halt at
“main”. Figure 21 shows an example of the IDE after this process has completed.
STZAN0111EN0100 14
Figure 21: Mastering image downloaded and booted
2.7 Running the GettingStarted application In order to see the output of the application, open a terminal emulator and connect to the Xplained
Evaluation Kit COM port, it will be named EDBG Virtual COM Port (COMxx). Terminal settings are :
Baud : 115200, 8-bit, no parity, no flow control. Once the terminal emulator program is up and running,
click on the “Go” icon in the IDE to start the GettingStarted application. With the terminal emulator
running type “H” for help. The output should be as shown in Figure 22.
Figure 22: COM port output for GettingStarted application
STZAN0111EN0100 15
To verify that the SAM L11 has been correctly provisioned, press “A”. This will display the status of the
application (Getting Started) that has been successfully programmed into the device. Figure 23 shows
the output for the example entered for this application note.
Figure 23: COM port output for Getting Started application (“A”)
For further information, press “U”. This will display more details about the Getting Started application
(see Figure 24).
Figure 24: COM port output for application status (“U”)
Please note that not all the commands shown on the Help menu are supported due to the type of
security context option selected (IP Protection only).
The GettingStarted User Guide gives more detail of the functions provided in the help menu.
STZAN0111EN0100 16
Appendix A: SAM L11 Memory Map
The diagram shown in Figure A-1 shows the default memory map for the SAM L11 after provisioning
of the device has taken place (see Section 2.4).
Figure A-1: SAM L11 Memory Map
Memory Map details
The SBM reserves the first 1MB of Flash for itself and the application firmware's executable image. Of
this first 1MB block, SBM occupies the first 256KB, while the remainder contains the application.
The top 1MB of Flash, minus the last 256KB, is used for SBM's update slot, where encrypted firmware
updates are stored.
SBM also requires 2KB of RAM, carved out from the top of the DTCM RAM region based at
0x20000000. The address of the reserved RAM is, therefore, 0x2001F800. Application code must not
write to or otherwise corrupt the contents of this region.