Overview The goals of a secure IoT device Security - How can I secure my device? Security - Platform Security Architecture Security - Arm TrustZone technology Security - CryptoCell and CryptoIsland technologies Security - Mitigating against physical attacks Security - Implementing additional security IP - What IP do I need to make a secure IoT device? IP - The processor IP - The AMBA components IP - The CryptoCell IP - Power control, timers, Wi-Fi, and display Build - How does the IP fit together? Build - Starting to develop an example TBSA-M system Build - Select AMBA components to link the IP together Build - Connect to RAM, ROM, and eFlash memory Build - Connect the CryptoCell-312 Build - Add power control to the SoC Build - Add the timers as peripherals Build - Add a theoretical Wi-Fi and display component Build - Integrate the IP into the SoC Build - Add your own registers for the SoC Build - Arm subsystems SSE-123 - Exploring the SSE-123 Example Subsystem SSE-123 - SSE-123 features SSE-123 - Working with the SSE-123 SSE-123 - SSE-123 timers SSE-123 - SSE-123 registers SSE-123 - Debugging with the SSE-123 SSE-123 - The SSE-123 I/O port SSE-123 - Ideas for extending the SSE-123 Related information Next steps
Connect to RAM, ROM, and eFlash memory
Connect to RAM
You must use a RAM controller for each bank of RAM in the system. The AHB5 to internal RAM interface provides this functionality. To enable TrustZone monitoring of the transactions to the RAM, an AHB5 MPC must be placed before the RAM controller. Connect the AHB5 MPC to the bus matrix. Then connect the AHB5 to RAM interface to the AHB5 MPC.
Connect to ROM
You must use a ROM controller for each bank of ROM. The AHB5 to ROM interface provides this functionality. To monitor the transactions to the ROM, an AHB5 MPC must be placed before the ROM controller. Connect the AHB5 MPC to the bus matrix. Then connect the AHB5 to ROM interface to the AHB5 MPC.
Connect to eFlash
For non-volatile memory, use eFlash. The GFC-100 Flash Controller is an ideal controller for our secure IoT system. To monitor the transactions to the eFlash, place an AHB5 MPC between the bus matrix and the controller. If you need AHB5 exclusive access support, you must also consider adding an EAM.
The Flash controller and flash memory can operate in a different clock domain to the main domain. In that case, you must use an AHB5 to AHB5 sync-down bridge to synchronize the two AHB5 interfaces.
We recommend that you add a cache between the bus interconnect and eFlash controller. This addition helps to reduce the impact of high eFlash access latency and low bandwidth from the CPU. You can use the CG092 AHB Flash Cache. Position the Flash Cache after the AHB5 MPC and before the AHB5 to AHB5 sync-down bridge.
Both the GFC-100 Flash Controller and CG092 AHB Flash Cache have an APB4 interface in addition to an AHB5 interface. Connections to both the GFC-100 Flash Controller and CG092 AHB Flash Cache APB4 interfaces must be after an APB4 PPC.