Overview The goals of a secure IoT device Security - How can I secure my device? Security - Platform Security Architecture Security - Arm TrustZone technology Security - CryptoCell and CryptoIsland technologies Security - Mitigating against physical attacks Security - Implementing additional security IP - What IP do I need to make a secure IoT device? IP - The processor IP - The AMBA components IP - The CryptoCell IP - Power control, timers, Wi-Fi, and display Build - How does the IP fit together? Build - Starting to develop an example TBSA-M system Build - Select AMBA components to link the IP together Build - Connect to RAM, ROM, and eFlash memory Build - Connect the CryptoCell-312 Build - Add power control to the SoC Build - Add the timers as peripherals Build - Add a theoretical Wi-Fi and display component Build - Integrate the IP into the SoC Build - Add your own registers for the SoC Build - Arm subsystems SSE-123 - Exploring the SSE-123 Example Subsystem SSE-123 - SSE-123 features SSE-123 - Working with the SSE-123 SSE-123 - SSE-123 timers SSE-123 - SSE-123 registers SSE-123 - Debugging with the SSE-123 SSE-123 - The SSE-123 I/O port SSE-123 - Ideas for extending the SSE-123 Related information Next steps
Select the individual AMBA components to link the IP together
Use most or all the following AMBA components from the CoreLink SIE-200 System IP for Embedded to link the other IP in your SoC together:
AMBA component | Description |
---|---|
AHB5 bus matrix | Connects other AHB5 components through its slave and master ports. This component can be thought of as the backbone of an SoC. You can configure this interconnect to add more interfaces based on your system needs. You can also add extra bus matrixes to these interfaces. |
AHB5 Memory Protection Controller (MPC) | Monitors transactions to a memory interface. If a security violation occurs, this component gates the transaction. The MPC divides memory into blocks. A lookup table and registers determine whether the MPC can access an address. Security violations are reported through a dedicated interrupt. |
APB4 Peripheral Protection Controller (PPC) | Monitors transactions to, and responses from, peripherals with APB4 interfaces. If a security violation occurs, this component gates the transaction. Security checking is defined for each APB peripheral that the controller hosts. External inputs configure the hosting. Supports up to 16 APB peripherals. |
AHB5 to APB4 asynchronous bridge | Connects a low-bandwidth APB4 peripheral device to an AHB5 bus. This bridge creates a boundary between two clock or power domains and functions as an Access Control Gate. |
AHB5 to internal SRAM interface | Enables on-chip synchronous RAM blocks to attach to an AHB5 interface. This component functions as a memory controller for the RAM. |
AHB5 to ROM interface | Enables a simple ROM memory model to be attached to an AHB5 interface. |
AHB5 to AHB5 sync-down bridge | Synchronizes AHB5 interfaces where the upstream side is faster than the downstream side. |
AHB5 Access Control Gate (ACG) | Serves as a boundary between two clock or power domains. For example, the boundary could be between a base domain and a memory domain. If the receiving side of the transaction cannot accept the transfer or is explicitly asked not to, the transfer is blocked. For an SoC with multiple clock and power domains, an ACG is useful for handling clock and power domain crossings. |
AHB5 Exclusive Access Monitor (EAM) | Monitors access to slaves that are downstream of it. The EAM is not a security component. Instead, this component implements AHB5 exclusive access support, which is required for handling semaphore passing. Semaphore passing is used to prevent multiple processors from accessing the same area of memory at the same time. An EAM supports TrustZone transactions, and you can place an EAM after an MPC. Unless your SoC has multiple processors, you do not need to use an EAM. |
Note: The CoreLink SIE-200 System IP for Embedded Release Note contains a complete list of all available components.