CoreLink SIE-200

Arm CoreLink SIE-200 System IP

CoreLink SIE-200 Chip.

Getting Started

Arm CoreLink SIE-200 System IP for Embedded provides Arm TrustZone compatible System IP (interconnect and controllers) to enable building of SoCs that integrate with Armv8-M processors Cortex-M23 and Cortex-M33. The SIE-200 IP blocks are built on top of the Arm AMBA 5 AHB5 protocol to extend TrustZone security to the system. The interconnect and TrustZone controllers provide a hardware-enforced isolation between secure and non-secure applications. The IP is configurable enabling designers to tailor each design to a specific application.

CoreLink SIE-200:

  • Reduces cost and increases security in your TrustZone enabled IoT/embedded products.

  • Makes it easy and efficient to create secure systems or to build a system around an existing Trustzone-enabled subsystem.

  • Mix of configurable AHB5 IP to extend TrustZone to the System.

 

Applications

Application Icons

CoreLink CCI-550 key features

Fully Coherent GPU support

1 to 6 ACE ports means CoreLink CCI-550 can enable a fully coherent GPU which simplifies software development. Hardware coherency enables shared virtual memory and removes the need for time-consuming software-managed cache maintenance.

Scalability

Highly scalable configuration means it can be designed for a wide range of applications from premium tablet down to smaller, cost-sensitive designs.

Increased Performance

A new microarchitecture was developed for the CoreLink CCI-550 snoop filter, resulting in a 2x snoop hit bandwidth that extends efficiency across the system.

Part of a Complete System Solution

TrustZone Secure Media Path to provide end to end protection for Ultra-HD content from the Mali GPU to memory.

Designed, tested and optimized with the latest Arm technology including Cortex and Mali processors, and CoreLink system IP.

Request more information

Want more information on Arm CoreLink SIE-200? 

Request more information

Want more information on Arm CoreLink CCI-550? 

This product is included in the Arm Corstone foundation IP

Learn more

Benefits of CoreLink SIE-200

The CoreLink SIE-200 IP library is utilized to build SoCs around Armv8-M cores. The IP provides choice, reliability and lowest-risk for designers to build secure MCU/IoT solutions.

Simplify the design of a secure system

CoreLink SIE-200 IP has been developed and validated with the Cortex-M23 and Cortex-M33 processors. The components have been architected to meet the requirements of a secure TrustZone system.

CoreLink SIE-200 IP forms the basis for the TrustZone-enabled subsystem, CoreLink SSE-200. This subsystem is a reference architecture and has been used by the Arm ecosystem to port tools and OS to the Armv8-M architecture.

Flexibility

CoreLink SIE-200 IP is configurable and supports many system architectures. It is common for manufacturers to be unaware of how their customers will partition the memory. A user might choose to have a more secure memory to implement additional secure services in secure code. Another user might need less secure memory, preferring to use the secure side only for firmware updates. Using TrustZone controllers enables the manufacturer to  specify a chip simply by the amount of shared SRAM/ROM that can be allocated for secure or non-secure use rather than defining or manufacturing a chip with different SRAM/ROM sizes for each secure and non-secure use. The same method can be applied to peripherals and Flash.

Reduced design time and IP re-use

Designers building embedded solutions need to think about system security and software integration. SIE-200 offers reliable fundamental building blocks that can be used to architect secure system solutions. These blocks can be tailored to chosen applications, while maintaining the right level of security isolation. This ability to balance security and flexibility is one of the key benefits of SIE-200 IP.

Legacy IP/designs support

The TrustZone Master Security Controller (MSC) block in SIE-200, can be used to integrate a legacy master (for example, AHB-Lite DMA – such as Arm DMA-230) in a TrustZone-enabled SoC, as secure or non-secure.  The MSC enables the security attribute for a legacy master to be set dynamically so offering maximum flexibility for software programmers. Architects can control external masters (such as a radio master) to define the system resources (memory/peripherals) that they can access. Many embedded designs will have legacy IP. SIE-200 enables you to integrate this legacy IP in a controlled way while preserving the security architecture of the SoC. Other TrustZone controllers (described below) enable you to integrate existing/legacy AHB and APB peripherals in a similar way.

TrustZone AHB5 Memory Protection Controller Block Diagram.

TrustZone AHB5 Memory Protection Controller

Key features of CoreLink SIE-200

The SIE-200 IP library provides the following key features to designers building TrustZone-enabled SoC solutions:

AHB5 interconnect IP

SIE-200 provides a multi-layered bus-matrix that is configured using an XML based configuration file. The bus-matrix can support a maximum of 16 masters and 16 slaves and supports sparse writes. It is optimized for low-latency and the bus-matrix can also be configured using the Arm Socrates System Builder tooling
environment. For simpler MCU designs or expansion ports on the bus-matrix, AHB5 master multiplexer and AHB5 slave multiplexer standalone blocks are also provided.

AHB5/AHB-lite/APB support

The SIE-200 IP library also includes AHB5-to-AHB5 synchronous/asynchronous bridges and AHB5-to-APB synchronous/asynchronous bridges. This enables support for a range of peripherals common in MCUs and is relevant when interfacing to a variety of sensors used in IoT devices. These blocks handle protocol/clock/power domain crossings.

Power/Voltage/Clock domain bridges

SIE-200 IP offers support for multiple clock and power domains with the use of discrete synchronous and asynchronous bridges described above. An AHB5 Access Control Gate (ACG) component is also provided which can be placed on a clock or power domain boundary to hold or block AHB5 transactions, whenever the receiving side is unable to accept the transfer. When transactions are allowed to pass, the ACG is transparent and does not introduce extra latency (with synchronous domains).

TrustZone controllers

SIE-200 provides programmable TrustZone controllers which support dynamic allocation of trusted and non-trusted regions of memory and peripherals in a system. Each of these controllers has an APB interface for programming the different zones.

  • The TrustZone AHB5 Memory Protection Controller (MPC) gates access to memory as a function of the transaction. It enables the memory blocks to be assigned as secure or non-secure and supports a range of block sizes. The MPC checks the security setting for the incoming transaction and either allows the transaction through, or responds with a RAZ/error and/or a secure error interrupt. The MPC can support a simple watermarking approach, where the memory is split into two regions; one secure and the other non-secure. MPC can also support a more complex dynamic block based memory allocation for secure/non-secure application use.
  • The TrustZone AHB5 and TrustZone APB Peripheral Protection Controllers (PPC) can each control access for up to 16 peripherals. Non-secure accesses to secure peripherals are blocked with RAZ/error responses and/or secure interrupts.

Low power interface

The new processor and System IP use AMBA Low Power Interface specification (LPI) to manage power and clock control in the SoC. The Q-Channel interface is specified in the LPI standard. This interface handles communication and handshaking for the changes in quiescent states of each part of the system. Arm Cortex-M33, SIE-200 and SSE-200 subsystems use Q-Channels to control clock and power domains in the CPU and in the wider SSE-200 subsystem. Designers can use the Q-Channels to develop a dynamic power control infrastructure that requires minimal software control. It enables each CPU and the system to be power gated off independently and dynamically.

Exclusive accesses

AHB5 adds exclusive access mechanism to the protocol, which enables semaphore-type operations, without requiring the bus to remain dedicated to a particular master for the duration of the operation. This means the semaphore-type operations do not impact either the bus access latency or the maximum achievable bandwidth. SIE-200 provides an Exclusive Access Monitor (EAM) to monitor slave accesses. For Armv8-M systems using TrustZone, the EAM must take extra care for secure/non-secure accesses. The monitor ensures that the same data cannot be accessed in both secure and non-secure modes. A write is not considered to have overwritten a tagged data if the access type (secure or non-secure) does not match the state in the exclusive read access.

The support for some of these features is configurable and system dependent and enables maximum system architect flexibility to trade off area footprint against performance and power requirements.

Get support

Arm support

Arm training courses and on-site system-design advisory services enable licensees to realize maximum system performance with lowest risk and fastest time-to-market.

Arm training courses  Open a support case

Community Blogs

Answered Where do I find presentations and photos from SC'18? 1 votes 885 views 0 replies Started 5 months ago by John Linford Answer this
Suggested answer Code is not run after loading into chip 0 votes 52 views 1 replies Latest 8 hours ago by Bojan Potocnik Answer this
Not answered 是的刚说的话个离开接电话说过考虑的就是 0 votes 19 views 0 replies Started 14 hours ago by asgadgadg Answer this
Not answered What is the "Integer divide unit with support for operand-dependent early termination"? 0 votes 28 views 0 replies Started 21 hours ago by jing Answer this
Answered Binary Semaphore upset by FIQ
  • Cortex-A
0 votes 808 views 20 replies Latest 3 days ago by 42Bastian Schick Answer this
Suggested answer Vulkan shader problem on Mali Gpu: Accessing array elements inside an Uniform buffer returns all-zero values
  • Graphics Application
  • Mali Vulkan SDK
  • vulkan sdk
0 votes 467 views 10 replies Latest 3 days ago by Hongkun Wang Answer this
Not answered Identifying Generic IP Components on an Access Port 0 votes 48 views 0 replies Started 3 days ago by Torsten Robitzki Answer this
Not answered List of configuration options in .uvprojx and .uvoptx files (Keil uVision 5)
  • Development Tools
  • Keil
  • uVision
  • Keil Tools
  • Software Development Tools
0 votes 35 views 0 replies Started 3 days ago by Bojan Potocnik Answer this
Not answered Issue with WatchDog reset De-asserting 0 votes 54 views 0 replies Started 3 days ago by BAB Answer this
Suggested answer Keil debug session 侦错问题
  • stm32 h7
  • Keil MDK Plus Edition
0 votes 233 views 6 replies Latest 3 days ago by STM32H7 Answer this
Not answered Combining C and C++ source files in a DS-5 project using the Altera Baremetal GNU toolchain
  • C++
  • DS-5 Professional Edition
  • GNU Arm Eclipse
0 votes 46 views 0 replies Started 4 days ago by PHJ Answer this
Suggested answer Jenkins build failing to copy licence cache
  • Arm Development Studio
  • Arm Compiler
  • Arm Compiler 5
0 votes 105 views 1 replies Latest 4 days ago by Ronan Synnott Answer this
Answered Where do I find presentations and photos from SC'18? Started 5 months ago by John Linford 0 replies 885 views
Suggested answer Code is not run after loading into chip Latest 8 hours ago by Bojan Potocnik 1 replies 52 views
Not answered 是的刚说的话个离开接电话说过考虑的就是 Started 14 hours ago by asgadgadg 0 replies 19 views
Not answered What is the "Integer divide unit with support for operand-dependent early termination"? Started 21 hours ago by jing 0 replies 28 views
Answered Binary Semaphore upset by FIQ Latest 3 days ago by 42Bastian Schick 20 replies 808 views
Suggested answer Vulkan shader problem on Mali Gpu: Accessing array elements inside an Uniform buffer returns all-zero values Latest 3 days ago by Hongkun Wang 10 replies 467 views
Not answered Identifying Generic IP Components on an Access Port Started 3 days ago by Torsten Robitzki 0 replies 48 views
Not answered List of configuration options in .uvprojx and .uvoptx files (Keil uVision 5) Started 3 days ago by Bojan Potocnik 0 replies 35 views
Not answered Issue with WatchDog reset De-asserting Started 3 days ago by BAB 0 replies 54 views
Suggested answer Keil debug session 侦错问题 Latest 3 days ago by STM32H7 6 replies 233 views
Not answered Combining C and C++ source files in a DS-5 project using the Altera Baremetal GNU toolchain Started 4 days ago by PHJ 0 replies 46 views
Suggested answer Jenkins build failing to copy licence cache Latest 4 days ago by Ronan Synnott 1 replies 105 views