System IP that includes interconnects, peripherals and TrustZone controller components
The CoreLink SIE-200 system IP includes a collection of interconnect, peripheral, and TrustZone controller components. This system IP is compatible with Cortex-M23 and Cortex-M33-based systems with TrustZone technology, which offers a system-wide approach to security with hardware-enforced isolation. The SIE-200 IP blocks are built on top of the Arm AMBA 5 AHB5 protocol to extend TrustZone security to the system. CoreLink SIE-200:
- Reduces cost and increases security in TrustZone based systems for IoT and embedded applications.
- Makes it easier and more efficient to create secure systems or to build a system around an existing TrustZone-enabled subsystem
- Provides flexibility due to is configurability and support for many system architectures.
The following image illustrates features of the SIE-200 IP:
CoreLink SIE-200 IP library provides choice, reliability, and lowest-risk for designers to build secure IoT devices.
Simplify the design of a secure system
CoreLink SIE-200 IP has been developed and validated with the Cortex-M23 and Cortex-M33 processors. The components have been architected to meet the requirements of a secure TrustZone system.
CoreLink SIE-200 IP forms the basis for the TrustZone-enabled subsystem, CoreLink SSE-200. This subsystem is a reference architecture and has been used by the Arm ecosystem to port tools and OS to the Armv8-M architecture.
CoreLink SIE-200 IP is configurable and supports many system architectures. It is common for manufacturers to be unaware of how their customers will partition the memory. You can choose to have a more secure memory to implement extra secure services in secure code. You might need less secure memory, preferring to use the secure side only for firmware updates. Using TrustZone controllers enables the manufacturer to specify a chip simply by the amount of shared SRAM or ROM that can be allocated for secure or non-secure use, rather than defining or manufacturing a chip with different SRAM or ROM sizes for each secure and non-secure use. The same method can be applied to peripherals and Flash.
Reduced design time and IP reuse
Designers building embedded solutions must think about system security and software integration. SIE-200 offers reliable fundamental building blocks that can be used to architect secure system solutions. These blocks can be tailored to chosen applications, while maintaining the right level of security isolation. This ability to balance security and flexibility is one of the key benefits of SIE-200 IP.
Legacy IP and designs support
The TrustZone Master Security Controller (MSC) block in SIE-200, can be used to integrate a legacy master (for example, AHB-Lite DMA – such as Arm DMA-230) in a TrustZone-enabled SoC, as secure or non-secure. The MSC enables the security attribute for a legacy master to be set dynamically so offering maximum flexibility for software programmers. Architects can control external masters, such as a radio master to define the system resources (memory and peripherals) that they can access. Many embedded designs have legacy IP. SIE-200 enables you to integrate this legacy IP in a controlled way while preserving the security architecture of the SoC. Other TrustZone controllers enable you to integrate existing or legacy AHB and APB peripherals in a similar way.
CoreLink SIE-300 consists of the following components:
SIE-200 provides a multi-layered bus-matrix that is configured using an XML based configuration file. The bus-matrix can support a maximum of 16 masters and 16 slaves and supports sparse writes. It is optimized for low-latency and the bus-matrix can also be configured using the Arm Socrates System Builder tooling environment. For simpler MCU designs or expansion ports on the bus-matrix, AHB5 master multiplexer and AHB5 slave multiplexer standalone blocks are also provided.
The SIE-200 includes AHB5-to-AHB5 synchronous and asynchronous bridges and AHB5-to-APB synchronous and asynchronous bridges. This enables support for a range of peripherals common in MCUs and is relevant when interfacing to various sensors used in IoT devices. These blocks handle protocol/clock/power domain crossings.
Power/Voltage/Clock Domain Bridges
SIE-200 offers support for multiple clock and power domains with the use of discrete synchronous and asynchronous bridges as described in AHB5/AHB-lite/APB Support. An AHB5 Access Control Gate (ACG) component is also provided which can be placed on a clock or power domain boundary to hold or block AHB5 transactions, whenever the receiving side is unable to accept the transfer. When transactions are allowed to pass, the ACG is transparent and does not introduce extra latency (with synchronous domains).
TrustZone AHB5 Memory Protection Controller
The TrustZone AHB5 Memory Protection Controller (MPC) gates access to memory as a function of the transaction. It enables the memory blocks to be assigned as secure or non-secure and supports a range of block sizes. The MPC checks the security setting for the incoming transaction and either allows the transaction through or responds with a RAZ or error and or a secure error interrupt. The MPC can support a simple watermarking approach, where the memory is split into two regions; one secure and the other non-secure. MPC can also support a more complex dynamic block-based memory allocation for secure or non-secure application use.
The TrustZone AHB5 and TrustZone APB Peripheral Protection Controllers (PPC) can each control access for up to 16 peripherals. Non-secure accesses to secure peripherals are blocked with RAZ or error responses and secure interrupts.
SIE-200 provides programmable TrustZone controllers which support dynamic allocation of trusted and Non-trusted regions of memory and peripherals in a system. Each of these controllers has an APB interface for programming the different zones.
This system IP uses AMBA Low-Power Interface specification (LPI) to manage power and clock control in the SoC. The Q-Channel interface is specified in the LPI standard. This interface handles communication and handshaking for the changes in quiescent states of each part of the system. Arm Cortex-M33, SIE-200 and SSE-200 subsystems use Q-Channels to control clock and power domains in the CPU and in the wider SSE-200 subsystem. Designers can use the Q-Channels to develop a dynamic power control infrastructure that requires minimal software control. It enables each CPU and the system to be power gated off independently and dynamically.
AHB5 adds exclusive access mechanism to the protocol, which enables semaphore-type operations, without requiring the bus to remain dedicated to a particular master during the operation. This means the semaphore-type operations do not impact either the bus access latency or the maximum achievable bandwidth. SIE-200 provides an Exclusive Access Monitor (EAM) to monitor slave accesses. For Armv8-M systems using TrustZone, the EAM must take extra care for Secure and non-secure accesses. The monitor ensures that the same data cannot be accessed in both Secure and non-secure modes. A write is not considered to have overwritten a tagged data if the access type (secure or non-secure) does not match the state in the exclusive read access.
The support for some of these features is configurable and system dependent and enables maximum system architect flexibility to trade off area footprint against performance and power requirements.