Arm® TrustZone® Getting Started Application on SAM L11 MCUs

 Objective

This tutorial shows you how to create an Arm® TrustZone® feature application on SAM L11 microcontroller (MCU) using MPLAB Harmony v3 software framework.

The SAM L11 MCU is the implementation of the Arm TrustZone 45r for an ARMv8-M device. TrustZone for an ARMv8-M device is based on a specific hardware that is implemented in the Arm Cortex®-M23 core, which is combined with a dedicated Secure instructions set. It allows the creation of multiple software security domains that restricts access to selected memory, peripherals, and I/O to trusted software without compromising the system performances. The TrustZone technology enables secure and non-secure code to run on a single MCU.

For the detailed explanation of security features available on the Microchip SAM L11 MCU, go through the "SAM L11 Security Reference Guide".

MPLAB® Harmony v3 is a flexible, fully integrated embedded software development framework for 32-bit microcontrollers (MCUs) and microprocessors (MPUs). MPLAB Harmony v3 includes the MPLAB Harmony Configurator (MHC) tool, a set of modular Peripheral Libraries (PLIBs), drivers, system services, middleware, and numerous example applications, all of which are designed to help you quickly and easily develop powerful and efficient embedded software for Microchip’s 32-bit PIC® and SAM devices. Also, the MPLAB Harmony v3 provides a TrustZone enviroment to develop security applications on different secured MCUs and MPUs like SAM L11, SAM A5D2 and SAM A5D4.

The application makes use of the SAM L11 Xplained Pro Evaluation Kit and the I/O1 Xplained Pro Extension Kit (sold separately).

The application has two projects pertaining to Secure and Non-secure modes of SAM L11, that work together on the same MCU and offers security isolation between the trusted and the non-trusted resources of the device.

The Secure mode application reads the current room temperature from the temperature sensor on the I/O1 Xplained Pro Extension Kit every 500 milliseconds. Additionally, the secure application writes the temperature readings to EEPROM and reads when a request is received from the Non-secure mode application. Also, an LED (LED0) is toggled every time the temperature is displayed on the serial console. The periodicity of the temperature values reading can be changed to 1 second, 2 seconds, 4 seconds, and back to 500 milliseconds every time the user presses the switch SW0 on the SAM L11 Xplained Pro Evaluation Kit. The temperature readings are transferred to Non-secure mode application when it requests to secure application through Non-Secure Callables (NSC).

The Non-secure mode application requests the Secure mode application to get the current temperature values and the Non-secure mode application prints them on a serial console. Further, when it receives a request from the user (in the form of a key press on the serial console), it requests a Secure mode application to retrieve the last five stored temperature values in the EEPROM. The Non-secure application prints the last five stored temperature values on the console.

The application you create will utilize:

  • Secure PORT Pin to toggle the LED (By default, all PORT pins are secure)
  • Secure SERCOM (configured as I²C) PLIB to read the temperature from a temperature sensor
  • Secure Real-Time Clock (RTC) PLIB to periodically sample temperature sensor data
  • Secure External Interrupt Controller (EIC) PLIB to change the periodicity of temperature sensor data read using switch SW0 press event
  • Non-secure SERCOM (configured as Universal Synchronous Asynchronous Receiver Transmitter (USART)) and Non-secure Direct Memory Access (DMA) PLIBs to print the temperature values on a COM (serial) port terminal application running on a PC
  • Non-secure PORT Pins (USART Pins only) to communicate with the serial terminal

In the process, the lab will also demonstrate the use of callback functions.

Two Ways to Use This Tutorial

  1. Create the project from scratch:
    • Use the provided source files and step-by-step instructions.
  2. Use the solution project as an example:
    • Build the solution project and program it to the SAM L11 Xplained Pro Evaluation Kit to observe the expected behavior.

Lab Objectives

  1. Create an MPLAB X IDE Harmony v3 TrustZone project for a SAM L11 microcontroller from scratch.
  2. Use MHC to configure and generate Harmony v3 PLIBs code for the following peripherals in Secure mode:
    • RTC
    • I²C
    • EIC and
    • PORT pin to toggle LED.
  3. Use the MHC to configure and generate Harmony v3 PLIBs code for the following peripherals in Non-Secure mode:
    • USART
    • DMA
    • PORT pins for USART.
  4. Use the Harmony v3 PLIB Application Programming Interfaces (APIs) to implement secure and non-secure applications.

 Materials

Hardware Tools

Tool About Purchase
atsaml11-xpro-50px.png
SAM L11 Xplained Pro
Evaluation Kit
io1-xpro-extension-50px.png
I/O1 Xplained Pro
Extension Kit

Note:
The Xplained Pro series evaluation kits include an onboard Embedded Debugger (EDBG). No external tools are necessary to program or debug the ATSAML11E16A. For programming/debugging, the EDBG connects to the host PC through the USB micro-B connector on the SAM L11 Xplained Pro Evaluation Kit.

Hardware Connection Setup

Hardware_setup.jpg
Figure 1.1: Hardware Setup

Apart from the hardware tools listed above, the following items are required:

  • USB Type-A male to micro-B male cable for programming and debugging.

Connection Diagram

The application has the temperature sensor and EEPROM connected to the SAM L11 over I²C interface and the console (serial terminal) on a PC connected over USART interface (through USB to USART converter).

connection_diagram.png

Hardware Modification

IO1 Xplained Pro features Microchip’s AT30TSE758 temperature sensor chip with an 8 KB serial EEPROM. The temperature sensor has two I²C addresses: one for the temperature sensor and one for the EEPROM. The A2 address line of I²C must be soldered to Ground (GND). This is done to modify the address of the EEPROM on the I/O1 Xplained Pro Extension Kit so that it does not conflict with the address of EEPROM on SAM L11 Xplained Pro Evaluation Kit. The modification changes the address of the temperature sensor to 0x4B and EEPROM to 0x50. These modified addresses are used in this tutorial.

The hardware modification on the IO1 Xplained Pro is shown in the following figure.

hardware_modification.png
Figure 1.2: Hardware Modification

Software Tools

Note:
This project has been verified to work with the following versions of software tools:
MPLAB X IDE v5.40
MPLAB XC32 Compiler v2.41
MPLAB Harmony CSP v3.8.0
DEV_PACKS v3.8.0
MHC v3.5.1

Because we regularly update our tools, occasionally you may discover an issue while using the newer versions. If you suspect that to be the case, we recommend that you double-check and use the same versions that the project was tested with.

Tool About Installers
Installation
Instructions
Windows Linux Mac OSX
MPLAB® X
Integrated Development Environment
MPLAB® XC32
C/C++ Compiler

For this lab, download the following repositories from GitHub:

  • CSP: The following table shows the summary of contents.
Folder Description
apps Example applications for CSP library components
arch Initialization and starter code templates and data
docs CSP library help documentation
peripheral PLIB templates and configuration data
  • DEV_PACKS: The following table shows the summary of contents.
Folder Description
Microchip Peripheral register specific definitions
arm Core Specific Register Definitions (CMSIS)
  • MHC: The following table shows the summary of contents.
File/Folder Description
doc Help documentation and licenses for libraries used
np_templates New Project templates for supported toolchains
*.jar Java implementations of MHC modules
mhc.jar Main Java executable (run: java -jar mhc.jar -h)
runmhc.bat Windows cmd batch file to run standalone MHC Graphical User Interface (GUI)

Overview

This lab shows you how to create an MPLAB Harmony v3 project from scratch, to configure and generate:

  • Harmony v3 Peripheral Libraries code for the secure RTC, I²C, EIC, and PORTS peripherals (All PORT pins by default are secure)
  • Harmony v3 Peripheral Libraries code for the non-secure USART, DMA, and PORTS peripherals (USART Pins only)

The application has two projects pertaining to Secure and Non-secure modes of SAM L11, that work together on the same MCU and offers security isolation between the trusted and the non-trusted resources in the device.

Secure Application

The Secure mode application reads the current room temperature from the temperature sensor on the I/O1 Xplained Pro Extension Kit every 500 milliseconds. The application writes the temperature readings to EEPROM and reads when a request is received from the Non-secure mode application. Also, an LED (LED0) is toggled every time the temperature is displayed on the serial console. The periodicity of the temperature values reading can be changed to 1 second, 2 seconds, 4 seconds, and back to 500 milliseconds every time when the user presses the switch SW0 on the SAM L11 Xplained Pro Evaluation Kit. The temperature readings are transferred to Non-secure mode application when it requests to secure application through Non-Secure Callables (NSC).

secure_application_flow_sequence.png
Figure 1.3 Secure Application Flow Sequence

The secure application initializes Clock, PORT, and secure peripherals (configured through the MHC) and its NVIC initializations by calling the function SYS_Initialize. The application registers callback event handlers for SERCOM (as I²C), RTC, and EIC PLIBs. The callback event handlers are called back by the PLIBs when the transaction completion events occur.

Note:

  1. A callback event handler for SERCOM (as I²C) is accomplished by I²C PLIB when the I²C transfer request is completed.
  2. RTC peripheral is used for implementing the time period instead of the timer peripheral. This is done to demonstrate how to configure and use RTC peripheral in an application (particularly low power application).

The application checks whether the configured RTC timer period has expired. On every timer period expiration, the application calls the function SERCOM1_I2C_WriteRead to submit a temperature sensor read request to the I²C PLIB when I²C peripheral is free. The I²C PLIB calls back the registered callback event handler when the latest temperature value is read from the sensor. The application frees the I²C PLIB and sets a temperature read complete flag in the I²C callback event handler if the I²C PLIB request is a temperature sensor read request.

The application checks the temperature read complete flag and it also checks the I²C PLIB is free to submit written request to store the values in the EEPROM. Further, it will load the latest temperature value (in a formatted message) onto the buffer and also toggles user LED0. The I²C PLIB calls back the registered callback event handler when the latest temperature value is written to the EEPROM. The application frees the I²C PLIB.

Further, the application checks if the EEPROM read request is received from non-secure application to read the last five stored temperature values in the EEPROM. The application calls the function SERCOM1_I2C_WriteRead to submit a read request to the I²C PLIB to read the last five stored temperature values in the EEPROM when I²C peripheral is free. The I²C PLIB calls back the registered callback event handler when the latest temperature value is read from the sensor. The application frees the I²C PLIB and sets an EEPROM read status complete flag in the I²C callback event handler if the I²C PLIB request is an EEPROM read request.

The application also monitors the pressing of the switch SW0; if a switch press is detected, the application changes the temperature sampling rate from the default 500 milliseconds to 1 second. On subsequent switch press, the application changes the temperature sampling rate to two seconds, four seconds, and back to 500 milliseconds. The application cycles the temperature sampling rate on every switch press, as shown in Figure 1.3.

app_led_running_sequence.png
Figure 1.4 LED Running Sequence

Non-Secure Application

The Non-secure mode application requests the Secure mode application temperature values and prints them on a serial console once it receives from the Secure mode application. Further, when it receives a request from the user (in the form of a key press on the serial console), it will request that the Secure mode application retrieve the last five stored temperature values in the EEPROM. The non-secure application prints the last five stored temperature values on the console.

non_secure_application_flow_sequence.png
Figure 1.5 Non-Secure Application Flow Sequence

The application initializes non-secure peripherals (configured through the MHC) and its NVIC initializations by calling the function SYS_Initialize. The application registers callback event handlers for two DMA channels (SERCOM (configured as USART) transmit and receive channels). The callback event handlers are called back by the PLIBs when the transaction completion events occur.

Note: Callback event handlers for SERCOM (configured as USART) is not registered as the actual USART data transfer, and it is accomplished by the DMA. The DMA calls back the callback event handlers when the DMA transfer requests are complete.

The application request and checks whether the temperature reading completion status set by Secure mode application to print the latest received temperature value (in a formatted message) onto the serial console over the USART interface by submitting a written request to DMA.

Further, the application reads a user input is received as a character from the serial terminal on the PC to read the stored (last five) temperature values from by requesting to secure application.

The application prints the temperature values on the serial terminal once the EEPROM data read the completion status set by the Secure mode application.

Lab Source Files and Solutions

This ZIP file contains the completed solution project for this lab. It also contains the source files needed to perform the lab as per the following step-by-step instructions (see the "Procedure" section on this page).

The contents of this ZIP file need to be placed in a folder of your choice.

Note:

  1. The project location of a Harmony v3 project is independent of the location of the Harmony Framework path (i.e., you don't need to create or place a Harmony v3 project in a relative path under the Harmony v3 framework folder). The project can be created or placed in any directory of your choice.
  2. The point above is true because when created, a Harmony v3 project generates all the referred source and header files and libraries (if any) under the Project folder.
  3. Both points above contrast with Harmony v2 project location. In Harmony v2, the project was supposed to be created in a location under the Harmony framework.


Extracting the ZIP file creates the following folders:

  • saml11_trustzone_getting_started contains the lab solution (in the firmware folder) and source files (in the dev_files folder).
    • The dev_files folder contains the subfolders Secure and NonSecure which contains the application source files and other support files (if any) required to perform the lab (see "Procedure" section below).
    • The firmware folder contains the completed lab solution project. It can be directly built and programmed on the hardware to observe expected behavior.

Procedure

Note: All steps must be completed before you are ready to build, download, and run the application.

Lab Index

Step 1: Create a SAM L11 Secure and Non-secure Group Project

  • Step 1.1 - Verify Whether MHC Plug-in is Installed in MPLAB X IDE
  • Step 1.2 - Set Up MHC Plugin Window to Open in Standalone Mode
  • Step 1.3 - Create MPLAB® Harmony v3 TrustZone Project Using MPLAB X IDE
  • Step 1.4 - Verify Clock Settings
  • Step 1.5 - Configure Secure and NonSecure Peripherals
  • Step 1.6 - Verify Secure and Non-secure Memory Regions

Step 2: Configure I²C, USART, and RTC Peripheral Libraries

  • Step 2.1 - Configure Secure RTC Peripheral Library
  • Step 2.2 - Configure Secure I²C Peripheral Library and Secure I²C Pins
  • Step 2.3 - Configure Non-Secure USART Peripheral Library and Non Secure USART Pins
  • Step 2.4 - Configure Non-Secure DMA Peripheral Library

Step 3: Configure Pins for Switch and LED

  • Step 3.1 - Configure Switch Button Pin with Secure EIC to Generate an Interrupt
  • Step 3.2 - Configure LED Pin in Secure Mode
  • Step 3.3 - Rename the Default main File

Step 4: Generate Code
Step 5: Add Secure Application Code to the Project
Step 6: Add Non-secure Application Code to the Project
Step 7: Build, Program, and Observe the Outputs

© 2021 Microchip Technology, Inc.
Notice: ARM and Cortex are the registered trademarks of ARM Limited in the EU and other countries.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.