winIDEA HelpTC2xx: HSM Programming
In this topic:
•Programming the TriCore application and the HSM code
Introduction
This topic describes a procedure of programming an HSM application through winIDEA on Infineon AURIX TC2xx devices.
The HSM (Hardware Security Module) is an optional module available on selected Aurix devices.
|
Read your Aurix device reference manual carefully. Use caution when debugging the HSM core as programming/erasing the HSM reserved FLASH sectors may result in locking the device. winIDEA offers few options which help you reducing the risk locking the device. |
The HSM protection is configured in the User Configuration Block (UCB). Writing to UCB in winIDEA is disabled by default. UCBs serve as vital repositories of critical settings and configurations that drive the behavior and functionality of SoC features. They play a pivotal role in ensuring unmatched configurability.UCBs allow developers to define and configure crucial settings such as:
•Reset vector
•RAM initialization
•Hardware Security Module (HSM) configuration
•Logic Built-In Self-Test (LBIST)
•FLASH protection
•etc.
|
Wrong UCB data can lock the device permanently. Use winIDEA Demo Mode prior flash programming to test whether all UCB sectors contain correct data. Number of writes to UCB is limited. Refer to your TriCore device documentation for the exact number of writes. Uncheck <UCB_device> box once UCB is programmed. |
Through winIDEA, you can program an HSM application and configure the UCB (User Configuration Block) which is required to enable the HSM on your Aurix device.
|
It is recommended to use Image checker during UCB or HSM code programming. HSM application programming and UCB configuration requires caution because a misconfiguration can potentially lock your chip. |
Requirements
•winIDEA 9.21.0 or newer
•iC7
oInfineon AGBT/SGBT Active Probe / Infineon DAP/DAPE Active Probe
•iC5700, iC5000
oInfineon AGBT/SGBT Active Probe / Infineon DAP/DAPE Active Probe / 10-pin 1.27 mm Infineon DAP2 Wide Debug Adapter / 22-pin ERF8 DAP2 Debug Adapter
Configuration
The proper procedure to program your HSM application can be summarized in two steps:
1. Programming the TriCore application and the HSM code.
2. Enabling the HSM in the UCB.
Programming the TriCore application and the HSM code
|
Prevent chip locking by misconfiguration via Hardware / CPU Options / Debugging. |
Set the Image checker to Reject programming.
|
Verify Program Files via Debug / Configure Session / SoC / Program Files. |
For the regular TriCore application(s) and for the HSM.
|
Activate Tools / Demo mode and perform Debug / Download. |
Your files must contain at least one valid boot mode header and valid HSM code before you proceed to enabling the HSM. With Demo mode you can see what is loaded into the target memory before you actually flash any code to your target.
|
Use Load Map via Debug / Show Load Map. |
Inspect the contents of the BMHD locations (BMHD0 - BHMD3).
|
Disable Demo mode and perform a Debug / Download to program the code onto your target. |
If the BMHD and HSM code are populated correctly you can program the code onto your target.
|
Check the validity of the programmed boot mode header. |
Make sure that the CPU0 boots correctly.
a. Disable presenting the CPU0 program counter by setting Hardware / CPU Options / Cores / CPU0 / Preset PC after stopped in init to Do not preset.
b. Reset the CPU via Debug / Reset and observe its reset vector.
|
Enabling the HSM without having a valid boot mode header programmed can permanently lock your chip! |
Enabling the HSM in the UCB
|
Enable UCB via Hardware / Options / Programming. |
|
The amount of writes to the UCB is limited. For the exact number of writes, refer to your AURIX device reference manual. Uncheck the UCB memory device once the UCB is programmed. |
|
Establish a Debug Session via Debug / Load Symbols Only. |
|
Open the UCB plugin via View / Aurix / UCB. |
Double click on the UCB_HSMCOTP register. Change the values of the following registers:
•PROCONHSMCOTP_x: 0x01 or 0x781; Select the value and use it for all these registers.
•CONFIRMATION_x: UNLOCKED (0x43211234)
|
Recommended values for PROCONHSMCOTP_x during development are: 0x01 or 0x781. Other bits of this register should only be changed with extreme care, as you can lock the HSM flash, prevent start-up or disable debug access. Setting CONFIRMATION_x to CONFIRMED makes the whole UCB sector OTP protected from programming. |
After you click OK, the BlueBox programs UCB_HSMCOTP.
In case of any security violation, programming is rejected. This completes the configuration. After the power-on reset, the newly entered UCBs are read by the CPU and the HSM is started accordingly.
More resources
