winIDEA HelpTC2xx: HSM Programming
In this topic:
•Programming the TriCore application and the HSM code
Introduction
This topic describes a procedure of programming an HSM application through winIDEA on Infineon AURIX TC3xx devices.
The HSM (Hardware Security Module) is an optional module available on selected Aurix devices.
|
Read your Aurix device reference manual carefully. Use caution when debugging the HSM core as programming/erasing the HSM reserved FLASH sectors may result in locking the device. winIDEA offers few options which help you reducing the risk locking the device. |
The HSM protection is configured in the User Configuration Block (UCB). Writing to UCB in winIDEA is disabled by default. UCBs serve as vital repositories of critical settings and configurations that drive the behavior and functionality of SoC features. They play a pivotal role in ensuring unmatched configurability.UCBs allow developers to define and configure crucial settings such as:
•Reset vector
•RAM initialization
•Hardware Security Module (HSM) configuration
•Logic Built-In Self-Test (LBIST)
•FLASH protection
•etc.
|
Wrong UCB data can lock the device permanently. Use winIDEA Demo Mode prior flash programming to test whether all UCB sectors contain correct data. Number of writes to UCB is limited. Refer to your TriCore device documentation for the exact number of writes. Uncheck <UCB_device> box once UCB is programmed. |
Through winIDEA, you can program an HSM application and configure the UCB (User Configuration Block) which is required to enable the HSM on your Aurix device.
|
It is recommended to use Image checker during UCB or HSM code programming. HSM application programming and UCB configuration requires caution because a misconfiguration can potentially lock your chip. |
Requirements
•winIDEA 9.21.0 or newer
•BlueBox iC5700, iC5000
•Infineon AGBT Active Probe / Infineon DAP/DAPE Active Probe / 10-pin 1.27 mm Infineon DAP2 Wide Debug Adapter / 22-pin ERF8 DAP2 Debug Adapter
Configuration
The proper procedure to program your HSM application can be summarized in two steps:
1. Programming the TriCore application and the HSM code.
2. Enabling the HSM in the UCB.
Programming the TriCore application and the HSM code
|
Prevent chip locking by misconfiguration via Hardware / CPU Options / Debugging. |
Set the Image checker to Reject programming.
|
Verify Program Files via Debug / Configure Session / SoC / Program Files. |
For the regular TriCore application(s) and for the HSM.
|
Proceed to the next step only when you are sure that the HSM code has been downloaded. The chip will be locked after the next power-on reset if the HSM is enabled while no valid HSM code is present. |
Enabling the HSM in the UCB
|
Enable UCB via Hardware / Options / Programming. |
|
The amount of writes to the UCB is limited. For the exact number of writes, refer to your AURIX device reference manual. Uncheck the UCB memory device once the UCB is programmed. |
|
Establish a Debug Session via Debug / Load Symbols Only. |
|
Configure the boot mode headers via View / Aurix / UCB / Set Startup Address. |
Specify:
•Address of your primary application
•Startup mode
•UCB you would like to program.
At least one valid boot mode header needs to be programmed before enabling the HSM.
|
Check the validity of the programmed boot mode header. |
Make sure that the CPU0 boots correctly.
a. Disable presenting the CPU0 program counter by setting Hardware / CPU Options / Cores / CPU0 / Preset PC after stopped in init to Do not preset.
b. Reset the CPU via Debug / Reset and observe its reset vector.
|
Enabling the HSM without having a valid boot mode header programmed can permanently lock your chip! |
In case of any security violation, programming is rejected. This completes the configuration. After the power-on reset, the newly entered UCBs are read by the CPU and the HSM is started accordingly.
|
Configure HSM via View / Aurix / UCB / Extra Commands / Configure HSM. |
In the Configuration section:
•Tick HSM Boot Enable
•Specify HSM Boot Logical Sector Indexes according to the location of your HSM boot code
•In the UCBs to program section, choose those UCBs you want to program.
More resources
