winIDEA Help

In this topic:

•Preventing device lock

•Requirements

•Configuration steps

•Programming the TriCore application and the HSM code

 

 

Introduction

This topic describes a procedure of programming an HSM application through winIDEA on Infineon AURIX TC3xx devices.

The HSM (Hardware Security Module) is an optional module available on selected AURIX devices.

 

The HSM protection is configured in the User Configuration Block (UCB). UCBs serve as vital repositories of critical settings and configurations that drive the behavior and functionality of SoC features. They play a pivotal role in ensuring unmatched configurability. UCBs allow developers to define and configure crucial settings such as:

•Reset vector

•RAM initialization

•Hardware Security Module (HSM) configuration

•Logic Built-In Self-Test (LBIST)

•FLASH protection

•etc.

 

Through winIDEA, you can program an HSM application and configure the UCB (User Configuration Block) which is required to enable the HSM on your AURIX device.

 

Preventing device lock

•Devices or cores can be locked or hidden by the silicon vendor. Refer to Device/core is hidden or locked for more information.

•Read your AURIX device reference manual carefully

•Be cautious when debugging the HSM core: programming or erasing HSM-reserved FLASH sectors may lock the device.

•Wrong UCB data can permanently lock the device. Use winIDEA Demo Mode before FLASH programming to check if all UCB sectors contain correct data.

•The number of UCB writes is limited. Check your TriCore device documentation for exact limits.

•Uncheck the <UCB_device> box once UCB is programmed.

•Use the Image Checker during UCB or HSM code programming.

•HSM application programming and UCB configuration must be done carefully. Misconfiguration can lock the chip.

 

 

 

Requirements

•winIDEA 9.21.0 or newer

•iC7/iC5000/iC5700 BlueBox

oiC7: Infineon AGBT/SGBT Active Probe / Infineon DAP/DAPE Active Probe

oiC5: Infineon AGBT/SGBT Active Probe / Infineon DAP/DAPE Active Probe / 10-pin 1.27 mm Infineon DAP2 Wide Debug Adapter / 22-pin ERF8 DAP2 Debug Adapter

 

 

Configuration steps

The proper procedure to program your HSM application can be summarized in two steps:

1. Programming the TriCore application and the HSM code.

2. Enabling the HSM in the UCB.

 

Programming the TriCore application and the HSM code

1. Set the Image checker to Reject programming in Hardware | CPU Options | Debugging to prevent chip locking by misconfiguration.

 

 

2. Verify Program Files in Debug | Configure Session | SoC | Program Files.

For the regular TriCore application(s) and for the HSM.

 

 

 

Enabling the HSM in the UCB

1. Enable UCB in Hardware | Options | Programming.

 

 

 

2. Establish a Debug Session via Debug | Load Symbols Only.

 

3. Configure the boot mode headers via View | AURIX | UCB | Set Startup Address.

Specify:

•Address of your primary application

•Startup mode

•UCB you would like to program.

At least one valid boot mode header needs to be programmed before enabling the HSM.

 

 

4. Check the validity of the programmed boot mode header.

Make sure that the CPU0 boots correctly.

a. Disable presenting the CPU0 program counter by setting Hardware | CPU Options | Cores | CPU0 | Preset PC after stopped in init to Do not preset.

b. Reset the CPU via Debug | Reset and observe its reset vector.

 

 

In case of any security violation, programming is rejected. This completes the configuration. After the power-on reset, the newly entered UCBs are read by the CPU and the HSM is started accordingly.

 

5. Configure HSM in View | AURIX | UCB | Extra Commands | Configure HSM.

In the Configuration section:

•Tick HSM Boot Enable

•Specify HSM Boot Logical Sector Indexes according to the location of your HSM boot code

•In the UCBs to program section, choose those UCBs you want to program.

 

 

 

More resources

•UCB plugin

•Image checker

•Demo mode

•Load Map