...
The main objectives One SDK are: (1) protect and monetize Firmware IP; (2) faster time-to-market; and (3) reduce solution cost. One SDK protects Firmware IP such as FG algorithm and TCPM by leveraging hardware security such as ARM Trust Zone or by software security such as encryption. One SDK also supports faster time-to-market by combining FG and TCPM with other value-added firmware features, such as combining BMS features such as FG and TCPM with CAN and Bluetooth by pairing the firmware with ready-made Renesas MCUs that have the required hardware peripherals.
1.3.2 Trust Zone (TZ)
One SDK leverages ARM Trust Zone for firmware IP protection. Trust Zone is a hardware-enforced code and data memory protection mechanism. In a TZ enabled MCU, memory and peripherals are divided into two worlds: Secure (S) and Non-Secure (NS). After power-on-reset (POR), TZ-enabled MCU always enters the S world, typically running a bootloader or a startup code that sets up the boundaries of S and NS memories, with the protected IP stored in S memory, which can execute, but not read or written to as data. NS code can call S code and vise versa through special vector tables located in Non-Secure Callable (NSC) memory.
1.3.2.1 Secure and Non-Secure project organization
Renesas e2studio/FSP simplified Trust Zone support by allowing a S project and its corresponding NS project to interoperate in the same workspace, such that when the compiled firmware is loaded into the MCU, S code/data are loaded into TZ protected memory, and NS code/data are loaded into NS memory.
- Describe Secure Bundle distribution model
- How to place "secret sauce" in secure memory
- How to call S code from NS code
- How to call NS code from S code
2.3 Create your first "Blinky" project
- S and NS co-reside in the same workspace
- Create Secure Project (S) - add Bootloader to set up S, NS and NSC memory map
- Show where S calls into NS code
- Create Non-secure Project (NS) - add FreeRTOS
- Build and Run
- Show the S to NS code flow to end up blinking LEDs
- Show where to find the *.sbd file
1.3.3 One SDK supported MCUs
One SDK supports RL78, Cortex M0+, M23 and M33. RL78 is largely for supporting legacy BMS FGIC. Cortex M0+ is for 1S FGIC support. Cortex M23 is largely for high-cell count BMIC support. Cortex M33 is for high-cell count BMC/FGIC support and motherboard MCU support. One SDK supported MCU shall have catalog firmware pre-programmed in Flash. For M23 and M33 which has Trust Zone support, the IP shall be protected by Trust Zone. None-secured firmware can be overwritten to reclaim the Flash memory. Due to the lack of HW security, firmware for RL78 and M0+ have to be developed by Renesas to protect the firmware IP and limiting Flash data readout. Below shows stated policy. The scenarios enclosed by dotted red lines are considered "sticky", i.e., customer developing fond dependence on due to attractive features, ease of use, or value gain.
...
The main benefit of Trust Zone is to enable OEM /ODM to customize the device firmware with Renesas "secret sauce" IP pre-programmed into the device. For MCU without TZ support, such as CM0Cortex M0+ and RL78, there will be no Factory state, and therefore the Factory State will be bypassed resulting in the below state transition diagram:
...
Firmware update involves a host writing new code/data into secure and non-secure flash memories using the CMD_FLASH_WR command by parsing the firmware in Intel HEX file format or Motorola S-Record file format generated from the firmware build process. Then the host can setup set up the Trust Zone memory boundaries by writing to the the IDAU registers.
...
- Describe Secure Bundle distribution model
- How to place "secret sauce" in secure memory
- How to call S code from NS code
- How to call NS code from S code
2.3 Create your first "Blinky" project
- S and NS co-reside in the same workspace
- Create Secure Project (S) - add Bootloader to set up S, NS and NSC memory map
- Show where S calls into NS code
- Create Non-secure Project (NS) - add FreeRTOS
- Build and Run
- Show the S to NS code flow to end up blinking LEDs
- Show where to find the *.sbd file
...