...
When e2studio/FSP is used, the S project and NS project reside in the same workspace and are linked to one another.
1.3.5 S code calling NS code
e2studio can generate NSC veneer.
Access to NSC drivers from a Non-secure project is possible through the Guard APIs. The FSP automatically generates guard functions for all the top-of-stack/driver APIs configured in the Secure project as Non-secure Callable. Example below:
1.3.5 Creating user-defined NSC functions
One can create a customized NSC API in the Secure project to expose only the top-level control of your algorithms and store the IP in the Secure Arm® Trust Zone® region. Precautions mentioned previously should be exercised during the creation of the user-defined NSC API.
The steps to create a customized NSC API are:
- Create the Non-secure Callable custom function by declaring the function with BSP_CMSE_NONSECURE_ENTRY.
- Create a header file that includes all the customized NSC function prototypes, for example, my_nsc_api.h.
- Include the path to the NSC header using the Build Variable as shown in below figure.
- Compile the Secure project to create the Secure Bundle. The NSC header will be automatically extracted for use in the Non-secure project.
1.3.5 S code calling NS code
If FreeRTOS is selected and there is access to NSC functions from a Thread in the Non-secure project, it is necessary to enable Allocate secure context for this thread in the configurator for that Thread.
1.3.6 USB debug interface setup
There are some prerequisites prior to setting up the MCU IDAU regions. From the factory, RA MCUs are delivered to the developer in the CM (Chip Manufacturing) lifecycle state. The MCU must be transitioned to SSD (Secure Software Development) lifecycle state prior to setting up the IDAU regions. Transitioning from CM State to SSD State and setting up the IDAU region can only be achieved using the MCU’s boot mode, which can only be accessed using an SCI/USB connection. To benefit from the tools' support, developers need to bring the MCU Mode pin (MD) and SCI pins to the Debug interface. Special debugger firmware has been developed to manage to bring the device up in SCI boot mode to set up the IDAU registers (automatically drives MD pin) and then switch back to debug mode as needed.
<Verify that FSP-RA4E1 has the same>
When developing with e2studio and using Renesas evaluation kits for Trust Zone MCUs, the MCU is automatically transitioned from the CM state to the SSD state when the first secure program is downloaded to the MCU if the above required connection is provided.
1.3.6 Configure IDAU using e2studio
Renesas Device Partition Manager (RDPM) can be used to setup the IDAU regions.
When using e2 studio, the necessary values to set up the Trust Zone® memory partition (IDAU registers) are calculated after the binary code to program into the Secure region is created by building the Secure project. The regions are set up to ensure that they match the code and data sizes and keep the attack surface as small as possible. If the hardware connection mentioned above is provided in the PCB design, there is no need to use the RDPM manually to set up the IDAU region. Setting up the IDAU region when developing with e2 studio is a transparent process for most applications.ddd
2.3 Create your first "Blinky" project
...
- RA Flexible Software Package Users Manual
- Security Design with ARM Trust Zone using Cortex M33
- Renesas Device Life Cycle Management Key Injection
- Renesas Device Life Cycle Management for Cortex M33
- RA4E1 device data sheet
- Segger J-Link RTT
- J-Link Telnet Interface
- J-Link SDK
...