Single MCU Solution for Safety-Related Applications Using TrustZone
TrustZone® (TZ) technology often gets associated with safety-related applications, like protecting cryptographic keys or hardware resources from unauthorized exposure. By reducing the attack surface and strictly enforcing the access policy, it is possible to create an on-chip environment safeguarding the misuse of such valuable resources.
Generalizing from the security-focused use case, what TZ really provides is hardware isolation of resources within a processing context, so generally applicable to other environments, where IEC 60730 normative requirements must be fulfilled. Those norms define several classes or categories of appliances and strive for the safe operation of automatic electrical controls within a household. The classification in categories A, B, or C is tied to the type of appliance and the threats it might pose to human beings during operation. Class A products do not provide potentially harmful features or functions. Class B appliances need to implement control functions that can prevent an unsafe operation of the controlled equipment. A washing machine is a good example, with sensors to stop operation as soon as the appliance temperature exceeds the safe operational limit, or a door lock preventing an operator from accessing the loading drum during an ongoing washing cycle. The related software includes code meant to prevent hazards if a hardware fault occurs.
Class C is more demanding since the control functions must prevent especially dangerous and harmful hazards like explosions. A typical example of such a system is an automatic burner control. Such type of software requires more strict controls, as deep and thorough diagnostics are necessary since a fault in the safety critical software routine will result in a hazard. This is because a failure in one function is not assumed to be mitigated by intervention of another software safety routine, or by redundant hardware. Several annexes to the main norm define the software evaluation requirements, down to the electronics controls. Broadly speaking, the norms discuss the embedded components (i.e., system implementation aspects) that must be tested to comply with Class B and Class C. At the same time, the norms list a few measures required to ensure safe and reliable operation.
Within the RA6 and RA4 MCU family, Arm® Cortex®-M33 CPU-based devices provide support for Arm TrustZone-M. TrustZone technology defines a secure or non-secure state within the CPU context, isolating user threads and interrupts from executing while in the non-secure state from those executing in the secure state. A secure program (located in an executable memory region marked as secure) can access both secure and non-secure data and executes only while the CPU is in a secure state. A non-secure program (in non-secure executable memory) can access non-secure data only and executes only while the CPU is in a non-secure state; any violating transaction is blocked, and a secure fault exception (interrupt) is issued. The non-secure environment can interact with the secure portion by using a controlled, user-defined, non-secure callable functional interface. The RA hardware supports a convenient granularity for defining the TZ memory section boundaries, to optimize their allocation.
At the system level, the asset isolation policy is similarly applied to on-chip memories, bus initiators like direct memory access (DMA) controllers, peripherals, and I/O ports. All bus initiators feature security attributes that allow allocation of their operation within one of the two domains, identifying each generated transaction as either secure or non-secure. Illegal transactions generate system exceptions for appropriate user-configurable error handling. To ensure system integrity, all transfers violating the policy are either rejected upfront or stopped as soon as the violation is detected.
On the receiver side, TZ filters are implemented to monitor all bus transactions, allow the legitimate ones to proceed, and block the non-allowed ones, according to the user-defined system configuration. In addition, every peripheral functional interface (memory mapped registers) has dedicated security attributes for either all its registers, for each channel (applicable to multi-channel instances), or at the individual bit level (for shared system level settings, or general-purpose I/O modules). Complementary hardware features like application watchdogs, independent watchdogs, and MPUs, assist the developer in enhancing system resilience and supporting the safety-relevant Class C software in monitoring the operation of the non-safety-related application portion. This is mandatory to react appropriately and ensure the system is always in a safe and controlled state of operation.
As for the configuration of the application and the drivers, RENESAS has developed a clever and simple-to-use tool, integrated within the e2 studio development environment, to guide the user in creating a secure and non-secure project in a few easy steps. Under the hood, the tool takes care of generating all appropriate compiler primitives and macros necessary to handle the configured non-secure callable interfaces and function stubs. It also assists in allocating the memory layout automatically in a size-optimized way and generating the secure and non-secure sections for later seamless programming of the application image.
Noticeably, TrustZone as a tool by itself does not comply with the Class C standard requirements. Just using TrustZone does not mean creating or being compliant with the requirements of a software system for Class A and C; the final software evaluation and the testing according to abnormal operation (operation under fault conditions of hardware) is not substituted by simply using TrustZone. It is still the manufacturer’s responsibility to use the TrustZone and MCU environment correctly and completely to fulfill the requirements of the standard.
However, TrustZone as a tool and its implementation on the RA family of microcontrollers can support the software manufacturer in creating a software system of software Class A and C within one single microcontroller. This statement has been confirmed by VDE, and the respective test report (about the result of a singular investigation carried out on the product submitted, of which a sample was tested) found the accordance with the thereafter listed [Standards] or clauses from the relevant [Standards], see footnote.
Renesas has created a technical note that details how the RA MCU features can support the creation of a Class C application. Developers can contact Renesas to get more information on this solution advancement and get the full test report information.
[Standards] IEC 60335-1:2010, /AMD1:2013, /AMD2:2015 Annex R; EN 60335-1:2012+AC+A11+A13+A1+A2+A14:2019; EN 60335-1:2012/A15:2021 Annex R; IEC 60730-1:2013, /AMD1:2015, /AMD2:2020 Annex H; EN 60730-1:2016+A1:2019, EN 60730-1:2016/A2:2022 Annex H
- |
- +1 赞 0
- 收藏
- 评论 0
本文由翊翊所思转载自RENESAS Blogs,原文标题为:Single MCU Solution for Safety-Related Applications Using TrustZone,本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。
相关研发服务和供应服务
相关推荐
【应用】瑞萨的RZ/G1M嵌入式多核处理器(MPU)帮助相机系统实现了实时图像处理,最大总线频率高达800MHz
瑞萨支持网络摄像机的主要设备,从高分辨率和高清CMOS图像传感器,到具有图像处理功能和显示功能的MPU,到用于摄像机电机控制的MCU。瑞萨还通过提供更智能的图像识别和身份验证应用软件,帮助用户提高产品价值。瑞萨的RZ/G系列MPU扩展了RZ/A MPU的功能,通过摄像头输入、3D图形加速器、全高清视频编解码器和GbE等功能,为图形,多流视频和嵌入式视觉提供高端性能。
应用方案 发布时间 : 2019-04-30
RENESAS Provides Gigabit Industrial Ethernet Solution with Latest RZ/N2L MPU, Running at 10Mbps or 100Mbps
Industrial Ethernet and time-sensitive networks (TSNs) are on the rise. They are very common in the industrial communication domain utilizing protocols like EtherCAT or PROFINET. In the past, these systems were running at 10Mbps or 100Mbps; however, the hunger for more speed was inevitable. New systems need to be capable of 1Gbps to further decrease latency and increase the amount of data transferred per second by a factor of 10 simultaneously.
应用方案 发布时间 : 2023-08-25
【应用】具备3D图形引擎/视频编解码器的瑞萨高性能MPU,助力智能停车场控制系统设计
对于现代智能停车场管理系统,在系统设计中,本文推荐Renesas提供的MPU解决方案——RZ/G1N和RZ/G1M高端MPU,采用1.5 GHz双核CPU,具备3D图形和视频编解码器引擎,支持全高清视频编码和解码,具备极高的数据处理性能。是智能停车场管理系统图像处理的理想选择。
应用方案 发布时间 : 2018-08-28
Renesas(瑞萨)电机控制微控制器(MCU)选型指南
目录- 电机MCU路线图 电机驱动推荐微控制器 16位RL78电机控制MCU RX-T电机控制MCU RA-T电机控制MCU RA-T系列主要特性 RISC-V电机专用MCU 电机控制解决方案
型号- RX200,RX6XT,RX23T,RX71M,RX2XT,RA6T3 GROUP,RISC-V-MC,RA-T,RA-T系列,RX600,RX6XX,RX63T,RX66T,RA4T1,RA6T2,RX66N,RA6T1,RX26T,RA8T2,RA6T3,RA8T1,RX62G,RA4T1 GROUP,RX-T,RA,MCK-XXXXX,RL78/G14,RA6T1 GROUP,RL78,RX74T,RX62T,RX65X,RX13T,RX7XT,RX,RX100,RISC-V,RL78/G1F,RL78/G1G,RX1XT,RL78/G24,RX7XX,RA6T2 GROUP,RX24T,RX72M,RX24U,RX72N,RA2,RA4,RXV2,RXV3,RA6,RXV1,RA8,RA-T 系列,RX23X,RX72T
【经验】解析瑞萨RA家族MCU的主要区别及命名规则
目前瑞萨电子(Renesas)已经发布的RA产品家族MCU主要包括四个系列即RA2系列、RA4系列和RA6系列,以及计划发布的RA8系列。有很多客户不了解RA家族处理器的主要区别和命名规则,本文讲详细讲解。
设计经验 发布时间 : 2022-04-20
32-BIT MCU FAMILY RENESAS RA2E3 GROUP
型号- RA FAMILY,RA2,RA4,R7FA2E3053CNE,R7FA2E3053CNH,RA6,R7FA2E3052DNE,RA8,R7FA2E3073CNE,RA2E3 GROUP,RA2E3,R7FA2E3053CFJ,R7FA2E3053CFL,R7FA2E3052DFJ,R7FA2E3073CNH,R7FA2E3052DFL,R7FA2E3072DNE,R7FA2E3072DNH,R7FA2E3073CFL,R7FA2E3072DFJ,R7FA2E3052DNH,R7FA2E3072DFL,R7FA2E3073CFJ
【选型】Renesas(瑞萨电子) RL78系列16位MCU选型指南
目录- RL78家族特点 通用型MCU LCD MCU ASSP 智能模拟 汽车 开发环境&开发工具 解决方案 产品一览表 封装
型号- R5F104PFAFA,R5F101PHAFB,R5F104PFAFB,R5F10BAFLSP,R5F101PHAFA,R5F113TJLFB,R5F110MEAFB,R5F10JGCAFB,R5F10AACLSP,R5F10AGCLNA,R5F111MHAFB,R5F10WMGAFA,R5F10WMGAFB,R5F101ACASP,R5F104JHAFA,R5F101JJAFA,R5F104BDANA,R5F101BFANA,R5F10PADLSP,R5F1006EASP,R5F101FDAFP,R5F100LJAFA,R5F100LJAFB,R5F100JGAFA,R5F101LCABG,R5F104CFALA,R5F1018CALA,R5F100BCANA,R5F10Y14ASP,R5F100FLAFP,RL78-S2,R5F100EHANA,R5F11MMDAFB,R5F10PGFLFB,R5F100MKAFB,R5F100MKAFA,R5F100CEALA,R5F10BLELFB,R5F100FAAFP,R5F104AAASP,R5F100SJAFB,RL78/F1X,R5F113GLLFB,R5F10BGFLNA,R5F10WLEAFB,R5F104GCAFB,R5F10KGCANA,R5F10WLEAFA,R5F101GCANA,R5F110PJAFB,R5F11BGEAFB,R5F10369ASP,R5F10BMFLFB,R5F100EGANA,R5F113MKLFB,R5F104LJAFP,R5F100GJANA,R5F10278ANA,R5F100MLAFB,R5F1176AGSP,R5F11FLLANA,R5F100FKAFP,R5F100CFALA,R5F10AGELFB,R5F111NGALA,R5F104LJAFA,R5F104LJAFB,R5F10JBCANA,R5F104LHALA,R5F100MLAFA,R5F101SLAFB,R5F101GFAFB,R5F10ALCLFB,R5F10WLFAFB,R5F104BFAFP,R5F104GDAFB,R5F10WLFAFA,R5F11EF8AFP,R5F10PPHLFB,R5F104GLANA,R5F10BGGLNA,R5F1017AANA,R5F10AADLSP,R5F10RFCAFP,R5F110MFAFB,R5F101LLAFA,R5F104JGAFA,R5F104BCANA,R5F1006DASP,R5F10NLE/G,R5F1008AALA,R5F101FEAFP,R5F110NEALA,R5F100AAASP,R5F104GAANA,R5F10RF8AFP,R5F11EAAASP,R5F100JHAFA,R5F10MPEDFB,R5F100BDANA,R5F104CEALA,R5F104MKAFA,R5F10MPGDFB,R5F104MKAFB,R5F10PGELFB,R5F113GKLNA,R5F11MMEAFB,R5F100GLANA,R5F10367ASP,R5F100MJAFA,R5F100MJAFB,R5F10AGGLFB,R5F117BAGFP,R5F10NPJDFB,R5F100LJABG,R5F100GDAFB,R5F104LLAFB,R5F104LLAFA,R5F104LJALA,R5F100SKAFB,R5F101GDANA,R5F10PPJLFB,R5F101PGAFA,R5F10277ANA,R5F10BAELSP,R5F113TKLFB,R5F101PGAFB,R5F101LEABG,R5F10AGDLNA,R5F100GAANA,R5F10NMJ/G,R5F107AEMSP,RL78/G10,R5F101BEANA,RL78/G11,R5F10PMFLFB,RL78/G12,RL78/G13,RL78/G14,R5F101GGAFB,R5F104BEAFP,R5F104FCAFP,R5F101CGALA,R5F100JFAFA,R5F113TLLFB,R5F101LDABG,R5F10BADLSP,R5F11BLCAFB,RL78/G1A,RL78/G1C,RL78/G1D,RL78/G1E,RL78/G1F,RL78/G1G,RL78/G1H,R5F117GAGFB,R5F10BLFLFB,R5F101AAASP,R5F10PMELFB,R5F101BDANA,R5F10RLAAFB,R5F101FFAFP,R5F10AAELSP,R5F10EGAAFB,R5F100BEANA,R5F101CFALA,R5F104FDAFP,R5F10RLAAFA,R5F10Y16ASP,R5F104CDALA,R5F10368ASP,R5F10PGDLFB,R5F104MLAFB,R5F10BMGLFB,R5F11MMFAFB,R5F100GKANA,R5F104MLAFA,R5F101JKAFA,R5F101LCAFA,R5F11768GSP,R5F101LCAFB,R5F100CGALA,R5F10AGFLFB,R5F111NHALA,R5F101GEANA,R5F110PHAFB,R5F100GCAFB,R5F104LKAFB,RL78/F12,RL78/F13,R5F101SKAFB,R5F11B7CANA,R5F11CBCGNA,RL78/F14,R5F104LKAFA,RL78/F15,R5F100SLAFB,R5F1018DALA,R5F104GEAFB,RL78/G1X,R5F10WLGAFA,R5F10WLGAFB,R5F11BGCAFB,R5F101EHANA,R5F101LFABG,R5F104LHAFP,R5F10FMCAFB,R5F10Y46ASP,R5F11BLEAFB,R5F100LCABG,R5F104BGANA,R5F10AGCLFB,R5F10JGCANA,R5F104JEAFA,R5F110PGAFB,R5F104LHAFB,R5F104LHAFA,R5F100PHAFA,R5F100PHAFB,R5F101GHAFB,R5F104LFALA,R5F10PPFLFB,R5F10268ASP,R5F113TGLFB,R5F10BGCLNA,R5F104FJAFP,R5F100JJAFA,R5F113GLLNA,R5F104MJAFA,R5F100ACASP,R5F104MJAFB,R5F10ABDLNA,R5F102A8ASP,R5F1016EASP,R5F101LEAFB,R5F101LEAFA,R5F101PKAFA,R5F101PKAFB,R5F100FDAFP,R5F111NEALA,R5F10PGFLNA,R5F101FGAFP,R5F100GEAFB,R5F10BGFLFB,R5F101MFAFA,R5F104EFANA,R5F101MFAFB,R5F11MPFAFB,R5F100BFANA,R5F104GKAFB,R5F10E8DALA,R5F10AAALSP,RL78/I1A,RL78/I1B,RL78/I1C,RL78/I1D,R5F101LDAFA,RL78/I1E,R5F104ACASP,R5F101LDAFB,R5F101JLAFA,R5F101GFANA,R5F101EGANA,R5F11MPEAFB,R5F104GLAFB,R5F104GAAFB,R5F104LGAFP,R5F10RBAAFP,R5F10WLCAFA,R5F10WLCAFB,R5F111MEAFB,R5F10PGHLFB,R5F113LLLFB,R5F101BCANA,R5F104LGAFB,R5F107ACMSP,R5F104BFANA,R5F10WMDAFB,R5F11CBCMNA,R5F100FCAFP,R5F104LGAFA,R5F10WMDAFA,R5F100PGAFA,R5F100SHAFB,R5F104LEALA,R5F100PGAFB,R5F10PPELFB,R5F101CEALA,R5F10BGDLNA,R5F113THLFB,RL78/I1X,R5F100ADASP,R5F10ABELNA,R5F10WLDAFB,RL78/L1A,R5F100GDANA,R5F11FLJANA,R5F101LFAFB,RL78/L1C,R5F100FEAFP,R5F100EAANA,R5F101LFAFA,R5F10PGELNA,R5F101FHAFP,R5F10BGGLFB,R5F117BAGNA,R5F101CDALA,R5F11MPGAFB,R5F10RLCAFA,R5F104EGANA,R5F10RLCAFB,R5F10WLDAFA,R5F100BGANA,R5F11EFAAFP,R5F100LKAFA,R5F11EA8ASP,R5F111MGAFB,R5F104GJANA,R5F10AGDLFB,R5F10EGCAFB,R5F10WMFAFA,R5F10WMFAFB,RL78/L1E,R5F10MMEDFB,R5F10BLDLFB,R5F111NFALA,R5F101GGANA,R5F11BCEALA,R5F104LGALA,R5F1007EANA,R5F10267ASP,R5F100LKAFB,R5F110PFAFB,R5F104CGALA,R5F10BMELFB,R5F10PPGLFB,RL78/L1X,R5F101EFANA,R5F10PAELSP,R5F100LLAFB,R5F10AGALNA,R5F10PGGLFB,R5F111MFAFB,R5F100LLAFA,R5F104EHANA,R5F104GKANA,R5F102A9ASP,R5F113LKLFB,RY7011A0000DZ00,R5F10EGDAFB,R5F101PJAFA,R5F101PJAFB,R5F10A6ALSP,R5F10KBCAFP,R5F10WMEAFA,R5F104JFAFA,R5F10BLCLFB,R5F117BCGFP,R5F104BEANA,R5F1006CASP,R5F100GFAFB,R5F101GJAFB,R5F10WMEAFB,R5F100PFAFB,R5F101MGAFB,R5F10BGELNA,R5F100PFAFA,R5F10266ASP,R5F10RLAANB,R5F110PEAFB,R5F1018AALA,R5F101MGAFA,R5F100AEASP,R5F10EGAANA,R5F101LGABG,R5F10E8EALA,R5F10FMDAFB,R5F10Y47ASP,R5F104BGAFP,R5F10279ANA,R5F10BAGLSP,R5F113MLLFB,R5F10PGDLNA,R5F100GCANA,R5F111PJAFB,R5F11FLKANA,R5F11BBEAFP,R5F101JCAFA,R5F1026AASP,R5F10RJAAFA,R5F104FAAFP,R5F10NMJDFB,R5F107DEMSP,R5F110NJALA,R5F100MFAFB,R5F100MFAFA,R5F1037AANA,R5F1007CANA,R5F111PGAFB,R5F10A6CLSP,R5F10PMJLFB,R5F100GHAFB,R5F10BBDLNA,R5F10BGCLFB,R5F104GFANA,R5F100LFABG,R5F104MGAFB,R5F104MGAFA,R5F101GHANA,R5F104ECANA,R5F104LEAFP,R5F101EEANA,R5F10RBCAFP,R5F104AFASP,R5F104PKAFB,R5F101BAANA,R5F100GEANA,R5F104LEAFA,RL78/G1,R5F104LEAFB,R5F104FGAFP,R5F101GKAFB,R5F101JEAFA,R5F11BBCAFP,R5
瑞萨MCU全览
型号- RX200,RX14X,RA4M1,RA6M1,RA4M3,RA4M2,RA6M3,RA8M1,RA6M2,RA6M5,RA2E1,RA6M4,RA4E1,RA2E3,RA2E2,RX23E-B,RA6E1,RA2A1,RA4E2,RA6E2,RX600,RX6XX,RX66X,RA4T1,RA6T2,RA6T1,RX26T,RA6T3,RA2L1,RA,RE,RA8D1,RL78,RX65X,RX,RX100,RX64X,RX72X,RX24X,RX700,RX7XX,RA2,RA4,RA6,RA8,RX系列,RX71X,RH850,RX23X,RX67X,RA4W1
32-BIT RENESAS RA FAMILY MCU RA2L1 - LOW POWER INTRODUCTION
型号- R7FA2L1AB2DFP#AA0,R7FA2L1A93CFP#AA0,R7FA2L1AB3CNE#AA0,R7FA2L1A92DFN#AA0,RA2E1,R7FA2L1AB3CFM#AA0,R7FA2L1A93CFL#AA0,R7FA2L1A92DFL#AA0,RTK7EKA2L1S00001BE,R7FA2L1AB2DFN#AA0,R7FA2L1A92DFM#AA0,R7FA2L1AB3CFL#AA0,RA2,R7FA2L1A92DFP#AA0,R7FA2L1AB3CFP#AA0,R7FA2L1A93CNE#AA0,R7FA2L1AB2DNE#AA0,RA4,RA6,RA8,RA2L1,RA2 SERIES,R7FA2L1AB2DFM#AA0,R7FA2L1A93CFN#AA0,RTK0EG0022S01001BJ,EK-RA2L1,R7FA2L1AB2DFL#AA0,R7FA2L1A93CFM#AA0,R7FA2L1AB3CFN#AA0,RA FAMILY
【经验】解析瑞萨MPU RZ/T1 SPI总线通信功能配置方法
当我们使用瑞萨(Renesas)MPU RZ/T1做项目开发时,基本都会用到SPI总线通信的功能,SPI总线通信速率较快很适合在单片机板级之间进行数据交互,本文将介绍使用瑞萨开发环境配置生成RZ/T1 SPI总线驱动程序的方法。
设计经验 发布时间 : 2022-05-02
【经验】瑞萨MPU RZ/T1使用SSC生成EtherCAT CiA402协议栈方法
瑞萨MPU RZ/T1支持EtherCAT网络设计,如何使用协议栈工具生成相对应的EtherCAT从机栈代码呢,本文主要就Beckhoff工具生成EtherCAT CiA402协议栈方法做相关介绍。
设计经验 发布时间 : 2021-12-26
【IC】瑞萨推出全新超高性能产品业界首款基于Arm® Cortex®-M85处理器的MCU RA8系列
瑞萨RA8系列MCU是业界首款采用Arm® Cortex®-M85处理器的产品,提供卓越6.39 CoreMark/MHz(注)性能——这一性能水平将使系统设计人员能够使用RA MCU替代应用中常用微处理器。
产品 发布时间 : 2023-11-02
【经验】瑞萨MPU RZ/T1使用code generator生成SCI的初始代码方法
工程师初次使用瑞萨(Renesas)RZ/T1系列MPU时,可能不知道SCI该如何配置波特率,中断入口,中断标志位等。本文将介绍RZ/T1系列MPU利用code generator生产SCI的配置方法。
设计经验 发布时间 : 2022-04-22
【经验】瑞萨MPU RZ/T1使用双寄存器切换开启DMA传输的方法介绍
在项目中使用瑞萨(Renesas)MPU RZ/T1做从机接收大量数据时,为了传输和接收数据效率,我们会启用DMA传输的功能,有时候项目中需要传输的是两块数据,这时候我们可以使用双寄存器切换的方式来完成,本文主要介绍启用双寄存器切换启用DMA传输的方法。
设计经验 发布时间 : 2022-06-25
电子商城
现货市场
服务
可定制显示屏的尺寸0.96”~15.6”,分辨率80*160~3840*2160,TN/IPS视角,支持RGB、MCU、SPI、MIPI、LVDS、HDMI接口,配套定制玻璃、背光、FPCA/PCBA。
最小起订量: 1000 提交需求>
可烧录IC封装SOP/MSOP/SSOP/TSOP/TSSOP/PLCC/QFP/QFN/MLP/MLF/BGA/CSP/SOT/DFN;IC包装Tray/Tube/Tape;IC厂商不限,交期1-3天。支持IC测试(FT/SLT),管装、托盘装、卷带装包装转换,IC打印标记加工。
最小起订量: 1pcs 提交需求>
授权代理品牌:集成电路
授权代理品牌:分立元件
授权代理品牌:接插件及结构件
授权代理品牌:部件、组件及配件
授权代理品牌:电源及模块
授权代理品牌:电子材料
授权代理品牌:仪器仪表及测试配组件
授权代理品牌:电工工具及材料
授权代理品牌:机械电子元件
授权代理品牌:加工与定制
我要提问
登录 | 立即注册
提交评论