Arm® TrustZone® Getting Started Application on SAM L11 MCUs

Objective

This tutorial shows you how to create an Arm^® TrustZone^® feature application on SAM L11 microcontroller (MCU) using MPLAB^® Harmony v3 software framework.

The SAM L11 MCU is the implementation of the Arm TrustZone 45r for an ARMv8-M device. TrustZone for an ARMv8-M device is based on specific hardware that is implemented in the Arm Cortex^®-M23 core, which is combined with a dedicated Secure instructions set. It allows the creation of multiple software security domains that restrict access to selected memory, peripherals, and I/O to trusted software without compromising the system's performance. The TrustZone technology enables secure and non-secure code to run on a single MCU.

For a detailed explanation of security features available on the Microchip SAM L11 MCU, go through the "SAM L11 Security Reference Guide".

MPLAB Harmony v3 is a flexible, fully integrated embedded software development framework for 32-bit microcontrollers (MCUs) and microprocessors (MPUs). MPLAB Code Configurator (MCC) includes the MPLAB Harmony v3 Framework, a set of modular Peripheral Libraries (PLIBs), drivers, system services, middleware, and numerous example applications, all of which are designed to help you quickly and easily develop powerful and efficient embedded software for Microchip’s 32-bit PIC^® and SAM devices. Also, the MPLAB Harmony v3 provides a TrustZone environment to develop security applications on different secured MCUs and MPUs like SAM L11, SAM A5D2, and SAM A5D4.

The application makes use of the SAM L11 Xplained Pro Evaluation Kit and the I/O1 Xplained Pro Extension Kit (sold separately).

The application has two projects pertaining to Secure and Non-secure modes of SAM L11, that work together on the same MCU and offers security isolation between the trusted and the non-trusted resources of the device.

The Secure mode application reads the current room temperature from the temperature sensor on the I/O1 Xplained Pro Extension Kit every 500 milliseconds. Additionally, the secure application writes the temperature readings to EEPROM and reads when a request is received from the Non-secure mode application. Also, an LED (LED0) is toggled every time the temperature is displayed on the serial console. The periodicity of the temperature values reading can be changed to 1 second, 2 seconds, 4 seconds, and back to 500 milliseconds every time the user presses the switch SW0 on the SAM L11 Xplained Pro Evaluation Kit. The temperature readings are transferred to a Non-secure mode application when it requests to secure application through Non-Secure Callables (NSC).

The Non-secure mode application requests the Secure mode application to get the current temperature values and the Non-secure mode application prints them on a serial console. Further, when it receives a request from the user (in the form of a key press on the serial console), it requests a Secure mode application to retrieve the last five stored temperature values in the EEPROM. The Non-secure application prints the last five stored temperature values on the console.

The application you create will utilize:

• Secure PORT Pin to toggle the LED (By default, all PORT pins are secure)
• Secure SERCOM (configured as I²C) PLIB to read the temperature from a temperature sensor
• Secure Real-Time Clock (RTC) PLIB to periodically sample temperature sensor data
• Secure External Interrupt Controller (EIC) PLIB to change the periodicity of temperature sensor data read using switch SW0 press event
• Non-secure SERCOM (configured as Universal Synchronous Asynchronous Receiver Transmitter (USART)) and Non-secure Direct Memory Access (DMA) PLIBs to print the temperature values on a COM (serial) port terminal application running on a PC
• Non-secure PORT Pins (USART Pins only) to communicate with the serial terminal

In the process, the lab will also demonstrate the use of callback functions.

Two Ways to Use This Tutorial

1. Create the project from scratch:
   • Use the provided source files and step-by-step instructions.
2. Use the solution project as an example:
   • Build the solution project and program it to the SAM L11 Xplained Pro Evaluation Kit to observe the expected behavior.

Lab Objectives

1. Create an MPLAB X IDE Harmony v3 TrustZone project for a SAM L11 microcontroller from scratch.
2. Use MCC to configure and generate Harmony v3 PLIBs code for the following peripherals in Secure mode:
   • RTC
   • I²C
   • EIC and
   • PORT pin to toggle LED.
3. Use MCC to configure and generate Harmony v3 PLIBs code for the following peripherals in Non-Secure mode:
   • USART
   • DMA
   • PORT pins for USART.
4. Use the Harmony v3 PLIB Application Programming Interfaces (APIs) to implement secure and non-secure applications.

Back to Top

Reference Materials

• SAM L11 Xplained Pro evaluation kit
• I/O1 Xplained Pro
• MPLAB^® X Integrated Development Environment (IDE)
• MPLAB XC32 Compiler

Apart from the hardware tools listed above, the following items are required:

• USB Type-A male to micro-B male cable for programming and debugging.

​

You will use the MPLAB Harmony 3 Framework Downloader to download the following repositories from GitHub:

• CSP: The following table shows the summary of contents.

• DEV_PACKS: The following table shows the summary of contents.

• Use the MPLAB Code Configurator Framework Downloader to download the repositories.

Connection Diagram

The application has the temperature sensor and EEPROM connected to the SAM L11 over I²C interface and the console (serial terminal) on a PC connected over USART interface (through USB to USART converter).

Hardware Modification

IO1 Xplained Pro features Microchip’s AT30TSE758 temperature sensor chip with an 8 KB serial EEPROM. The temperature sensor has two I²C addresses: one for the temperature sensor and one for the EEPROM. The A2 address line of I²C must be soldered to Ground (GND). This is done to modify the address of the EEPROM on the I/O1 Xplained Pro Extension Kit so that it does not conflict with the address of EEPROM on SAM L11 Xplained Pro Evaluation Kit. The modification changes the address of the temperature sensor to 0x4B and EEPROM to 0x50. These modified addresses are used in this tutorial.

The hardware modification on the IO1 Xplained Pro is shown in the following figure.

Back to Top

Overview

This lab shows you how to create an MPLAB Harmony v3 project from scratch, to configure and generate:

• Harmony v3 Peripheral Libraries code for the secure RTC, I²C, EIC, and PORTS peripherals (All PORT pins by default are secure)
• Harmony v3 Peripheral Libraries code for the non-secure USART, DMA, and PORTS peripherals (USART Pins only)

The application has two projects pertaining to Secure and Non-secure modes of SAM L11, that work together on the same MCU and offers security isolation between the trusted and the non-trusted resources in the device.

Secure Application

The Secure mode application reads the current room temperature from the temperature sensor on the I/O1 Xplained Pro Extension Kit every 500 milliseconds. The application writes the temperature readings to EEPROM and reads when a request is received from the Non-secure mode application. Also, an LED (LED0) is toggled every time the temperature is displayed on the serial console. The periodicity of the temperature values reading can be changed to 1 second, 2 seconds, 4 seconds, and back to 500 milliseconds every time when the user presses the switch SW0 on the SAM L11 Xplained Pro Evaluation Kit. The temperature readings are transferred to Non-secure mode application when it requests to secure application through Non-Secure Callables (NSC).

The secure application initializes Clock, PORT, and secure peripherals (configured through MCC) and its NVIC initializations by calling the function SYS_Initialize. The application registers callback event handlers for SERCOM (as I²C), RTC, and EIC PLIBs. The callback event handlers are called back by the PLIBs when the transaction completion events occur.

The application checks whether the configured RTC timer period has expired. On every timer period expiration, the application calls the function SERCOM1_I2C_WriteRead to submit a temperature sensor read request to the I²C PLIB when I²C peripheral is free. The I²C PLIB calls back the registered callback event handler when the latest temperature value is read from the sensor. The application frees the I²C PLIB and sets a temperature read complete flag in the I²C callback event handler if the I²C PLIB request is a temperature sensor read request.

The application checks the temperature read complete flag and it also checks the I²C PLIB is free to submit written request to store the values in the EEPROM. Further, it will load the latest temperature value (in a formatted message) onto the buffer and also toggles user LED0. The I²C PLIB calls back the registered callback event handler when the latest temperature value is written to the EEPROM. The application frees the I²C PLIB.

Further, the application checks if the EEPROM read request is received from non-secure application to read the last five stored temperature values in the EEPROM. The application calls the function SERCOM1_I2C_WriteRead to submit a read request to the I²C PLIB to read the last five stored temperature values in the EEPROM when I²C peripheral is free. The I²C PLIB calls back the registered callback event handler when the latest temperature value is read from the sensor. The application frees the I²C PLIB and sets an EEPROM read status complete flag in the I²C callback event handler if the I²C PLIB request is an EEPROM read request.

The application also monitors the pressing of the switch SW0; if a switch press is detected, the application changes the temperature sampling rate from the default 500 milliseconds to 1 second. On subsequent switch press, the application changes the temperature sampling rate to two seconds, four seconds, and back to 500 milliseconds. The application cycles the temperature sampling rate on every switch press, as shown in Figure 1.3.

Back to Top

Non-Secure Application

The Non-secure mode application requests the Secure mode application temperature values and prints them on a serial console once it receives from the Secure mode application. Further, when it receives a request from the user (in the form of a key press on the serial console), it will request that the Secure mode application retrieve the last five stored temperature values in the EEPROM. The non-secure application prints the last five stored temperature values on the console.

The application initializes non-secure peripherals (configured through MCC) and its NVIC initializations by calling the function SYS_Initialize. The application registers callback event handlers for two DMA channels (SERCOM (configured as USART) transmit and receive channels). The callback event handlers are called back by the PLIBs when the transaction completion events occur.

Note: Callback event handlers for SERCOM (configured as USART) is not registered as the actual USART data transfer, and it is accomplished by the DMA. The DMA calls back the callback event handlers when the DMA transfer requests are complete.

The application request and checks whether the temperature reading completion status set by Secure mode application to print the latest received temperature value (in a formatted message) onto the serial console over the USART interface by submitting a written request to DMA.

Further, the application reads a user input is received as a character from the serial terminal on the PC to read the stored (last five) temperature values from by requesting to secure application.

The application prints the temperature values on the serial terminal once the EEPROM data read the completion status set by the Secure mode application.

Back to Top

Lab Source Files and Solutions

• Project File Download

This ZIP file contains the completed solution project for this lab. It also contains the source files needed to perform the lab as per the following step-by-step instructions (see the "Procedure" section on this page).

​The contents of this ZIP file need to be placed in a folder of your choice.

Back to Top

Extracting the ZIP file creates the following folders:

• saml11_trustzone_getting_started contains the lab solution (in the firmware folder) and source files (in the dev_files folder).
  • The dev_files folder contains the subfolders Secure and NonSecure which contains the application source files and other support files (if any) required to perform the lab (see "Procedure" section).
  • The firmware folder contains the completed lab solution project. It can be directly built and programmed on the hardware to observe expected behavior.

Back to Top

Procedure

Lab Index

Step 1: Create a SAM L11 Secure and Non-secure Group Project

• Step 1.1 - Create MPLAB® Harmony v3 TrustZone Project Using MPLAB X IDE
• Step 1.2 - Verify Clock Settings
• Step 1.3 - Configure Secure and NonSecure Peripherals
• Step 1.4 - Verify Secure and Non-secure Memory Regions

Step 2: Configure I²C, USART, and RTC Peripheral Libraries

• Step 2.1 - Configure Secure RTC Peripheral Library
• Step 2.2 - Configure Secure I²C Peripheral Library and Secure I²C Pins
• Step 2.3 - Configure Non-Secure USART Peripheral Library and Non-Secure USART Pins
• Step 2.4 - Configure Non-Secure DMA Peripheral Library

Step 3: Configure Pins for Switch and LED

• Step 3.1 - Configure Switch Button Pin with Secure EIC to Generate an Interrupt
• Step 3.2 - Configure LED Pin in Secure Mode
• Step 3.3 - Rename the Default main File

Step 4: Generate Code
Step 5: Add Secure Application Code to the Project
Step 6: Add Non-secure Application Code to the Project
Step 7: Build, Program, and Observe the Outputs

Back to Top