SPRADK2 November   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
  5. 2Supplemental Online Information
  6. 3SSU Overview
  7. 4Key Concept Definitions
  8. 5Safety and Security Goals
  9. 6System Design
  10. 7Configuring the SSU
    1. 7.1 Flash SECCFG Region
    2. 7.2 SSU Development Life Cycle
    3. 7.3 Using the SysConfig Tool
      1. 7.3.1 Enabling System Security Configuration
      2. 7.3.2 Configuring Application Modules
      3. 7.3.3 Configuring Special Modules
        1. 7.3.3.1 LINK2 Configuration
        2. 7.3.3.2 LINK1 Configuration
        3. 7.3.3.3 Adding Shared Memory
      4. 7.3.4 Defining Sandboxes
  11. 8Summary
  12. 9References

5 Safety and Security Goals

The Safety and Security Unit enables system designers to accomplish important safety- and security-related objectives in the design of real-time embedded systems. These objectives include:

  1. Memory Protection: An essential element of an embedded microcontroller that supports functional safety goals is a Memory Protection Unit, or MPU. An MPU enforces access control rules over memories in the system, to prevent unauthorized reads, accidental overwrites, or unauthorized modifications to code and data. Memory protection plays an important role in maintaining system stability, reliability, and security. The SSU provides advanced MPU functionality that is context-sensitive, switching protections in real time without software intervention.
  2. Freedom from Interference: In the ISO 26262 standard, which defines functional safety standards for automotive electronics, Freedom from Interference (FFI) is defined as the “absence of cascading failures between two or more elements that can lead to the violation of a safety requirement.” A cascading failure occurs when one component in the system fails, and the failure of that component causes a different component in the system to fail; these failures can result in a progressively growing positive feedback loop. The SSU provides mechanisms to fully isolate multiple different system software components from each other, such that a safety failure in one component does not compromise the rest of the application.
  3. Security Isolation: In addition to safety freedom from interference, the SSU supports security isolation goals, giving each application component a secure execution environment that protects the confidentiality and integrity of code and data assets during run time.
  4. Real-Time Performance: A critical goal of the SSU is to provide safety and security protections without impact to real-time performance. Memory protection, security isolation, and other SSU functions are all performed in real time without software intervention, eliminating extra latency due to supervisor software overhead. Combined with the industry-leading performance of the C29 CPU, this enables system designers to combine multiple control functions on the same CPU without sacrificing performance, safety or security goals, leading to reduced overall system cost.
  5. Secure Debug and Firmware Updates: The SSU provides the ability to partition the system software into multiple user debug ZONEs, enabling multiple teams to securely maintain and debug different software components on the same chip. The SSU also manages Flash firmware, controlling which users and code are permitted to perform firmware updates, and enabling mechanisms such as Firmware-Over-The-Air (FOTA) and Live Firmware Update (LFU) with A, B swapping and rollback protection in hardware.