M480 series featured function Trust Boot, allowing programs on each boot up to be trustworthy
The Secure Bootloader provided by M480 is a boot program verification code written in a specific protected area that cannot be read and modified. When customers complete product development and performs code burn, the ICP Tool provided by Nuvoton can be used to select the M480 series and select the Bootloader and secure encryption options in the related configuration area, and set a set of encryption key needed for the verification process (one-time write-in and cannot be read), and then finally, select to burn it into the APROM, LDROM, or SPIM areas.
Once the actions described above are completed and the system boots up, it will boot from the Secure Bootloader location and perform verification for the legality of the program code saved in the APROM, LDROM, or SPIM areas. Once the legality of the code is confirmed, the system will jump to the APROM or LDROM area and start executing the programs in them.
After the product is released, if revisions need to be made or an error needs to be corrected, Nuvoton’s Secure ISP Tool can be used to select the HSUSBD or UART 1 interface, and use the same encryption key to perform an update to the IC.
Through the development process described above, we can confirm that the program run upon each system boot-up is trusted firmware and can prevent the implanting of malicious programs; this is why it is called Trust Boot. In this era where everything can be networked, each terminal device might be maliciously intruded; if security checks can be performed upon boot up, it can ensure that the equipment ran have certain levels of trustworthiness and certain levels of risks can be eliminated.
The following is a brief explanation of the Secure Bootloader verification mechanism:
- Determines whether the protection function of the code area is enabled
- Checks the integrity of the program code to run
- Checks, whether the hash value of the program code to run, is correct
- If there were no errors with Step 3, the CPU will exit the bootloader and run this code. If there were errors, it will enter HSUSBD or UART1 command mode, and the Secure ISP Tool can be used at this time to perform the update process
The NuMicro® M480 series microcontrollers are based on the Arm® Cortex®-M4F core; when the operating frequency is as high as 192 MHz, the operating current can be as low as 130 µA/MHz, and the RTC standby current is only 500 nA. They support the DSP instruction set and has Floating-Point Unit (FPU) integrated; the capacity of the flash memory is 256 KB and supports eXecute-Only-Memory (XOM) used to protect the program code or data. The capacity of the SRAM is 128 KB, and supports full retention or partial retention under standby mode; only 10 µA is required to retain 32KB of SRAM contents, satisfying the low-power demands.