Rev. 0 — 02/2021

Application Note

# 1 Introduction

This application note explains how a secure GPIO must be used and configured in secure mode. It also demonstrates how a non-secure mode can access a peripheral's pin state regardless of the pin function whether the peripheral function is secure or non-secure which results in secure information leakage.

2 Overview

RT500 has secure GPIO module whose usage is closely related to normal GPIO, TrustZone, and secure AHB Controller. This section briefly introduces these functions. For more information on these functions, refer to RT500 User Manual.

### 2.1 TrustZone and secure AHB Controller

### 2.1.1 TrustZone

TrustZone for Armv8-M are available on all RT500 devices to protect secure resources from access by malicious code. Such secure resource may include secure memory blocks (code/data) and secure peripherals. It is achieved by segmentation of address space into either secure (S) or non-secure (NS). TrustZone can filter address access from CPU0 based on specific security attribute (S, NS) assigned to that address space.

As an example shown in Figure 1, CM33 CPU in secure state (CPU-S) can execute instructions from secure memory (S-memory), but is not allowed to directly execute instructions from non-secure memory (NS-memory). However, CPU-S can access data in both S-memory and NS-memory.

CPU-NS can execute instructions only from NS-memory and is not allowed to execute instructions from S-memory. CPU-NS can access data only in NS-memory but is not allowed to access data from S-memory.

In summary:

- NS application code "trust" that secure code do not corrupt or modify NS code or data inadvertently or on purpose to create malfunction or hazard.
- S application code does not "trust" NS application code and disallows access to a CPU-NS.



#### Contents

| 1 | Introduction                | 1 |
|---|-----------------------------|---|
| 2 | Overview                    | 1 |
| 3 | Secure GPIO and secure GPIO |   |
|   | Mask                        | 2 |
| 4 | Secure GPIO Usage           | 3 |
| 5 | Sample Example Application  | 5 |
| 6 | Conclusion                  | 6 |
| 7 | References                  | 6 |
| 8 | Revision history            | 6 |



### 2.1.2 Secure AHB Controller

The RT500 implements second layer of protection with secure AHB Controller to provide secure trusted execution at system-level.

With secure AHB Controller, we can configure security access rules for each peripheral.

By default, CM33 CPU in secure state (CPU-S) can access the peripherals in both S-state and NS-state. CM33 CPU in non-secure state (CPU-NS) can only access the peripherals in NS-state.

# 2.2 Normal GPIO

Normal GPIO is the most common digital peripheral in a microcontroller. Normal GPIO of RT5xx MCU is very flexible and powerful like SPI, UART, and so on. A normal GPIO is also a digital peripheral in the MCU. Table 1 shows a simple block diagram of the normal GPIO. As you can see that normal GPIO can read a pin state regardless of pin function configured, for example, if this pin is configured as UART, then this pin state can be read via normal GPIO read.

# 3 Secure GPIO and secure GPIO Mask

Due to the architecture of the normal GPIO, all digital IO pins states are readable through normal GPIO module from the GPIO read path, independent of which function is chosen for this pin. As a result, there is a possibility of leaking information from secure resource(S).

For example, when a UART is configured as a secure peripheral, which means that this UART is only allowed to be accessed by the secure mode that is, code, not by the non-secure mode.

However, in this case, the UART pin states can still be monitored by non-secure mode through normal GPIO read path as shown below. Hence, the non-secure mode can get all the secure UARTs information.

To solve this issue and safeguard incoming data on secure peripherals, a secure GPIO Mask register is implemented on RT500. This register contains bit assignments for each peripheral such that if set, the GPIO pins states can only be read if in secure mode. In addition, it can be used to receive certain input pattern from external device for secure signaling.

The secure GPIO is standard GPIO peripheral supporting 32 pins on port 0 only. Having two GPIO peripherals allows user to configure one GPIO peripheral into secure world and another one into normal world. Thus for all pins on port 0, user can select whether the pin is controlled from secure or non-secure domain (using IOCON).

The following is a simple block diagram of the normal GPIO & secure GPIO and secure GPIO Mask.





### 3.1 Secure GPIO Mask

Each GPIO has a secure GPIO MASK. As shown in the Table 1, we can think of the secure GPIO Mask as one input of the AND gate. Its default value is 1. Thanks to the secure GPIO Mask, we can control the on/off state of the normal GPIO read path.

# 3.2 Secure GPIO

As shown in the Table 1, Secure GPIO has the same functions as normal GPIO. However, just as its name implied 'secure', the access rules to this secure GPIO for different secure levels shall be configured through the secure AHB controller which can only be accessed in secure state. The Secure GPIO port has its own instance of the two GPIO interrupts.

# 4 Secure GPIO Usage

This section introduces with usage of secure GPIO with code snippets.

### 4.1 Use secure GPIO mask to protect secure digital peripherals which need IO

SEC\_GPIO\_MASK register is used for controlling secure GPIO Mask. By default, this register value is all 1s, which means NS code can still read secure peripheral states by reading its pin states as shown in left side of Figure 2 below.

To prevent this risk of secure information leakage, the normal GPIO shall be masked by setting the corresponding bits in SEC\_GPIO\_MASK to 0 as shown in the right side of below Figure 2.



The following code snippet shows how to mask P0\_25 pin by using secure GPIO MASK:

```
AHB_SECURE_CTRL->SEC_GPIO_MASK0 &= 
~AHB_SECURE_CTRL_SEC_GPIO_MASK0_PIO0_PIN25_SEC_MASK_MASK;
```

## 4.2 Set one IO to secure GPIO

Follow below steps to configure an I/O pin as secure pin:

- · Configure the corresponding bit of SEC\_GPIO\_MASK to 0
- Configure the secure GPIO module to secure through secure AHB Controller. This prevents non-secure mode from accessing the secure GPIO
- Configure the IOCON block to secure through secure AHB Controller. This prevents non-secure mode from accessing the IOCON.
- Configure the corresponding pin function to secure GPIO (FUNC=8) through secure IOCON block
- · Enable secure GPIOs clock

Afterwards, you can use it like a normal GPIO pin.

The following code snippets taking P0\_25 pin as an example.

• Configure the SEC\_GPIO\_MASK of P0\_25 to 0:

```
AHB_SECURE_CTRL->SEC_GPIO_MASK0 &=
~AHB_SECURE_CTRL_SEC_GPIO_MASK0_PIO0_PIN25_SEC_MASK_MASK;
```

• Set secure GPIO as secure:

```
AHB_SECURE_CTRL->AHB_PERIPH3_SLAVE_RULE =
AHB_SECURE_CTRL_AHB_PERIPH3_SLAVE_RULE_SECURE_GPIO_RULE3(0x3U);
```

#### · Make the IOCON block secure:

```
AHB_SECURE_CTRL->APB_BRIDGE[0].APB_GRP0_MEM_RULE0 =
AHB_SECURE_CTRL_APB_BRIDGE_APB_GRP0_MEM_RULE0_IOPCTL_RULE4(0x3U);
```

• Configure P0\_25 pin function to secure GPIO (FUNC=8):

```
const uint32 t port0 pin25 config = (
                                        /* Pin is configured as SEC P0 25 */
                                        IOPCTL PIO FUNC8 |
                                        /* Disable pull-up / pull-down function */
                                        IOPCTL PIO PUPD DI |
                                        /* Enable pull-down function */
                                        IOPCTL PIO PULLDOWN EN |
                                        /* Enables input buffer function */
                                        IOPCTL PIO INBUF EN |
                                        /* Normal mode */
                                        IOPCTL PIO SLEW RATE NORMAL |
                                        /* Normal drive */
                                        IOPCTL PIO FULLDRIVE DI |
                                        /* Analog mux is disabled */
                                        IOPCTL PIO ANAMUX DI |
                                        /* Pseudo Output Drain is disabled */
                                        IOPCTL PIO PSEDRAIN DI |
                                        /* Input function is not inverted */
                                        IOPCTL PIO INV DI);
/* PORTO PIN25 (coords: C12) is configured as
SEC P0 25 */ IOPCTL PinMuxSet(IOPCTL, 0U, 25U, port0 pin25 config);
```

• Enable secure GPIOs clock:

CLOCK\_EnableClock(kCLOCK\_ShsGpio0);

• Making PINT for secure GPIO as secure (Optional step):

```
AHB_SECURE_CTRL->APB_BRIDGE[1].APB_GRP1_MEM_RULE0 =
AHB SECURE CTRL APB BRIDGE APB GRP1 MEM RULE0 GPIO INTR CTRL RULE5 MASK( 0x3U);
```

# 5 Sample Example Application

#### 5.1 Environment

#### 5.1.1 Hardware environment

- Board
  - MIMXRT595EVK
- Debugger
  - Integrated CMSIS-DAP debugger on the board
- Miscellaneous
  - 1 Micro USB cable
  - PC
- · Board Setup

- Connect the micro USB cable between PC and J40 link on the board for loading and running a demo.

#### 5.1.2 Software environment

Tool chain

- IAR embedded workbench 8.50.9 or MCUXpresso IDE 11.3.0 or Keil 5.33

- · Software package
  - SDK\_2.9.1\_EVK-MIMXRT595

### 5.2 Steps and result

 Follow the Getting Started with MCUXpresso SDK for MIMXRT500 (can be found inside SDK->docs) in order to go through the steps for running secure\_gpio demo (SDK\boards\evkmimxrt595\trustzone\_examples\secure\_gpio) using MCUXpresso, IAR, or Keil.

#### NOTE

The instruction for a TrustZone based application are a little different as compared to other application. Follow steps for TrustZone based application in getting started guide.

- 2. Connect the development platform to your PC via USB cable.
- 3. Result

Two LEDs are used in this example, Blue LED indicates that the pin state is read by normal GPIO, whereas green LED indicates that the pin state is read by secure GPIO. After reset, code is running in secure mode, and it initializes the system including above two LEDs, and then it jumps to non-secure mode. In non-secure mode, P0\_25 pin (SW1 button on EVK) is read in idle loop and in secure mode P0\_25 pin is read every 5 ms using a System Timer tick. The secure mode also sets the secure GPIO mask based on SW2 button. The Secure GPIO mask is cleared if SW2 is pressed, while secure GPIO mask is set if SW2 is released. By default secure GPIO Mask for P0\_25 is 1 allowing both the secure mode and non-secure mode to read the pin state. When SW1 is pressed and hold down, it turns on the blue LED and green LED as now both normal GPIO and secure GPIO read all 0 from this pin.

When SW2 is pressed, it jumps to secure mode, clears secure GPIO Mask, and then jump back to non-secure mode. When secure GPIO Mask is set to 0, only secure mode can read the P0\_25 pin state while non-secure mode will always read 0 as pin state. Thus in this case blue LED remains on irrespective of SW1 button state. While green LED turns on only when SW1 is pressed and hold down and turns off as soon as it is released. The secure GPIO mask can be set again by releasing the SW2 button.

# 6 Conclusion

The example shows that non-secure mode can access a peripheral's pin state regardless of the pin function whether the peripheral function is secure or non-secure which results in secure information leakage. To prevent, a secure GPIO must be used and it shall be configured and used in secure mode. Whereas, the normal GPIO shall be used in non-secure mode.

# 7 References

- RT500 user manual
- RT500 data sheet
- MCUXpresso SDK Release Notes for EVK-MIMXRT595 (Available inside SDK)
- Getting Started with MCUXpresso SDK for EVK-MIMXRT595 (Available inside SDK)
- MCUXpresso SDK API Reference Manual

# 8 Revision history

| Rev. Number | Date    | Substantive Changes |
|-------------|---------|---------------------|
| 0           | 02/2021 | Initial release     |

How To Reach Us Home Page: nxp.com Web Support: nxp.com/support Information in this document is provided solely to enable system and software implementers to use NXP products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits based on the information in this document. NXP reserves the right to make changes without further notice to any products herein.

NXP makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does NXP assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequential or incidental damages. "Typical" parameters that may be provided in NXP data sheets and/or specifications can and do vary in different applications, and actual performance may vary over time. All operating parameters, including "typicals," must be validated for each customer application by customer's technical experts. NXP does not convey any license under its patent rights nor the rights of others. NXP sells products pursuant to standard terms and conditions of sale, which can be found at the following address: nxp.com/SalesTermsandConditions.

**Right to make changes** - NXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof.

Security — Customer understands that all NXP products may be subject to unidentified or documented vulnerabilities. Customer is responsible for the design and operation of its applications and products throughout their lifecycles to reduce the effect of these vulnerabilities on customer's applications and products. Customer's responsibility also extends to other open and/or proprietary technologies supported by NXP products for use in customer's applications. NXP accepts no liability for any vulnerability. Customer should regularly check security updates from NXP and follow up appropriately. Customer shall select products with security features that best meet rules, regulations, and standards of the intended application and make the ultimate design decisions regarding its products, regardless of any information or support that may be provided by NXP. NXP has a Product Security Incident Response Team (PSIRT) (reachable at PSIRT@nxp.com) that manages the investigation, reporting, and solution release to security vulnerabilities of NXP products.

NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, COOLFLUX, EMBRACE, GREENCHIP, HITAG, ICODE, JCOP, LIFE, VIBES, MIFARE, MIFARE CLASSIC, MIFARE DESFire, MIFARE PLUS, MIFARE FLEX, MANTIS, MIFARE ULTRALIGHT, MIFARE4MOBILE, MIGLO, NTAG, ROADLINK, SMARTLX, SMARTMX, STARPLUG, TOPFET, TRENCHMOS, UCODE, Freescale, the Freescale logo, AltiVec, CodeWarrior, ColdFire, ColdFire+, the Energy Efficient Solutions logo, Kinetis, Layerscape, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert, QorlQ, QorlQ Qonverge, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid, Airfast, BeeKit, BeeStack, CoreNet, Flexis, MXC, Platform in a Package, QUICC Engine, Tower, TurboLink, EdgeScale, EdgeLock, elQ, and Immersive3D are trademarks of NXP B.V. All other product or service names are the property of their respective owners. AMBA, Arm, Arm7, Arm7TDMI, Arm9, Arm11, Artisan, big.LITTLE, Cordio, CoreLink, CoreSight, Cortex, DesignStart, DynamIQ, Jazelle, Keil, Mali, Mbed, Mbed Enabled, NEON, POP, RealView, SecurCore, Socrates, Thumb, TrustZone, ULINK, ULINK2, ULINK-ME, ULINK-PLUS, ULINKpro, µVision, Versatile are trademarks or registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. The related technology may be protected by any or all of patents, copyrights, designs and trade secrets. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org.

© NXP B.V. 2021.

#### All rights reserved.

For more information, please visit: http://www.nxp.com For sales office addresses, please send an email to: salesaddresses@nxp.com

> Date of release: 02/2021 Document identifier: AN13153

# arm