MAXQ1103 Destructive Reset Diagnostic Procedure
Abstract: MAXQ1103 is a secure microcontroller. When any tamper detection input is triggered, sensitive data will be erased immediately. After a destructive reset, the recovery vector allows the diagnostic program to be run, performing the required recording or notification of self-destruction events. This application note describes the use of Rowley CrossWorks C compiler to write diagnostic programs.
Early Maxim products, such as the DS5250, integrated DRS functions. The MAXQ1103 can perform unencrypted diagnostic procedures after a destructive reset. This diagnostic program can execute any internal unencrypted program and does not require access to the external memory bus (the bus is in a disabled state before power-on reset).
For example, the diagnostic program can be used for system maintenance alarms, reporting "operation failures" to the control center via a modem, and prompting users of system problems. This program can perform the erase function and reprogram the internal flash memory.
DRS diagnostic program configuration The DRS diagnostic program is enabled by the DIAS DRSRS register bits. The DRSRS register bits DIAS [3: 0] specify the location of the program code and determine the vector mapping position of the microcontroller after SDI is cleared. If the address pointer of the diagnostic vector points to the encrypted storage area, the microcontroller ROM will simply interrupt the processor operation after reset, which is the default state when DIAE = 0 (diagnostic program is not enabled).
You can write to the DRSRS register at any time during normal operation of the program. This register will also retain the indicator signs of the destructive reset source, which can be used by the diagnostic program or recorded to the non-volatile memory.
Application Example: Encrypted Clock To demonstrate the MAXQ1103 DRS diagnostic program, a small program in C language was written using Rowley CrossWorks compiler. This program uses the MAXQ1103 evaluation board (Rev D) to build a simple real-time clock (RTC).
The date and time are continuously displayed on the LCD of the evaluation board and updated every second. Using the ENT key on the numeric keyboard of the evaluation board, the user can directly set the date and time; the pointer automatically refreshes with the date and time fields. Figure 1 shows a simple example.
If any SDI input pin is pulled high (to VDDIO) and then released, the microcontroller will perform a destructive reset. This reset action will erase the program key and the main program will stop running. At this time, the LCD will display a message indicating that DRS has occurred, and the contents of the DRSRS register will be displayed on the display, as shown in Figure 2.
The flag of the DRSRS register indicates the source of SDI that caused the destructive reset. In addition, the time and date of the last DRS will be displayed on the LCD. This function is not a strictly required part of the DRS diagnostic procedure, but the value of the RTS (RTC second counter) register at the time of the SDI trigger captured by the DRS recorder is indeed the key to the DRS diagnostic procedure.
It is very simple to specify the source code of the RTC "main program", which will not be detailed in this application note, but this source program is very important and may be reused as an RTC routine. This part of the code is stored in the CODE memory segment and starts at program memory address 0x000600. MAXQ30_Target.js contains pre-loaded program commands to enable a 64k word encrypted area with PMAC and PMSZ registers. This area uses 3DES encryption to store the CODE program.
In order to execute the DRS recovery vector, a certain space must be reserved for the main program. A memory segment is declared in the MAXQ1103.xml file, starting at 0x3C600, with a length of 16k words, and the memory segment is named RESERVE. Therefore, we can use Rowley assembly to instruct CSEG RECOVERY to store our DRS diagnostic program at an appropriate address, which is specified by the DIAS [3: 0] bits in the DRSRS register.
The function enable_drs_diag () writes a value of 0x00001E01 in the DRSRS register. This value enables the diagnostic vector and selects the location of the 0x3C600 diagnostic vector.
After a destructive reset occurs (for example, the input state that caused the self-destruction has been released), the DRS diagnostic program will be called by the ROM. This program will not call any program located in the encryption zone (defined by PMAC / PMSZ). The program must avoid the encryption zone, otherwise it will cause undesired system operation.
The recovery procedure is contained in the drs.asm file, which illustrates the use of CSEG stored in the RECOVERY area.
The diagnostic vector may call an unencrypted C program in the internal program memory. Before the program is called, the C runtime environment must be installed. Please refer to the crt0.asm file in the Rowley compiler to determine what needs to be installed.
Conclusion The MAXQ1103 diagnostic program provides programmers with a way to execute code after a safety-related destructive reset. It clearly distinguishes between encrypted programs and non-encrypted recovery programs. The diagnostic program can record attacks that threaten security and take appropriate measures after self-destructive operations, such as: remote alarm or further erasing internal memory.
Piezo Transducer,Piezo Audio Transducer,Piezoceramic Transducer,Piezo Pressure Transducer
NINGBO SANCO ELECTRONICS CO., LTD. , https://www.sancobuzzer.com