This tutorial explains why you must secure digital IO pins and how to utilize MCUXpresso Config Tools.
GPIO (General Purpose Input Output) is the most common digital peripheral in a microcontroller. GPIO of LPC MCU is very flexible and powerful. Below you can see a simple block diagram of GPIO (Figure 1). GPIO can read a pin state regardless of the pin function configured. For example, if this pin is configured as UART, then the pin state can be read via a GPIO read.[1]
Figure 1 GPIO [1]
Due to the architecture of GPIO, all digital IO pins states are readable through the GPIO module from the GPIO read path. It does not depend on what function is chosen for this pin as aforementioned. As a result, there is a possibility of information leakage from a Secure resource (S).
For example, when you configure a UART as a Secure peripheral, it means that only the Secure world can access this UART.
However, in this case, the Non-Secure world can monitor the UART pin states through the GPIO read path as shown in Figure 1. Hence, the Non-Secure world can get all the Secure information from the UART.[1]
To prevent the leakage of information from the Secure world by GPIO, the Secure GPIO Mask is implemented on LPC55Sxx devices with TrustZone®. This mask disallows the use of GPIO for a pin in both the Secure and the Non-Secure world. LPC55Sxx devices with TrustZone® implement a new NXP peripheral named Secure GPIO that can operate GPIO in the Secure world.
Figure 2 Secure GPIO and Secure GPIO Mask [1]
MCUXpresso Config Tools contain everything you need to create a Secure configuration. You can do a pins configuration in the Pins tool, configure peripherals in the Peripherals tool, enable clocks in the Clocks tool, and set up the Secure aspects in the Trusted Execution Environment (TEE) tool.
You can create a simple example to test that the Non-Secure world can access information from the Secure world by reading the state of a GPIO pin.
Assuming the Secure application uses FLEXCOMM0 to communicate and GPIO0.30 pin for TX signal, you can add a code to a Non-Secure application that can read the communication. To use GPIO macros from the example code, make sure the “board.h” header file of LPC55S69 board is added in the include section of the file.
When you run the application, the Non-Secure world reads the state of the GPIO pin and changes the state of the blue LED accordingly. You can achieve it without any additional modification to a configuration generated by MCUXpresso Config Tools. There is no need to configure the pin to GPIO. It demonstrates that the state can be read from the Non-Secure world and communication is not Secure.
You can run the same example to verify that reading a state of the pin, that is routed to the FLEXCOMM0 TX signal, from the Non-Secure world always returns the same value. Running the application, you can see that the blue LED is not changing color based on the communication of the FLEXCOMM peripheral.
[1] 2020. AN12326: Secure GPIO And Usage. 1st ed. [ebook] NXP B.V. 2019, pp.3-4. Available at: <https://www.nxp.com/doc/AN12326> [Accessed 15 December 2020].