Creating Secure and Non-Secure projects The LPC55S69 MCU series contains Arm TrustZone® and Trusted Execution Environment extension from NXP. It allows users to assign cores, memories, and peripherals to the Secure or the Non-Secure World and restrict access between them. Manufacturers can use it to secure critical functionality of a device. For example, the Secure code is provided on the device by the manufacturer and could not be modified by users. However, a user can create a Non-Secure application and download it to the device. A secure code can communicate over a channel which security cannot be exposed to the Non-Secure World. This example is shown in the tutorial. This tutorial demonstrates how to create Secure and Non-Secure projects and their basic configuration using MCUXpresso IDE and Config Tools. LPCXpresso55S69 Board is used for the demonstration of functionality. Project description Two projects, a Secure and a Non-Secure, are created. Both projects are used on a single core. USART is used for sending data and it is configured as a Secure peripheral. S1 (ISP) button is used for sending data from the Secure world. S2 (WAKEUP) button is used for sending data from the Non-Secure world, which is not allowed due to a security violation. Prerequisites MCUXpresso IDE 11.3.0 LPCXpresso55S69 SDK 2.9.0 LPCXpresso55S69 Board You are familiar with the security extension used on LPC55S69. You are familiar with MCUXpresso IDE and Config Tools – Getting started with TEE. Steps 1.  Create a Secure project Create a new project, select the security type (Secure), and set memory regions in New Project Wizard. You must do it as Secure and Non-Secure projects use different parts of memories. In addition, secure memories use aliases – the 28 th bit is set to 1.  To download the firmware to the secure flash, select the Secure flash driver „LPC55xx_S.cfx“. 2. Create a Non-Secure project Create a new project and set security and memories as follows. 3. Connect the projects It is not mandatory but it makes things easier. Reference the Secure project from the Non-Secure project. It makes importing memory regions into the TEE tool easier.  The current and the linked or linking projects are preselected in the import dialog. In the  Secure project set the Non-Secure project to be preprogrammed.  Both projects are automatically downloaded to the board prior to debugging the Secure project. 4. Disable generation of  a Secure gateway library This feature is not used in this tutorial, therefore it must be turned off to compile the project. Change it in project properties (right-click the project and select Properties). 5. Route Secure pins Open Pins tool. Route S1 pin to SECGPIO. For detecting button press, peripheral SPINT is used and it must be routed to the same pin. Flexcom, which is used as USART, is routed by default in a board configuration. Do not change anything there. 6. Setup Secure peripherals Flexcomm is used for USART communication. Open Peripherals tool. Add USART component in Peripherals tool. Use the default configuration. Problems related to clocks must be resolved in the Clocks tool by enabling peripheral clock. Right-click the problem in Problems view and select Show problem. It opens the Clocks tool and highlights the problematic clock path. Add PINT component. Uncheck the checkbox „Show only components in toolchain project“  as the PINT driver is not in the project yet. Otherwise, it is not listed in the dialog. Select SECPINT peripheral. Configure it to invoke a callback function upon falling edge is detected on S1. Add the  PINT driver to the project via quick-fix in the Problems view. 7. Setup security extension in TEE tool Import memory regions from both projects in the User Memory Regions tab. As nothing is configured for the security extension, there are errors and warnings in the Security Level column. In Security Access Configuration, Miscellaneous tab enable Secure check for AHB matrix and Non-Secure access to floating point extension (CP10 access). FPU is turned on by default. Enable SAU and set Non-Secure regions. Other memory is considered Secure. Set MPC to allow only Secure transactions for Secure memory regions. It resolves errors and warnings in User Memory regions. Set SECGPIO and SECPINT peripherals as Secure. Keep Flexcomm as Non-Secure for now for demonstration purposes. Set PINT interrupt security as Non-Secure. Sending data from the Non-Secure world is also triggered by button press so its interrupt security must be set accordingly. It is the last setting of the Secure project in Config Tools, at this stage update the code. 8. Update Secure project settings After updating the code, create a  TrustZone folder. By default, new folders are excluded from the build. Right-click the folder and uncheck Exclude resource from build in the folder properties. Add the path to the folder into Include paths in project settings. 9. Add missing drivers If you use this version of tools,  add the inputmux driver in the Secure project. It is required for code generated by the Pins tool. 10. Update the Secure source code Do the following updates in source/Secure.c file. Add TEE initialization function call. As security is the first thing that should be configured,  place it SystemInitHook function. This way it is called before entering the main function. The initialization function is implemented in resource_config.h which must be included.       /*! * @brief Application-specific implementation of the SystemInitHook() * weak function. */ void SystemInitHook(void) { BOARD_InitTEE(); }       Implement SECPINT callback function. After pressing S1,  some data is sent from the Secure world via USART. For simplicity, character ‚s‘ is sent from the Secure world and character ‚n‘  is sent from the Non-Secure world.       /* * @brief Send on byte over secure channel * @param data data to be sent */ void sendSecureByte(uint8_t data) { USART_WriteByte(FLEXCOMM0_PERIPHERAL, data); } /* * @brief S1 button interrupt callback * @param pintr pin interrupt type * @param pmatch_status match status */ void secureButtonCallback(pint_pin_int_t pintr ,uint32_t pmatch_status) { sendSecureByte('s'); }       When you do the initialization in the Secure world, the MCU can continue with executing instructions from the Non-Secure world. The switching consists of setting a Non-Secure stack, a vector table, and calling a reset handler. The Non-Secure flash was previously configured to start at address 0x10000.       /* Start address of Non-secure application */ #define NON_SECURE_START 0x10000 /* typedef for non-secure callback functions */ typedef void (*funcptr_ns)(void) __attribute__((cmse_nonsecure_call)); int main(void) { /* Init board hardware. */ BOARD_InitBootPins(); BOARD_InitBootClocks(); BOARD_InitBootPeripherals(); #ifndef BOARD_INIT_DEBUG_CONSOLE_PERIPHERAL /* Init FSL debug console. */ BOARD_InitDebugConsole(); #endif PRINTF("Secure World\n"); /* Set non-secure main stack (MSP_NS) */ __TZ_set_MSP_NS(*((uint32_t *)(NON_SECURE_START))); /* Set non-secure vector table */ SCB_NS->VTOR = NON_SECURE_START; /* Get non-secure reset handler */ funcptr_ns ResetHandler_ns; ResetHandler_ns = (funcptr_ns)(*((uint32_t *)((NON_SECURE_START) + 4U))); /* Jump to normal world */ ResetHandler_ns(); /* Force the counter to be placed into memory. */ volatile static int i = 0 ; /* Enter an infinite loop, just incrementing a counter. */ while(1) { i++ ; /* 'Dummy' NOP to allow source level single stepping of tight while() loop */ __asm volatile ("nop"); } return 0 ; }       11. Route Non-Secure pins Configure the Non-Secure project properly. Route S2 pin to GPIO as input. Route  PINT for pin #64. Flexcomm is routed by default, remove this routing as it is already routed in the Secure project. 12. Setup Non-Secure peripherals Set up PINT to use callback on falling edge of the S2 button press.  Add the driver, for example, via quick fix. 13. Update the Non-Secure source code Keep the initialization of Pins and Peripherals and remove the other initialization as it was done in the Secure world. That also includes the overriding SystemInit function.       /* * @brief System initialization * * Intentionally empty. Required initialization was done in the Secure project. * */ void SystemInit(void) { } /* * @brief Application entry point. */ int main(void) { /* Init board hardware. */ BOARD_InitBootPins(); BOARD_InitBootPeripherals(); ...       Add the code for sending data from the Non-Secure world. To use the USART_WriteByte function and the imputmux driver, include fsl_usart.h.       /* * @brief S2 button interrupt callback * @param pintr pin interrupt type * @param pmatch_status match status */ void nonSecureButtonCallback(pint_pin_int_t pintr ,uint32_t pmatch_status) { USART_WriteByte((USART_Type *)FLEXCOMM0, 'n'); }       Now the projects are ready. When debug is executed for the Secure project, the Non-Secure project is also downloaded to the board. After pressing S1, 's' is sent from the Secure world. When S2 is pressed, 'n' is sent from the Non-Secure world because Flexcomm is configured as Non-Secure in the TEE tool. 14. Securing USART Open the TEE tool from the Secure project and set the Flexcomm slave as Secure. After this change, you can send data from the Secure world but an attempt to send data from the Non-Secure world results in bus fault.  

This tutorial is how to start working with TEE

The MCUXpresso Config Tools is an integrated suite of configuration tools that help guide users from first evaluation to production software development when designing with Arm ® Cortex ® -M-based devices from NXP, including its general purpose, crossover and wireless-enabled MCUs. These configuration tools allow developers to quickly build a custom SDK and leverage pins, clocks and peripherals to generate initialization C code for custom board support. The following tutorials help you design with the MCUXpresso software and tools. Pins Tool and Expansion Headers Apply Arduino virtual adapter into compatible header Measuring temperature using digital sensor DS18B20 and Arduino Multifunction Shield on FRDM K64F Creating expansion board definition file for Arduino Multifunction shield Adding Expansion Headers to a custom board Peripherals tool USB Audio Class Tutorial  Using TDA1543 I2S DAC with the LPC54114 board  Touch controlled led light on LPCXPRESSO845-BRK  eDMA component abilities shown on ADC measurement example Trusted Execution Environment (TEE) Getting started with TEE  Creating Secure and Non-Secure projects Calling Secure code from Non-Secure region LPC55Sxx: Securing Digital IO Pins

This video provides an instruction to the NXP Pins tool (see New Kinetis Expert Pins Tool V1.0 Available!). It demonstrates how to use the tool and how to configure pins with the example of the FRDM-K64F Board.   Enjoy 🙂

The following article describes how the data files of the Pins Tool can be downloaded either for offline usage or processed further, for example in an automated build system or how to use it on a machine without network connection: https://mcuoneclipse.com/2016/07/29/nxp-pins-tool-understanding-data-for-offline-usage/   I hope you find this useful, Erich

This post will include a history of releases for the MCUXpresso Config Tools.    Most Recent Release: MCUXpresso Config Tools v11 - Released on January 17, 2022   Download Links: MCUXpresso IDE with integrated Config Tools Standalone MCUXpresso Config Tool   Standalone MCUXpresso Config Tool vs MCUXpresso IDE integrated version The functionality of the MCUXpresso Config Tools is integrated directly within the MCUXpresso IDE as tool perspectives (Pins, Clock, Peripheral, etc).  The configuration tools/perspective will provide a seamless way to configure and modify projects developed within MCUXpresso IDE.  The MCUXpresso Config Tools are also provided as a standalone installation for use with other IDEs (IAR and Keil).  Additionally these tools can be used without an IDE for generating configuration files and generated source file for use without an IDE.   Receive email notification for new releases: If you would like to receive email notifications when a new version of the MCUXpresso Config Tools is released, consider adding an "Email Watch" to this post.   Previous Release History: MCUXpresso Config Tools v10 - Released on July 15, 2021 MCUXpresso Config Tools v9 - Released on January 15, 2021 MCUXpresso Config Tools v8 - Released on July 21, 2020 MCUXpresso Config Tools v7 - Released on Dec 19, 2019  MCUXpresso Config Tools v6 - Released on June 13, 2019 MCUXpresso Config Tools v5 - Released on January 10, 2019

The MCUXpresso Config Tools is installed without the data for MCUs and boards, and the data are download on demand via internet. So this article describes how to use MCUXpresso Config Tools with offline Computer. There are two methods: - Copy and paste the data on computer; - Connect the internet when first using. About the detail steps, please have a look at attachment . Thanks for the suggestion from Petr Hradsky . Alice Yang

The following article has quick steps and videos how to get started with Kinetis Expert SDK and Design Studio:   https://community.freescale.com/docs/DOC-329662   Enjoy!

The following article describes how to configure code generation for the clock gates and how to perform a full initialization with the Pins Tool: https://mcuoneclipse.com/2016/07/19/nxp-pins-tool-clock-gates-and-controlling-the-bits/  

This community and forum is for the growing set of Kinetis Expert System Conguration Tools. The tools are acessible online on Welcome to Kinetis Expert | Kinetis Expert and include right now the 'Build an SDK' and 'Power Estimation' tools: So if you have any questions or need any further advice and information about the Kinetis Expert System Configuration Tools, this is the community for it!

This tip will show you how to use MCUXpresso Config Tools V4.1 generate codes for KV5x with 50MHz external reference clock. The fec_extal in datasheet shows that the maximum frequency of Input clock frequency (external clock mode) is 48MHz. It will lead code generation failed when you configure 50MHz as the external reference clock in latest MCUXpresso Config Tools V4.1. (Code generation in case of warnings shouldn't be blocked. It will be fixed for MCUXpresso Config Tools V5.) Some customer had met this issue when using TWR-KV58F220M board, this board connect a 50MHz_OSC to EXTAL0. My colleague have prepared a hot fix for this issue (for all MKV5x MCUs). After install the attached hot_fix_MCUXpresso_Config_Tools_V4_1_data_MKV58_MCUCM-3936, customer is able to overcome it.(Notice: The ProgramData folder was hidden by default.)

A new version of the Kinetis Expert Configuration Tools has been released and is available both online (Welcome to Kinetis Expert | Kinetis Expert ) or for download as desktop tool (Software Development Kit for Kinetis MCUs|NXP ).   The set of the tools has a new member: the Clocks Tool: Simple UI for clock parameter viewing and modification Graphical view for easy navigation and visualization of settings and frequencies Generate configuration code using KSDK v2 Inspect and modify clock configuration from clock input source up to the core/peripherals Validate clock settings and calculate the resulting output clock frequencies Determines suitable clock settings for given output requirements Integrated with the Pins Tool   Main features of Pins Tool and Clocks Tool: Available as Web and Desktop application Kinetis SDK v2 support Multicore support Localized for English and Simplified Chinese Mostly Connected: On-Demand device data download Integrates with any compiler and IDE Generation of documented C code which is C++ aware   What's New Added Clocks Tool Added Support for boards, kits and templates Added Labels and Identifier support Added Log and Problems View Export downloaded data to copy or share device information data Bug fixes and improved documentation The release notes of the desktop application are attached to this article.   Clocks Tool The new member of the suite of configuration tools is the Clocks Tool.  Use the Tools menu to select and switch between the tools:   The Clocks Tool provides graphical views for configuration and navigation in the clocks of the hardware:   Templates, Kits, Boards and Processors When creating a new configuration, it offers Templates, Kits, Boards and Processors. Custom configurations can be stored as templates and then used for new configurations.   Board Specific Functions With the provided board and kit configurations, there are now pre-configured initialization functions for major blocks on the board:   Labels and Identifiers In the Pins Tool there are two new columns: Label and Identifier: The Label is a user name/string to identify or describe the pin. The Identifier is a user C/C++ identifier which is added to the generated source code to be used by the application.   Export Data To simplify downloading the device specific data for the desktop tool, the 'Export' function can be used to download and export the data. The data can be copied that way to another machine or all data for a set of devices can be loaded.     The device support for the clocks tool is staged, so initially not all SDK V2 devices are included. As of Oct 14, the the following Kinetis SDK V2 R1 devices are supported by the Clocks Tool: MK21FN1M0AVLQ12 MK21FN1M0AVMC12 MK21FN1M0AVMD12 MK21FN1M0VLQ12 MK21FN1M0VMC12 MK21FN1M0VMD12 MK21FX512AVLQ12 MK21FX512AVMC12 MK21FX512AVMD12 MK21FX512VLQ12 MK21FX512VMC12 MK21FX512VMD12 MK22FN128CAH12 MK22FN128VDC10 MK22FN128VLH10 MK22FN128VLL10 MK22FN128VMP10 MK22FN1M0AVLH12 MK22FN1M0AVLK12 MK22FN1M0AVLL12 MK22FN1M0AVLQ12 MK22FN1M0AVMC12 MK22FN1M0AVMD12 MK22FN1M0VLH12 MK22FN1M0VLK12 MK22FN1M0VLL12 MK22FN1M0VLQ12 MK22FN1M0VMC12 MK22FN1M0VMD12 MK22FN256CAH12 MK22FN256VDC12 MK22FN256VLH12 MK22FN256VLL12 MK22FN256VMP12 MK22FN512CAP12 MK22FN512VDC12 MK22FN512VLH12 MK22FN512VLL12 MK22FN512VMP12 MK22FX512AVLH12 MK22FX512AVLK12 MK22FX512AVLL12 MK22FX512AVLQ12 MK22FX512AVMC12 MK22FX512AVMD12 MK22FX512VLH12 MK22FX512VLK12 MK22FX512VLL12 MK22FX512VLQ12 MK22FX512VMC12 MK22FX512VMD12 MK24FN1M0VDC12 MK24FN1M0VLL12 MK24FN1M0VLQ12 MK26FN2M0CAC18 MK26FN2M0VLQ18 MK26FN2M0VMD18 MK26FN2M0VMI18 MK63FN1M0VLQ12 MK63FN1M0VMD12 MK64FN1M0VDC12 MK64FN1M0VLL12 MK64FN1M0VLQ12 MK64FN1M0VMD12 MK64FX512VDC12 MK64FX512VLL12 MK64FX512VLQ12 MK64FX512VMD12 MK65FN2M0CAC18 MK65FN2M0VMI18 MK65FX1M0CAC18 MK65FX1M0VMI18 MK66FN2M0VLQ18 MK66FN2M0VMD18 MK66FX1M0VLQ18 MK66FX1M0VMD18 MK80FN256CAx15 MK80FN256VDC15 MK80FN256VLL15 MK80FN256VLQ15 MK81FN256CAx15 MK81FN256VDC15 MK81FN256VLL15 MK81FN256VLQ15 MK82FN256CAx15 MK82FN256VDC15 MK82FN256VLL15 MK82FN256VLQ15 MKL13Z32VFM4 MKL13Z32VFT4 MKL13Z32VLH4 MKL13Z32VLK4 MKL13Z32VMP4 MKL13Z64VFM4 MKL13Z64VFT4 MKL13Z64VLH4 MKL13Z64VLK4 MKL13Z64VMP4 MKL17Z128VFM4 MKL17Z128VFT4 MKL17Z128VLH4 MKL17Z128VMP4 MKL17Z256VFM4 MKL17Z256VFT4 MKL17Z256VLH4 MKL17Z256VMP4 MKL17Z32VDA4 MKL17Z32VFM4 MKL17Z32VFT4 MKL17Z32VLH4 MKL17Z32VMP4 MKL17Z64VDA4 MKL17Z64VFM4 MKL17Z64VFT4 MKL17Z64VLH4 MKL17Z64VMP4 MKL27Z128VFM4 MKL27Z128VFT4 MKL27Z128VLH4 MKL27Z128VMP4 MKL27Z256VFM4 MKL27Z256VFT4 MKL27Z256VLH4 MKL27Z256VMP4 MKL27Z32VDA4 MKL27Z32VFM4 MKL27Z32VFT4 MKL27Z32VLH4 MKL27Z32VMP4 MKL27Z64VDA4 MKL27Z64VFM4 MKL27Z64VFT4 MKL27Z64VLH4 MKL27Z64VMP4 MKL33Z128VLH4 MKL33Z128VMP4 MKL33Z256VLH4 MKL33Z256VMP4 MKL33Z32VFT4 MKL33Z32VLH4 MKL33Z32VLK4 MKL33Z32VMP4 MKL33Z64VFT4 MKL33Z64VLH4 MKL33Z64VLK4 MKL33Z64VMP4 MKL43Z128VLH4 MKL43Z128VMP4 MKL43Z256VLH4 MKL43Z256VMP4 MKS22FN256VLL12 MKS22FN256VLH12 MKS22FN128VLL12 MKS22FN128VLH12   In November, the following SDK V2.0 R2 and R3 devices will be available in the Clocks Tool: MKL14Z32VFM4 MKL14Z32VFT4 MKL14Z32VLH4 MKL14Z32VLK4 MKL14Z64VFM4 MKL14Z64VFT4 MKL14Z64VLH4 MKL14Z64VLK4 MKL15Z128CAD4 MKL15Z128VFM4 MKL15Z128VFT4 MKL15Z128VLH4 MKL15Z128VLK4 MKL15Z32VFM4 MKL15Z32VFT4 MKL15Z32VLH4 MKL15Z32VLK4 MKL15Z64VFM4 MKL15Z64VFT4 MKL15Z64VLH4 MKL15Z64VLK4 MKL24Z32VFM4 MKL24Z32VFT4 MKL24Z32VLH4 MKL24Z32VLK4 MKL24Z64VFM4 MKL24Z64VFT4 MKL24Z64VLH4 MKL24Z64VLK4 MKL25Z128VFM4 MKL25Z128VFT4 MKL25Z128VLH4 MKL25Z128VLK4 MKL25Z32VFM4 MKL25Z32VFT4 MKL25Z32VLH4 MKL25Z32VLK4 MKL25Z64VFM4 MKL25Z64VFT4 MKL25Z64VLH4 MKL25Z64VLK4   MKW21D256VHA5 MKW21D512VHA5 MKW22D512VHA5 MKW24D512VHA5   In December, the SDK 2.0 R4 devices will be supported by the Clocks Tool: MKV10Z16VFM7 MKV10Z16VLC7 MKV10Z16VLF7 MKV10Z32VFM7 MKV10Z32VLC7 MKV10Z32VLF7 MKV10Z128VFM7 MKV10Z128VLC7 MKV10Z128VLF7   MKV10Z128VLH7   MKV10Z64VFM7 MKV10Z64VLC7 MKV10Z64VLF7   MKV10Z64VLH7 MKV11Z128VFM7 MKV11Z128VLC7 MKV11Z128VLF7   MKV11Z128VLH7   MKV11Z64VFM7 MKV11Z64VLC7 MKV11Z64VLF7   MKV11Z64VLH7   MKV30F128VFM10 MKV30F128VLF10 MKV30F128VLH10 MKV30F64VFM10 MKV30F64VLF10 MKV30F64VLH10 MKV46F256VLL16 MKV46F256VLH16 MKV46F128VLL16 MKV46F128VLH16 MKV44F256VLL16 MKV44F256VLH16 MKV44F128VLL16 MKV44F128VLH16 MKV44F64VLH16 MKV42F256VLL16 MKV42F256VLH16 MKV42F128VLL16 MKV42F128VLH16 MKV42F64VLH16 MKV44F128VLF16 MKV44F64VLF16 MKV42F128VLF16 MKV42F64VLF16 MKV58F1M0VMD24 MKV58F512VMD24 MKV58F1M0VLQ24 MKV58F512VLQ24 MKV58F1M0VLL24 MKV58F512VLL24 MKV56F1M0VMD24 MKV56F512VMD24 MKV56F1M0VLQ24 MKV56F512VLQ24 MKV56F1M0VLL24 MKV56F512VLL24 MKV31F128VLH10 MKV31F128VLL10 MKV31F256VLH12 MKV31F256VLL12 MKV31F512VLH12 MKV31F512VLL12   We hope you will find this new release useful.   Thanks for designing with NXP!

The new NXP Pins tool which has been showcased at FTF 2016 in Austin is now available as Web and Desktop application. The Kinetis Expert Pins Tool makes configuring, muxing and routing of pins very easy and fast. It provides real-time feedback of conflicts and provides an intuitive graphical interface with several views. The tool generates Kinetis SDK V2.0 compatible sources files which can be directly integrated into C/C++ applications. The Pins tool is available both as Web application (no installation needed) and as a Desktop application for Linux, Mac and Windows.     You can use the Web version from Welcome to Kinetis Expert | Kinetis Expert.   It is available for download as Desktop version from Software Development Kit for Kinetis MCUs|NXP (Windows, Mac OS X and Linux 64bit) under the 'Software' category: There are two different installer types: 'offline' is a 130 MByte download. This method is recommended for slower internet connections or for installation on multiple machines. 'online' is a small 500 KByte download, all the other installation data will be loaded from the internet during installation. Mac OS X and Linux installers are 64bit. For Windows there are both 32bit and 64bit installers available.   Documenation is availble on Software Development Kit for Kinetis MCUs|NXP in the documenation download section, as well attached to this article (Getting Started is available in Chinese): An overview and tutorial can be found here: https://mcuoneclipse.com/2016/06/08/tutorial-muxing-with-the-new-nxp-pins-tool/   We hope you find this tool useful!