Destructive Reset Diagnostic Routine for the MAXQ1103

文章摘要：Destructive Reset Diagnostic Routine for the MAXQ1103Abstract: The MAXQ1103 is a secure microcontroller that erases sensitive data when any one of many tamper-detect inputs are triggered. After the destructive reset, the recovery vector allows diagnostic code to run and perform any additional action

Destructive Reset Diagnostic Routine for the MAXQ1103,标签：单片机开发,单片机原理,单片机教程,http://www.88dzw.com

Destructive Reset Diagnostic Routine for the MAXQ1103

Abstract: The MAXQ1103 is a secure microcontroller that erases sensitive data when any one of many tamper-detect inputs are triggered. After the destructive reset, the recovery vector allows diagnostic code to run and perform any additional actions required for proper logging or notification of the destructive event. This application note explores the various aspects of writing a diagnostic routine using the Rowley CrossWorks C compiler.

The source code used with this application note is available for download (ZIP).

Introduction

The MAXQ1103 secure microcontroller implements many important features to deter physical tampering and the subsequent compromise of valuable data. One of these features is the Destructive Reset Source, or DRS, subsystem. The DRS feature allows any one of multiple self-destruct inputs (SDI) to cause near-instantaneous erasure of program and data decryption keys and internal static RAM. Assuming that the application has been stored in an encrypted region within the internal program flash memory, erasure of the program decryption key will render the microcontroller inert.

Previous Maxim products, such as the DS5250, incorporated this DRS feature. However, the MAXQ1103 adds the capability to execute an unencrypted diagnostic routine after a destructive reset. This diagnostic routine can execute any unencrypted internal code that does not require access to the external memory bus (which is disabled until the next power-on reset).

As an example, the diagnostic routine could be used to signal a maintenance alert through a modem to a central office and to display an "out of order" indication to the user. This routine also performs erasure and reprogramming of the internal flash memories.

Configuration of the DRS Diagnostic Routine

The DRS diagnostic routine is enabled with the DRSRS register bit location DIAE. The DRSRS register bits DIAS[3:0] specify the program code location to which the microcontroller will vector after the causative SDI is cleared. If the diagnostic vector location points to an encrypted memory region, the microcontroller's ROM will simply halt the processor after reset, which is the default action when DIAE=0 (diagnostic routine not enabled).

The DRSRS register may be written at any time during normal program execution. This register also holds flags which indicate the source of the destructive reset. These flags can be used by the diagnostic routine or logged to nonvolatile memory.

Example Application: Secure Clock

To demonstrate the DRS diagnostic routine on the MAXQ1103, a small application was written in C utilizing the Rowley CrossWorks compiler. This application implements a simple real-time clock (RTC) with the MAXQ1103 EV kit (Rev D).

The date and time are continually displayed on the EV kit's LCD with an update every second. Using the ENT key on the kit's numeric keypad, the user can enter the date and time directly; the cursor increments through the date and time fields automatically. A sample display is shown in Figure 1.

[1] [2]  下一页