

# **User Guide**

# **Alif Security Toolkit**

V1.107.0



# Table of Contents

| Int | troduction                             | 5  |
|-----|----------------------------------------|----|
| 1.  | Python Executables                     | 6  |
| 2.  | Source code release                    | 6  |
| 3.  | Release Version                        | 6  |
| 4.  | Quick User Guide                       | 7  |
|     | Updating to the latest ALIF release    | 7  |
|     | Adding / Changing an application image | 7  |
| 5.  | TOC Packages                           | 9  |
|     | System Table of Contents (STOC)        | 9  |
|     | SE-UART Output Fields                  | 10 |
|     | SEROM                                  | 10 |
|     | Banner                                 | 10 |
|     | LCS (Life Cycle State)                 | 10 |
|     | [SES] Output                           | 10 |
|     | Device configuration                   | 10 |
|     | [SES] Table                            | 10 |
|     | SES Boot Error messages                | 12 |
|     | Firewall Exception messages            | 12 |
|     | Firewall Configuration Errors          | 13 |
|     | Error messages – no ATOC in MRAM       | 13 |
|     | Application Table of Contents (ATOC)   | 13 |
|     | ATOC Placed Images                     | 14 |
|     | NTOC Images                            | 15 |
| 6.  | Alternate SES Boot Path Option         | 16 |
|     | Boot Path                              | 16 |
| 7.  | ISP (In System Programming)            | 18 |
|     | SE-UART Connection                     | 18 |
|     | UART Settings                          | 18 |
|     | Dynamic Baud Rate Change               | 18 |
|     | Baud Rate Override                     | 18 |
|     |                                        |    |



|    | UART Errors – PermissionError                              | 18 |
|----|------------------------------------------------------------|----|
|    | UART Errors – Disconnected                                 | 19 |
|    | UART Errors – FileNotFoundError                            | 19 |
|    | ISP Discovery                                              | 19 |
|    | ISP when in Low power mode                                 | 20 |
| 3. | . Tool Flow                                                | 21 |
|    | Debug Stubs                                                | 21 |
|    | MRAM Burners                                               | 22 |
| €. | . Running the Tools                                        | 23 |
|    | tools-config tool                                          | 23 |
|    | Tools-config command line mode:                            | 24 |
|    | app-gen-rot tool                                           | 25 |
|    | app-gen-toc tool                                           | 27 |
|    | Valid LoadAddress Regions                                  | 31 |
|    | Note on Factory (Blinky) for ENSEMBLE E1C and BALLETTO B1C | 31 |
|    | app-write-mram tool                                        | 33 |
|    | Maintenance Mode Internals                                 | 34 |
|    | Maintenance Mode reporting                                 | 34 |
|    | Erase option                                               | 34 |
|    | Padding binaries (-p option)                               | 35 |
|    | No Reset option (-nr)                                      | 36 |
|    | Images option (-i)                                         | 36 |
|    | SKIP Images option (-S)                                    | 36 |
|    | SWITCH option (-s)                                         | 36 |
|    | No reset option (-nr)                                      | 37 |
|    | ATOC Policy                                                | 38 |
|    | Part# and/or Part Revision mismatch warnings               | 38 |
|    | Using app-write-mram in SEROM Recovery mode                | 38 |
|    | UpdateSystemPackage tool                                   | 39 |
|    | No Reset option (-nr)                                      | 39 |
|    | No Authentication (-na) option                             | 40 |
|    | Setting the part as default                                | 40 |
|    | Maintenance tool                                           | 41 |
|    | Running the Tool                                           | 41 |
|    | Command line options                                       | 41 |



|    | Maintenance Menu Grouping                                   | 43 |
|----|-------------------------------------------------------------|----|
|    | maintenance menu in SEROM Recovery mode                     | 44 |
|    | Device Control                                              | 44 |
|    | Device Information                                          | 45 |
|    | MRAM                                                        | 58 |
|    | Utilities                                                   | 60 |
|    | Setting capabilities                                        | 64 |
|    | ROM                                                         | 65 |
|    | app-assets-gen                                              | 68 |
|    | app-provision                                               | 70 |
|    | app-secure-debug (rma)                                      | 71 |
|    | Tool Exit codes                                             | 73 |
|    | NACK Error Handling                                         | 74 |
|    | TIMEOUT Error Handling                                      | 74 |
| 10 | . RECOVERY MODE                                             | 75 |
|    | SEROM Error Codes                                           | 75 |
| 11 | . Primary Boot Path Alternative                             | 77 |
| 12 | . CONDUCTOR Tool Flow                                       | 78 |
|    | Configuration Options                                       | 78 |
|    | STATIC configuration                                        | 78 |
|    | DYNAMIC configuration                                       | 78 |
|    | Using the CONDUCTOR Tool with SETOOLS                       | 78 |
|    | Miscellaneous Feature set supported from CONDUCTOR tool     | 79 |
|    | SE_BOOT_INFO                                                | 80 |
|    | Non-CONDUCTOR Options                                       | 80 |
|    | Brown Out Reset (BOR) hysteresis and threshold configurable | 80 |
|    | SHARED_MEM_CTRL                                             | 81 |
|    | REG_ALIASING_CTRL                                           | 81 |
| 13 | . Device Debug Strategies                                   | 82 |
|    | Recovery vs SES Mode                                        | 82 |
|    | HARD Maintenance mode                                       | 82 |
|    | Quick Fix guide                                             | 82 |
|    | Reporting Issues to ALIF                                    | 83 |
| 14 | . Life Cycle State SECURE                                   | 84 |
| 15 | . Document History                                          | 85 |

# Alif Security Toolkit User Guide

## Introduction

The Alif Security Toolkit (SETOOLS) contains several tools (written in Python3) required to program and provision an Alif Semiconductor SoC device.

Provisioning means being able to add images to the internal NVM storage (MRAM) as well as adding Security assets such as Keys to the One Time Programmable memory (OTP).

ALIF images, known as System TOC (STOC), for the device are already provisioned into the MRAM, a user cannot change these, but can update to a new STOC version supplied by Alif. User images such as Application programs (binaries written for A32 or M55 cores) need to be packaged and written to the MRAM. The packages are called an Application Table of Contents (ATOC).

There are also pre-built binary images for the ALIF Table of Contents (STOC) Package. STOC contains the latest binary version of SERAM. The STOC also contains debug stubs which will execute on the Application cores to allow connection from the Debugger. These stubs are only loaded to Application CPUs that are not configured to run.

**NOTE:** These tools are designed to work with the following environment:

- Windows PC Executables (Windows 10/11)
- LINUX Executables (Ubuntu 18.4/20.4/22.4)
- MacOS Executables (tested with OS Sonoma 14.1).
- Ensemble DevKit Gen 2

The Alif <u>Ensemble DevKit User Guide (Gen 2)</u> includes instructions on how to connect the SE-UART output of the CPU to the host computer. This guide will then refer to the <u>Alif Security Toolkit Quick Start</u> Guide which contains instructions for installation of these tools.

This release version is app-release-exec-windows(linux)(macos)-SE\_FW\_1.107.0\_DEV.zip

# Alif Security Toolkit User Guide

# 1. Python Executables

The Security tools are executable images, previously these python scripts were delivered as source code. These executables do not require python or any pre-requisite libraries to be installed.

#### **Example:**

```
$ ./maintenance
[INFO] COM8 open Serial port success
[INFO] baud rate 55000

Available options:

1 - Device Control
2 - Device Information
3 - MRAM
4 - Utilities
5 - Setting capabilities
6 - ROM

Select an option (Enter to exit):
```

#### Previously you were required to run

```
$ python3 <tool-name>.py
```

#### Now you just run

```
$ <tool-name>
$ ./<tool-name>
```

NOTE: Screenshots in this document and other application notes or user guides might show the previous format but apply to this version or later releases if you enter just <tool-name> instead of "python3 <tool-name>.py".

## 2. Source code release

The SETOOLS source code release requires the user to install some supporting python packages

```
$ pip install pyqt5
$ pip install cryptography
$ pip install pyserial
$ pip install pylink-square
```

## 3. Release Version

Inside the SETOOLS app release directory there is

• An empty text file denoting the version of *this* release.

```
SETOOLS version SE FW 1.107.00
```

A file version.txt

# Alif Security Toolkit User Guide

This contains the version e.g. V1.107.0

# 4. Quick User Guide

Please ensure you have followed the Installation Guide in the Alif Security Toolkit Quick Start Guide before proceeding.

The recommended <release-location> installation directories are:

Windows: C:\app-release-exec

Linux: /home/\$USER/app-release-exec-linux MAC OS: /Users/\$USER/app-release-exec-macos

# Updating to the latest ALIF release

```
$ cd <release-location>
$ updateSystemPackage
```

## Adding / Changing an application image

To change or update an image to add to MRAM do the following:

```
$ cd <app-release-location>
$ edit build/config/app-cfg.json and add new binaries images
$ app-gen-toc

(Or use below command to use a different configuration)
$ app-gen-toc -f build/config/app-myfile.json
```



The app-gen-toc tool performs the packaging of your binary ready for writing to the MRAM.

The app-write-mram.py tool performs the writing of the application package to the MRAM. After this is completed, it will reset your target platform and the contents of the MRAM will be executed.

# Alif Security Toolkit User Guide

# 5. TOC Packages

The device will arrive already provisioned. This means that the SES is already programmed into MRAM.

# System Table of Contents (STOC)

On the initial power up of the device you will see the following SE-UART output:





## SE-UART Output Fields

The output from the SE-UART shows what SES has processed during the boot sequence of the device.

#### **SEROM**

Shows the version of the SEROM software and the SoC revision register contents.

#### Banner

Shows the version of the SES software.

# LCS (Life Cycle State)

Shows the LCS state of the device.

## [SES] Output

Shows the state of processing the STOC and ATOC images found in MRAM.

#### Device configuration

```
[SES] No ATOC
[SES] System partition address 0x80580000
[SES] STOC DEVICE ok
[SES] No LF XTAL
[SES] STOC ok
```

#### Other images processing –

```
[SES] STOC ok
[SES] ATOC ok
```

#### [SES] Table

Shows the details of all TOC objects processed from MRAM.

Name ASCII string name from the JSON file.

- DEVICE Shows a DEVICE Config object.

- SERAMO/1 Shows the two Banks of SES software. An asterisk ('\*') denotes which Bank was booted from.

- HE DBG Shows the default Debug stub executed if no ATOC is present.

CPU Which CPU is being targeted.

Store Address Where in MRAM is this object stored.

Obj Address TOC address

Dest Addr Where in RAM is this object being copied to.
Boot Addr What address is being used to Boot from.

Size Size of the binary object

Version Version ID specified in the JSON file.

Flags

C Image is Compressed u Image is Uncompressed



L Image is LOADED to a RAM location

V Image is VERIFIED s Image is SKIPPED

B Image has been BOOTED

D Image is DEFERRED, Booting will happen later

Time in microseconds from the start of TOC processing until completion, this could

include booting.

Deferred images will not display their details in the initial SES Banner print. The reason is that SES SKIPS these images on boot and so there are no details.

Once the object is Un deferred then the details can be displayed.



## SES Boot Error messages

SES can report the following Boot loader messages:

| BL_STATUS_OK                                 | 0x00 |
|----------------------------------------------|------|
| BL_ERROR_APP_INVALID_TOC_ADDRESS             | 0x01 |
| BL_ERROR_APP_INVALID_TOC_OFFSET              | 0x02 |
| BL_ERROR_UNALIGNED_ADDRESS                   | 0x03 |
| BL_ERROR_INVALID_TOC_ADDRESS_RANGE           | 0x04 |
| BL_ERROR_INVALID_TOC_FLAGS                   | 0x05 |
| BL_ERROR_INVALID_IMAGE_DATA                  | 0x06 |
| BL_ERROR_CERTIFICATE_NO_VERIFY_IN_MEMORY     | 0x07 |
| BL_ERROR_CERTIFICATE_NO_VERIFY_IN_FLASH      | 0x08 |
| BL_ERROR_CERTIFICATE_INVALID_LOAD_ADDRESS    | 0x09 |
| BL_ERROR_CERTIFICATE_INVALID_CHAIN           | 0x0A |
| BL_ERROR_CERTIFICATE_STORAGE_ADDRESS_INVALID | 0x0B |
| BL_ERROR_DEVICE_ADDRESS_INVALID              | 0x0C |
| BL_ERROR_UNCOMPRESS_FAILED                   | 0x0D |
| BL_ERROR_SIGNATURE_VERIFY_FAILED             | 0x0E |
| BL_ERROR_APP_ACCESSING_PROTECTED_AREA        | 0x0F |
| BL_ERROR_ICV_ACCESSING_PROTECTED_AREA        | 0x10 |
| BL_ERROR_FAILED_TOC_CRC32                    | 0x11 |
| BL_ERROR_INVALID_TOC                         | 0x12 |
| BL_ERROR_EXCEED_MAXIMUM_TOC_ENTRIES          | 0x13 |
| BL_ERROR_NOT_IMAGE_NOT_DEVICE_CFG            | 0x14 |
| BL_ERROR_INVALID_TOC_ENTRY_ID                | 0x15 |
| BL_ERROR_INVALID_CPU_ID                      | 0x16 |
| BL_ERROR_ENTRY_NOT_SIGNED                    | 0x17 |
| BL_ERROR_LOAD_TO_MRAM_NOT_ALLOWED            | 0x18 |
| BL_ERROR_NO_FREE_SLOTS                       | 0x19 |
| BL_ERROR_INVALID_M55_BOOT_ADDRESS            | 0x1A |
| BL_TOC_OBJECT_NOT_FOUND                      | 0x1B |
| BL_TOC_OBJECT_FOR_CPU_NOT_FOUND              | 0x1C |
| BL_TOC_IMAGE_NOT_BOOTABLE                    | 0x1D |
| BL_TOC_IMAGE_NOT_FOUND                       | 0x1E |
| BL_ERROR_COMPRESSION_NOT_SUPPORTED           | 0x1F |
| BL_TOC_IMAGE_DEVICE_MISMATCH                 | 0x20 |
| BL_ERROR_UPD_SIGNATURE_INCORRECT             | 0x21 |
| BL_ERROR_UPD_IMG_IN_MRAM_NOT_SUPPORTED       | 0x22 |
| <b></b>                                      |      |

# Firewall Exception messages

Firewall Components can raise exceptions at run time when they reject bus transactions because they didn't pass the various checks. Such exceptions are reported on the SES output screen.

Firewall exception from FC13, caused by Master ID 0x11 at address 0x80580000, transaction properties 0x00020000

Meaning:

FC <number> Firewall component which generated the exception.

Master ID The Corstone Master ID that issued the transaction causing the exception. It can be an

APP CPU, but can also be another Corstone master like a DMA controller, USB host, etc.

Address The address targeted by the transaction.



Transaction properties are the value of the Corstone register FE\_TP. The bits in it indicate the transaction properties read/write, data/instruction, unprivileged/privileged, and secure/non-secure.

#### Firewall Configuration Errors

On Boot up you may see messages such as:

```
[WARNING] ATOC firewall configuration skipped: FC:11 Rgn:1 error=3
```

This indicates that some firewall region configuration fragments in the ATOC device configuration files was rejected for some reason. The error code indicates the reason.

| Error Definition |                        | Description                                                              |  |
|------------------|------------------------|--------------------------------------------------------------------------|--|
| 1                | FW_CFG_ERR_MASTER_ID   | The region uses the Secure Enclave's Master ID (0), which is not allowed |  |
| 2                | FW_CFG_ERR_ICV_CONFIG  | The region is configured by the SE firmware and cannot be reconfigured   |  |
| 3                | FW_CFG_ERR_ICV_PROT    | The region overlaps with an Alif protected area (partially or fully)     |  |
| 4                | FW_CFG_ERR_REGION_SIZE | Invalid region size code. The maximum region size code is 32 (4GB)       |  |

#### Error messages – no ATOC in MRAM

If there is no ATOC in MRAM, the following error messages are displayed -

```
[SES] No ATOC
[SES] System partition address 0x80580000
[SES] STOC DEVICE ok
[SES] No LF XTAL
[SES] No LF XTAL
[SES] STOC ok
[SES] M55-HE booted from address 0x58000000
[SES] LCS=1
[SES] FC:Rgn
0:2 7:1 8:1 9:1 13:0 13:1 13:2
```

Any other errors during the boot process will be reported.

# Application Table of Contents (ATOC)

The default Application TOC package contains a Factory image, which Blinks the LEDs on the Development board.

Our releases consist of:

- M55 HE TCM LED Blinky program.

This code is stored in MRAM and copied to a RAM location (The TCM for the M55\_HE\_CPU) and booted.

#### To try the Blinky program

```
$ cd <release-location>
```

\$ app-write-mram

To rebuild this ATOC package



- \$ cd <release-location>
- \$ app-gen-toc -f build/config/app-cfg.json
- \$ app-write-mram

**NOTE**: When using an E1C or B1C device you must use the app-cfg-1c.json file.

# ATOC Placed Images

ATOC packages allow for the absolute placement of user images in MRAM. See "mramAddress" option in the app-gen-toc configuration file.

Users must ensure that these images conform to the MRAM alignment rules and always be 16-byte aligned.

Images that are managed by the ATOC tool i.e., not placed at an absolute address are guaranteed to be aligned correctly.



# **NTOC Images**

NTOC (No TOC) images are Execute in place (XIP) images stored at the base address of MRAM.

M55\_HE is the *only* CPU that executes these images.

These images are not generated by the Security Toolkit i.e., they are not ATOC images as they have restrictions such as they cannot be signed.

SES uses the following algorithm to process these objects:

```
IF ATOC is present
   Process ATOC and Boot
ELSE
   IF MTOC is present
      Process MTOC and Boot
ELSE
   IF (0x80000000 and 0x80000004 has valid $SP and $PC)
      ReleaseM55_HE
   ELSE
      Load STOC Debug stub (if present)
```

#### SES reads the first two 32-bits of MRAM:

- Word1 = \$SP (Stack Pointer)
- Word2 = \$PC (Program Counter)

## Then uses the following logic:

- Is the Program counter in the valid Application address range of MRAM?
- Is the Stack Pointer in a valid RAM memory range?

If these above criteria are not met, then the image will not be released (booted).

**NOTE**: MTOC support was dropped in CMSIS release V0.9.1.

# Alif Security Toolkit User Guide

# 6. Alternate SES Boot Path Option

Some ENSEMBLE devices support Alternate Boot Option which means SES can be booted from External Memory instead of MRAM.

MRAM is the default path on our devices, but users can choose (via provisioning) to have a backup boot path from external OSPI memory should MRAM become nonfunctional.

SEROM will process flags contained in OTP denoting if this feature is enabled. These flags are provisioned by the user (as they are OTP this is only done *ONCE*) using the Maintenance tool.

## **Boot Path**

The following is the SEROM boot path showing the External memory selection path





 $\label{lem:lemonder} \mbox{ IF the External memory path is selected then the following is executed }$ 



# Alif Security Toolkit User Guide

# 7. ISP (In System Programming)

ISP is a mechanism for connecting to the Secure Enclave using the Secure Enclave UART (SE-UART) and performing various operations with the device.

Please ensure the prerequisite python packages are installed before starting. See the installation instructions in the Alif Security Toolkit Quick Start Guide.

#### **SE-UART Connection**

#### **UART Settings**

| Baud Rate    | 55000 (default) |
|--------------|-----------------|
| Data         | 8 bits          |
| Parity       | None            |
| Stop Bits    | 1 bit           |
| Flow control | None            |

#### Dynamic Baud Rate Change

Tools updating MRAM (updateSystemPackage, app-write-mram) will increase the baud rate from the default value to 921600 baud. Once the operation is completed the Baud rate is set back to the default value.

Use the '-s' option to override this dynamic change facility.

SES supports MRAM updates at the standard HF RC/XO frequencies, with baud rate bumping. I.e., no need to specify '-s'. If the device is running at a non-standard frequency, via the 1/X or 1/Z dividers - the MRAM updates should be done via the '-s' switch.

#### **Baud Rate Override**

The ISP method uses a default baud rate. For REV\_A1 devices this is 100000.

You can override the default baud rate by doing either:

- Edit the local configuration file isp config data.cfg and change baudrate.
- Use the -b option e.g. -b 55000

All ISP tools have this option.

#### UART Errors – PermissionError

```
updateSystemPackage.py
Burning: System Package in MRAM
Selected Device:
Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B4

Connecting to the target device...
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[ERROR] openSerial could not open port 'COM7': PermissionError(13, 'Access is denied.', None, 5)
[ERROR] isp openSerial failed for COM7
```

There is only one SE-UART on the device. If you are using ISP, please ensure you have no other Tera term



or putty sessions using the same SE-UART. The following shows the output if the SE-UART is already being used by another program:

This indicates that the UART is already being used (e.g., a Tera-Term session is still running).

#### **UART Errors – Disconnected**

This error occurs when a Disconnect event occurs such as Powering off the FDTI UART whilst in an ISP operation.

```
Available options:

1 - Hard maintenance mode
2 - Soft maintenance mode
3 - Device reset

Select an option (Enter to return): 1

[ERROR] /dev/ttyUSB0 readSerial reporting disconnected
```

In this example, we are in Hard Maintenance mode waiting for input from the Target board. The UART power is turned off and we will see the following error message printed that there has been a disconnection event.

#### UART Errors – FileNotFoundError

```
$ ./maintenance
[ERROR] openSerial could not open port 'COM8': FileNotFoundError(2, 'The system cannot find the file specified.', None, 2)
[ERROR] isp openSerial failed for COM8
```

This error usually indicates that your target system is not powered.

## **ISP Discovery**

This command discovers the available Serial communication ports. The first time you execute an SETOOLS script you will be prompted for the required serial port.

When the ports are presented, just enter the port name and press [ENTER]. Just pressing [ENTER] will pick the last item in the list.

This port data is saved in a local configuration file (isp\_config\_data.cfg).

The next time an SETOOLS command is invoked if this configuration file is present, it will use the parameters from this file.

To override this option simply use the -d option:



```
$ ./app-write-mram -d
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Burning: ../build/AppTocPackage.bin 0x8057c4e0
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
COM ports detected = 2
-> COM8
-> COM9
Enter port name:
```

This will force a re-discovery of the Serial ports.

All the MRAM ISP tools have the discovery option which will prompt you for the serial port.

# ISP when in Low power mode

When an application has put the device into STOP power mode, ISP will not be operational (the device is Powered off).

# Alif Security Toolkit User Guide

8. Tool Flow

The tools allow a user to provision the device.

This includes programming MRAM with application binaries for A32 and M55 embedded processors available for user applications.

- a. Use tools-config to review and modify current tool options.
- b. Generate RoT with app-gen-rot.py only once (or anytime new keys are required) **Not required** as this release packet already contains a sample RoT and corresponding keys and certificates, but it can be used if user wants to re-generate the RoT.
- c. Edit build/config/app-cfg.json file (or a json file with other name) with images to include in the desired **AppTocPackage.bin** image and copy the binaries into the build/ directory. Run app-gentoc.py to generate the package.
- d. Power on the board and connect the Serial interface for the following steps.
  - d.1 (Optional) Use updateSystemPackage.py to update latest Alif Secure Enclave firmware.
  - d.2 Use app-write-mram.py to upload the AppTocPackage.bin image into the MRAM.
    d.2.1 (Optional) Reset the board to reboot the chip to verify that the SERAM image loads and boots properly.

#### **Debug Stubs**

To enable connection with the debugger such as ARM-DS, the target core needs to be running.

This is achieved by running debug stubs on the cores. If the M55\_HE Application core does not have an application loaded for it a debug stub will be installed for it. This is done automatically by SES if no Application for the M55\_HE is detected. This is not a TOC based debug stub and so does not appear in any Table of contents enquiries. (NOTE: It is important by wiring instructions directly to the TCM memory of the M55\_HE and releasing the core)

For the other APP cores, the user must instantiate debug stubs by entering them in an ATOC configuration file.

You can create an ATOC image with 3 SRAM debug stubs for the 3 CPU cores by running

app-gen-toc -f build/config/app-cpu-stubs.json

Then erase the application part of MRAM by running

app-write-mram -e app

And then write the image with 3 debug stubs to MRAM by running

app-write-mram

Details of these programs are described below.

The following is the SE-UART output on boot when the Application MRAM is not programmed.





The debug stubs, denoted by the \_DBG names, are loaded by SES for each relevant Application core.

#### **MRAM Burners**

#### Two tools used to write MRAM

- updateSystemPackage
- app-write-mram

One will update the System TOC (STOC) and the other will update the Users Application MRAM area.

When using a generated TOC package this will be guaranteed to correctly aligned and padded for writing to MRAM.

In the case of User supplied images the burning tool will warn of any alignment issues such as not being aligned on 16-byte boundaries. The user will need to correct the issue(s) and re-run the burning tool.

Both tools require that SES is running on the Target device. If you are in Recovery mode, these tools will not work as the ISP protocol command sets are different between SEROM and SERAM.

# Alif Security Toolkit User Guide

# 9. Running the Tools

# tools-config tool

From the command prompt.

#### \$ tools-config

This script will show the current tool options and allow for their modification.

Press the menu number to show available options.

# Alif Security Toolkit User Guide

```
Available options:
 - Ensemble (default)
 - Balletto
Please enter the number of your option: 1
Available options:
 - E8 (AE822FA0E5597LSO) - 5.5 MRAM / 9.75 SRAM (default)
  - E8 (AE822FA0E5597BS0) - 5.5 MRAM
                                          9.75 SRAM
 - E7 (AE722F80F55D5LS) - 5.5 MRAM
                                         13.5 SRAM
  - E7 (AE722F80F55D5AS) - 5.5 MRAM
                                         13.5 SRAM
   E5 (AE512F80F55D5LS)

    5.5 MRAM

  - E5 (AE512F80F5582AS) - 5.5 MRAM /
                                         8.25 SRAM
  - E5 (AE512F80F55D5AS) - 5.5 MRAM
                                         13.5 SRAM
   E5 (AE512F80F5582LS) - 5.5 MRAM
                                         8.25 SRAM
    E4 (AE402FA0E5597BE0) - 5.5 MRAM /
  - E3 (AE302F80F55D5LE) - 5.5 MRAM
  - E3 (AE302F80F5582LE) - 5.5 MRAM
                                          8.25 SRAM
  - E3 (AE302F80F55D5AE) -
- E3 (AE302F80F5582AE) -
                              5.5 MRAM
                              5.5 MRAM
  - E3 (AE302F80C1557LE) - 1.5 MRAM
  - E3 (AE302F40C1537LE) - 1.5 MRAM
                                          3.75 SRAM
   - E1 (AE101F4071542LH) -
                              1.5 MRAM
   - E1C (AE1C1F4051920PH) - 1.86 MRAM /
                                            2.0 SRAM
  - E1C (AE1C1F4051920HH) - 1.86 MRAM
  - EIC (AEICIF40319205H) - 1.86 MRAM
- EIC (AEICIF1041010PH) - 1.0 MRAM
                                            2.0 SRAM
                               1.0 MRAM /
  - E1C (AE1C1F1041010HH) - 1.0 MRAM /
                                           1.0
                                               SRAM
  - E1C (AE1C1F10410105H) - 1.0 MRAM
                                           1.0 SRAM
  - E1C (AE1C1F1040505PH)
- E1C (AE1C1F1040505HH)
                            - 0.5 MRAM
                                           0.5 SRAM
                             - 0.5 MRAM
                                           0.5
                                               SRAM
  - E1C (AE1C1F10405055H)
                               0.5 MRAM
Please enter the number of your option:
```

Choose the desired option by pressing the option number (or press Enter key to choose the default one, shown in parentheses).

Once the tool options are configured, the rest of the tools will take these options automatically.

(Note: every time a new Part Number or device Revision is changed, it's recommended to re-generate the APP TOC Package using the app-toc.py tool).

#### Tools-config command line mode:

Besides the interactive mode explained above (with menus and selections), the tool also allows the user to select the Part# (option 1 in the menu) and Revision (option 2) using the following command line options:

- -p PART# (use double quotes). Examples:
  - -p "E7 (AE722F80F55D5AE) 5.5 MRAM / 13.5 SRAM"
  - -p "E1 (AE101F4071542UE) 1.5 MRAM / 4.25 SRAM"
  - -p "e7 (AE722F80F55D5AE) 5.5 mRAM / 13.5 srAM"
- -r REVISION. Examples:
  - -r B4
  - -r A0

# Alif Security Toolkit User Guide

## app-gen-rot tool

From the command prompt.

```
$ app-gen-rot (-h for help)
```

The Security Tools already have a development key embedded.

You will need to use the -o, --overwrite flag to create a new one.

The tool will prompt the user to enter a password to encrypt the generated keys before saving them in the disk. The password will be saved as 'oem\_keys\_pass.pwd 'and it will be needed for each operation that requires reading the encrypted keys.

```
$ ./app-gen-rpt-0
urils/key/blkL_mank.txt
urils/key/blkL_mank.txt
urils/key/blkL_mank.txt
urils/key/blkL_mank.txt
urils/key/blkL_mank.txt
urils/key/blkL_mank.txt
urils/key/blkDis_mank
urils/key/blkD
```



```
This configuration file is for the offine key certificate tool cert_key_util.py (Key Certificate Generation Tool - NGGT).

The available parameters in this configuration file are the following

At the configuration file is for the offine key certificate tool cert_key_util.py (Key Certificate Generation Tool - NGGT).

The available parameters in this configuration file are the following

At the cert-keyair: | Aundatory parameter |

The file holding the RSA keypair for signing this certificate, in PBM format.

At cert-keypair: pair depictional. I fountied the tool prompts for direct input.

At the passible parameter is a passible passib
```

Once finished, keys will be generated in *utils/key/*, certificates are generated in *cert/*, and logs in *build/logs/* folder.

# ALIF SEMICONDUCTOR app-gen-toc tool

# Alif Security Toolkit User Guide

To generate the APP TOC Package, the build/config/app-cfg.json file must be configured. Alternatively, a configuration file can be created with a different name and the tool's "-f" option can cause that alternate file to be used as input to the program.

Here is an example configuration file:

```
app-cfg - Notepad
                                             ×
File Edit Format View
                    Help
        "BLINK-HE": {
                 "binary": "m55_blink_he.bin",
                 "version" : "1.0.0",
                 "cpu_id": "M55_HE",
        "loadAddress": "0x58000000",
        "flags": ["load", "boot"]
        },
        "DEVICE": {
        "binary": "app-device-config.json",
        "version" : "0.5.00"
}
Ln 1, Col 1
                100%
                       Windows (CRLF)
                                        UTF-8
```

This configuration file is in JSON format and must specify each of the binary images the user wants to include in the APP TOC Package. <u>SERAM will process the images in the specified order (from top to bottom)</u>.

A JSON file may contain multiple objects, where each object is represented by a set of name-value pairs.



In the configuration file, each image must be specified as an object in the following way;

```
"IMAGE_IDENTIFIER": {
    "attribute_1": "value_1",
    "attribute_2": "value_2",
    ......
"attribute_n": "value_n"
}
```

Multiple images will be declared by multiple objects, separated by comma. For example.

```
{
    "IMAGE_1": {
    },
    "IMAGE_2": {
    },
    "IMAGE_N": {
    }
}
```

The "IMAGE\_IDENTIFIER" is an 8-character length (MAX) description intended to give a short description to the image. The tool will truncate or extend this field's length as appropriate. This name **should be unique** per configuration file.

Inside each image object, different attributes can be used to define the parameters of the binary image. The following attributes are valid:

**binary**: [MANDATORY] - this attribute declares the name of the binary to be included in the APP TOC Package. It is assumed the binary exists in the build/images/ folder.

**version**: [OPTIONAL] – this attribute declares the version of the image, and it should follow the 'X.Y.Z' format. Example: '1.0.0'

**loadAddress**: [MANDATORY if LOAD flag is set] – this attribute specifies the loading address in (RAM) memory where the code will be executed from. Global Memory Addresses (in hexadecimal format) should be used for this attribute.

mramAddress: [OPTIONAL] – this attribute specifies the MRAM address location where the user wishes the image to reside, and addresses (in hexadecimal format) starting from 0x8000-0100 (for REV\_Ax) can be used. This option is to support the "Fixed Address Image" or "absolute placement" use case, where the user needs to position the binary in a specific address in MRAM, so other running code can locate this image in the specified location (Linux use case). If this attribute is used with the BOOT flag, XIP (execution in place) is supported. If this flag is not set, then the image will reside at this address, with no further implication. If this attribute is NOT specified, the tool will define the MRAM position to allocate the binary in memory.



flags: [OPTIONAL] - the following flags can be used - example ["load", "boot"]:

- LOAD The image will be loaded into the specified memory address
- o BOOT The specified CPU\_ID will be started to execute the image
- ENCRYPT The image will be encrypted
- o COMPRESS The image will be compressed
- DEFERRED The image will be skipped at boot time (i.e., no boot or load) and wait for a service request at runtime.

**cpu\_id**: [OPTIONAL] – this attribute indicates the CPU to start once the binary is ready to be executed. Valid values are:

[A32\_0, A32\_1, A32\_2, A32\_3, M55\_HP, M55\_HE]

Note: Only one CPU\_ID should be specified.

**signed**: [OPTIONAL] – this attribute is a binary value (true/false) specifying if the image is signed ("signed": true) or unsigned ("signed": false). In a typical case for Secure Boot, all images should be signed, so there is no need to specify this attribute. Only if the user wishes to specify an unsigned image, this attribute should be set as false.

**disabled**: [OPTIONAL] – this attribute allows a temporary disable of an image in the configuration file for testing purposes, so there is no need to delete the object for that image. Specifying "disabled": true, the tool will ignore the entry. Either deleting the attribute, or setting it as false, the tool will include back the image in the final APP Package.



The JSON configuration file, along with all the binaries declared in it, should be allocated in the build/ folder (build/config/ and build/images respectively);



Once the configuration is done, and all declared images exist in *build/images/* folder, continue with the APP TOC Package generation step.

From the command prompt.

\$ app-gen-toc (-h for help)

```
S ./app-gen-toc
Generating APP Package with:
Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- System MRAM Base Address: 0x80580000
- APP MRAM Base Address: 0x80000000
- APP MRAM Size: 5767168
- Configuration file: build/config/app-cfg.json
- Output file: build/AppTocPackage.bin

Generating Device Configuration for: app-device-config.json
Calculating APP area...
Creating Content Certificates...
2024-01-26 13:46:31,300 - Content Certificate Generation Utility started (Logging to ../build/logs/ICVSBContent.log)
2024-01-26 13:46:31,561 - Content Certificate Generation Utility started (Logging to ../build/logs/ICVSBContent.log)
Creating APP TOC Package...
Adding ATOC...
APP TOC Package size: 15104 bytes
Creating Signature...
Binary File: ../build/AppTocPackage.bin
2024-01-26 13:46:31,809 - Content Certificate Generation Utility started (Logging to ../build/logs/ICVSBContent.log)
Content Certificate File: build/AppTocPackage.bin.crt
Signature File: build/AppTocPackage.bin.sign
Done!
```

Once the tool finishes, a map file named *app-package-map.txt* will be created in build/ folder to provide a reference of the memory map and images/certificates packaged in the APP TOC Package created by the tool. This memory map file will have the following structure.





Additionally, a script file will be created in bin/ folder to automate the burn of this package into MRAM, using the app-write-mram.py tool. See next section for details.

#### Valid LoadAddress Regions

The valid address ranges supported are as follows:

| Start Address | Size   | Name    | Name             |
|---------------|--------|---------|------------------|
| 0x5000-0000   | 256KB  | SRAM2   | M55_HP_ITCM_BASE |
| 0x5080-0000   | 1MB    | SRAM3   | M55_HP_DTCM_BASE |
| 0x5800-0000   | 256KB  | SRAM4   | M55_HE_ITCM_BASE |
| 0x5880-0000   | 256KB  | SRAM5   | M55_HE_DTCM_BASE |
| 0x6000 0000   | 256KB  | SRAM9_A |                  |
| 0x6004 0000   | 1024KB | SRAM6_A |                  |
| 0x6200 0000   | 1024KB | SRAM6_B |                  |
| 0x6300 0000   | 512KB  | SRAM7   |                  |
| 0x6320 0000   | 2048KB | SRAM8   |                  |
| 0x8000-0000   | 6MB    | MRAM    | MRAM_BASE        |

## Note on Factory (Blinky) for ENSEMBLE E1C and BALLETTO B1

Security toolset (SETOOLS) contains a Factory Image ("Blinky) for ALIF development boards. This is supplied as a binary and is intended as a quick visual test of SETOOLS.

The ENSEMBLE E1C and BALLETTO B1 series devices differ from the ENSEMBLE E1, E3, E5 and E7 series devices. This means that the default Blinky for an ENSEMBLE device (E1,3,5,7) does not run on an ENSEMBLE E1C device, main difference being the Memory layouts.



For E1C/B1C devices there are added configuration files as configuration files for Balletto devices (both "Ensemble" E1C and B1).

- app-cfg-1c.json
- app-device-config-1c.json

The app-cfg-1c.json file uses m55\_blink\_he\_1c.bin binary, tailored for Balletto Devkit board. Also, the specific device configuration file is being used in this app configuration.

In SETOOLS, ENSEMBLE is the default family/part. So, to burn the Blinky example to a BALLETTO Dev board, the following steps should be followed:

- Select a Balletto B1C (or Ensemble E1C) part using the tools.config.py tool.
- Build the ATOC with:
- \$ ./app-gen-toc -f build/config/app-cfg-1c.json
  - Burn the ATOC using:
- \$ ./app-write-mram

The LED should blink in the BALLETTO Dev Kit

# Alif Security Toolkit User Guide

#### app-write-mram tool

 This utility uses ISP (In System Programming) via the SE-UART connection to update the MRAM

From the Windows Command prompt.

\$ app-write-mram (-h for help)

```
C:\app-release>python3 app-write-mram.py -h
usage: app-write-mram.py [-h] [-d] [-b BAUDRATE] [-e ERASE] [-i IMAGES] [-a] [-S] [-s] [-p] [-nr] [-V] [-v]
NVM Burner for Application TOC Package
optional arguments:
 -h, --help
-d, --discover
                       show this help message and exit
                       COM port discovery
 -b BAUDRATE, --baudrate BAUDRATE
                       serial port baud rate
  -e ERASE, --erase ERASE
                       ERASE [APP | <start address> <size> [<pattern>] ]
  -i IMAGES, --images IMAGES
                       images list to burn into NVM ("/path/image1.bin 0x80001000 /path/image2.bin 0x80003000")
  -a, --auth_image
                       authenticate the image by sending its signature file
  -S, --skip
                      write ATOC only - skip user managed images
 -s, --switch
                      dynamic baud rate switch toggle, default=on
                       pad the binary if size is not multiple of 16
  -р, --раd
  -nr, --no_reset
                      do not reset target before operation
  -V, --version
                       Display Version Number
  -v, --verbose
                       verbosity mode
```

Before running this utility, be sure the CPU board is powered on and the SEUART is connected to the PC. Open Windows Command prompt and change directory to the release directory. Call the script as the example shows.

```
$ ./app-write-mram
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Burning: ../build/AppTocPackage.bin 0x8057c4e0
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
Maintenance Mode = Enabled
Authenticate Image: False
build\AppTocPackage.bin [###############]100%: 15136/15136 bytes
0.32 seconds
```

The first time this command is executed it will prompt the user for the Serial Communications port name. This information is stored in a local file and will be read again when this command is executed.

You can override this using the -d (discovery) option and you will be prompted again for the port name.

There is a verbose mode (-v) which will print all the communications between the host and the target. During this mode, the progress bar is suppressed.

In SE LCS, the SE firmware requires that the ATOC signature (AppTocPackage.bin.sign) is sent as well. This is done by passing the option '-a' (Authenticate Image) to app-write-mram.py.

```
$ app-write-mram -a
```

#### Maintenance Mode Internals

When updating MRAM (using app-write-mram or updateSystemPackage) SES is placed into a forced Maintenance mode. This means all cores are stopped being achieved by resetting the device and then entering maintenance mode. This ensures no cores are operating when the MRAM update is performed.

Once the update is completed, the whole device is reset (this is done via an ISP command).

#### Maintenance Mode reporting

This tool will also report the Maintenance state of the Target system. See the section on the Maintenance tool for more details.

```
$ ./app-write-mram
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Burning: ./build/AppTocPackage.bin 0x8057c4e0
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
Maintenance Mode = Enabled
Authenticate Image: False
build\AppTocPackage.bin [##############]100%: 15136/15136 bytes
0.32 seconds
```

In the above, the maintenance mode is *Enabled*.

#### Erase option

Erase option will allow, via ISP, the contents of the Application MRAM to be erased. Erasing means that the MRAM location is written with zeros. The writing is verified. See a later description on how to add your own pattern.

#### Erasing all the application MRAM

```
$ app-write-mram -e app
```

```
$ ./app-write-mram -e app
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Erasing: erase 0x80000000 0x580000
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
[INFO] erase 0x80000000 5767168 (5,767,168)
```

Depending on the size of the Application MRAM this can take a few seconds to complete, do not panic, the tool will exit when the operation is completed, or an error is detected.

NOTE: The pattern written is always zero and cannot be changed.

# Alif Security Toolkit User Guide

#### Erasing a specific address of application MRAM

The user can specify a specific address and length to erase.

#### Erasing a specific address of application MRAM

The user can specify a specific address and length to erase.

```
$ ./app-write-mram -e "0x80000000 0x10"
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Erasing: erase 0x80000000 0x10
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
[INFO] erase 0x80000000 16 (16)
```

This will erase from the start of MRAM for 16 Bytes, it will be erased with zeros.

#### Erasing a specific address of application MRAM with a pattern

The user can specify a specific address and length to erase along with a pattern to be written.

```
$ ./app-write-mram -e "0x80000000 0x10 0xa5a5a5a5"
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Erasing: erase 0x80000000 0x10 0xa5a5a5a5
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
[INFO] erase 0x80000000 16 (16)
```

In this example, the pattern 0xa5a5a5a5 will be written to the <address> for <length> bytes.

#### Erasing a specific address of MRAM that is illegal.

If the user specifies a region of MRAM that is not allowed to be accessed

```
$ ./app-write-mram -e "0x80580000 0x10"
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Available MRAM: 5767168 bytes
[INFO] Erasing: erase 0x80580000 0x10
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
[INFO] erase 0x80580000 16 (16)
[ERROR] illegal address 0x80580010 (0x80580000 + 0x10)
```

In this example, an error is flagged that the address is illegal.

# Padding binaries (-p option)

The MRAM controller requires write operations with data size in multiple of 16 bytes.

The tools take care of this requirement by always producing images that satisfy this constraint.

In case the user specifies binaries to be placed in specific MRAM addresses (using the "mramAddress" attribute in the *app-gen-toc* configuration file), these binaries should also satisfy the MRAM controller requirement (i.e., the size should be multiple of 16 bytes). When running the *app-write-mram* tool, if a user binary does not satisfy this constraint, the tool will throw an error message and abort the process.

The user should invoke the tool using the –p (or --pad) option to force the tool to pad the binaries. Be aware that using this option, the user provided binary will be modified (padded) and no backup will be created.

#### No Reset option (-nr)

The Reset option causes the command to reset the target and put it in 'Maintenance mode', in which no CPU cores are running (the TOCs are not processed). This is useful in cases where it is not desirable to have them running while writing to MRAM. To overwrite this mode (default), use –nr option (no reset)

```
$ app-write-mram -nr
```

Note: By default, the reset is enabled, the override is '-nr'

# Images option (-i)

The -i option was implemented to provide a facility to download individual files at specific addresses. Note, this is not needed to download the *AppTocPackage.bin* file as the tool takes care of this.

Initially JTAG was used (via ARM-DS with ULink Pro) to burn images to MRAM. This uses semi-hosting to download the files. Since the MRAM burner runs from the app-release/bin directory, the **file should be specified relative to this path.** Subsequently, ISP support for MRAM burning was developed but still assume this filename approach for compatibility.

As an example, a binary file stored in app-release/build/images/m55\_blink.bin, should be specified with its relative path from the app-release/bin directory.

```
$ app-write-mram -i "../build/config/images/m55 blink.bin 0x80001000"
```

Note also that double quotes must be provided.

#### SKIP Images option (-S)

The -S option will write only the ATOC to MRAM. Any managed images to be written will be ignored.

#### SWITCH option (-s)

The -s option will toggle the dynamic baud rate change when performing bulk transfer operations. By default, dynamic baud rate change is ENABLED.



No reset option (-nr)

The -nr option will not reset the Target being doing the Application MRAM write.

## Alif Security Toolkit User Guide

## **ATOC Policy**

The HFRC is not very precise, and it is possible that on some boards it runs at a quite different frequency from its nominal 76.8MHz, this may result in seeing ISP errors (such as Checksum).

The policy was changed and starting with V83 – the policy when there is no ATOC is to assume that the external crystals HFXO and LFXO are present, and to switch the device to using them, including starting the PLL and switching to it.

## Part# and/or Part Revision mismatch warnings

The app-write-mram tool, when using ISP protocol, will probe the device to get the Part# and Revision. If these parameters are different than the one configured in the tools (via tools-config tool), a Warning message will be displayed:

## Using app-write-mram in SEROM Recovery mode

If for any reason, the device is in SEROM Recovery mode, the app-write-mram tool will not work as it requires an SES image to be running. The tool will probe the device, via ISP, to check if SEROM or SES is running. If the device is in Recovery mode, then it will warn the user about this condition and exit;

```
C:\Projects\QA\DEV\firmware\setools\app-release>python3 app-write-mram.py
Writing MRAM with parameters:
Device Part# E7 (AE722F80F55D5AS) - 5.5 MRAM / 13.5 SRAM - Rev: B3
- Available MRAM: 5767168 bytes
[INFO] Burning: ../build/AppTocPackage.bin 0x8057bf50
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM12 open Serial port success
[ERROR] The device is in RECOVERY MODE! Please use Recovery option in Maintenance Tool to recover the device!
C:\Projects\QA\DEV\firmware\setools\app-release>
```

The user must use the maintenance tool to recover the device.

## Alif Security Toolkit User Guide

## UpdateSystemPackage tool

Before running this utility, be sure the CPU board is powered on and the SEUART is connected to the PC. Open Windows Command prompt and change directory to the release directory. Call the script as the example shows.

#### \$ updateSystemPackage

```
Burning: System Package in MRAM
Selected Device:
Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B4
connecting to the target device...
[INFO] baud rate
[INFO] dynamic baud rate change Enabled
[INFO] COM7 open Serial port success
Bootloader stage: SERAM
[INFO] Detected Device:
 art# AE722F80F55D5LS
- MRAM Base Address: 0x80580000
Maintenance Mode = Enabled
Authenticate Image:
Verify Certificate
Signature File: alif\SP-AE722F80F55D5LS-rev-b4-dev.bin.sign
alif\SP-AE722F80F55D5LS-rev-b4-dev.bin[################]100%: 270368/270368 bytes
Verify Image
        5.82 seconds
Authenticate Image:
Verify Certificate
Signature File: alif\offset-58-rev-b4-dev.bin.sign
alif\offset-58-rev-b4-dev.bin [##############]100%: 16/16 bytes
Verify Image
        0.02 seconds
```

ALIF images are signed. SES will check that image is signed (based on the LCS state of the device) and only allow signed images.

The tool will Probe the target device to ensure it matches the device chosen through tools-config. In the above screen shot, we see:

```
Bootloader stage: SERAM
```

This shows that SERAM is running, the alternative is that SEROM is running and in this case, this is the wrong tool to be using.

```
Device Revision: B0
```

This shows the target device that is attached. The tool will exit if there is a mismatch.

## No Reset option (-nr)

The Reset option causes the command to reset the target and put it in 'Maintenance mode', in which no CPU cores are running (the TOCs are not processed). This is useful in cases where it is not desirable to have them running while writing to MRAM. To overwrite this mode (default), use –nr option (no reset)

## Alif Security Toolkit User Guide

\$ updateSystemPackage -nr

#### No Authentication (-na) option

If the device is in DM (Device Manufacturer) or SE (Secure Enable) lifecycle state, images written to the System partition of MRAM must be signed by Alif. The APP release package already contains signatures for the STOC images. The script updateSystemPackage.py runs by default in 'Authenticated Mode', i.e., it sends the image signatures to the device for verification. The option 'no-authentication' can be used to override that behavior and run in 'non authenticated mode' instead. This is allowed in CM LCS but not allowed in DM and SE LCSs.

\$ updateSystemPackage -na

## Setting the part as default

You may see the following:

```
Burning: System Package in MRAM
Selected Device:
Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2

Connecting to the target device...
[INFO] baud rate 55000
[INFO] dynamic baud rate change Enabled
[INFO] COM8 open Serial port success
Bootloader stage: SERAM
[INFO] Detected Device:
Part# AE722F80F55D5LS - Rev: B4
- MRAM Base Address: 0x80580000
Connected target is not the default Revision
Do you want to set this part as default? (y/n): |
```

This is informing you that the target device does not match the default device selected via the toolsconfig too.

Answering 'y'es will tell updateSystemPackage to select the correct package for the detected device.

Answering 'n'o will tell updateSystemPackage to select the correct package based on the default selection from tools-config.

## Alif Security Toolkit User Guide

#### Maintenance tool

Maintenance mode allows for the recovery of MRAM executable images and interaction with SES.

## Running the Tool

\$ maintenance (-h for help)

The command presents several options including maintenance mode.

Select an option number from the menu.

To exit the tool just press [ENTER] at the option selection.

## Command line options

```
$ maintenance -opt <option>
```

## Option

sesbanner Returns the SES Banner string.

This allows a command to be executed by the Maintenance tool without navigating the menu options.



maintenance.py -opt sesbanner [INFO] COM7 open Serial port success [INFO] baud rate 55000 SES B4 v1.101.0 Sep 27 2024 23:28:22

## Maintenance Menu Grouping

The maintenance menus are grouped into categories.

| Action                      |                   |                |      | Menu      | Gro | ups |       |     |
|-----------------------------|-------------------|----------------|------|-----------|-----|-----|-------|-----|
|                             | Device<br>Control | Device<br>Info | MRAM | Utilities | Set | ROM | SEROM | SES |
| Hard maintenance mode       | •                 |                |      |           |     |     |       | •   |
| Soft maintenance mode       | •                 |                |      |           |     |     |       | •   |
| Device Reset                | •                 |                |      |           |     |     |       | •   |
|                             |                   |                |      |           |     |     |       |     |
| Device enquiry              |                   | •              |      |           |     |     | •     | •   |
| Get revision info           |                   | •              |      |           |     |     | •     | •   |
| Get TOC info                |                   | •              |      |           |     |     |       | •   |
| Get SES banner              |                   | •              |      |           |     |     |       | •   |
| Get CPU boot info           |                   | •              |      |           |     |     |       | •   |
| Get OTP Data                |                   | •              |      |           |     |     | •     | •   |
| Get MRAM data               |                   | •              |      |           |     |     | •     | •   |
| Get log data                |                   | •              |      |           |     |     |       | •   |
| Get SEROM trace data        |                   | •              |      |           |     |     | •     | •   |
| Get SERAM trace data        |                   | •              |      |           |     |     |       | •   |
| Get Power data              |                   | •              |      |           |     |     |       | •   |
| Get Clock data              |                   | •              |      |           |     |     |       | •   |
|                             |                   |                |      |           |     |     |       |     |
| Get SERAM metrics           |                   |                |      | •         |     |     |       | •   |
| Terminal mode               |                   |                |      | •         |     |     | •     | •   |
| Get ECC Key                 |                   |                |      | •         |     |     |       | •   |
| Get Firewall configuration  |                   |                |      | •         |     |     |       | •   |
|                             |                   |                |      |           |     |     |       |     |
| Erase application MRAM      |                   |                | •    |           |     |     |       | •   |
| Fast erase application MRAM |                   |                | •    |           |     |     |       | •   |
| Fast erase application NTOC |                   |                | •    |           |     |     |       |     |
| Get MRAM info               |                   |                | •    |           |     |     |       | •   |
|                             |                   |                |      |           |     |     |       |     |
| Recovery                    | 1                 |                |      |           |     |     | •     |     |
| Enable LOGGING              | <u> </u>          |                |      |           | •   |     |       | •   |
| Disable LOGGING             |                   |                |      |           | •   |     |       | •   |
| Enable PRINTING             |                   |                |      |           | •   |     |       | •   |
| Disable PRINTING            |                   |                |      |           | •   |     |       | •   |

NOTE: Some ISP commands are common between SEROM and SES. When in Recovery mode the number of commands is limited. This is because the SEROM only supports a limited subset of features compared to ISP running from SES.

#### maintenance menu in SEROM Recovery mode

If for any reason, the device enters SEROM Recovery mode (i.e. no SERAM running), the maintenance tool will detect this stage, and it will adapt the menu options to only show those enabled for this case Device Control

Top level group menu

```
Select an option (Enter to exit): 1

Available options:

1 - Hard maintenance mode

2 - Soft maintenance mode

3 - Device reset

Select an option (Enter to return):
```

#### Hard maintenance Mode

Hard maintenance mode will wait until the user has pressed RESET on the target board.

Once [RESET] has been pressed the tool will drop back to the Available options menu. NOTE: This mode skips the TOC processing section of SES, if you use the get TOC info option it will return no data as no TOCs have been loaded. The DEVICE TOCs are processed however,



#### *Soft maintenance Mode*

Soft maintenance mode is like Hard maintenance mode, but no [RESET] button needs to be pressed on the target board.

#### Device Reset

Issues a Reset ISP command to the board.



## Device Information

Top level group menu

# Available options: 1 - Get TOC info 2 - Get SES Banner 3 - Get CPU boot info 4 - Device enquiry 5 - Get revision info 6 - Get OTP data 7 - Get MRAM data 8 - Get log data 9 - Get SEROM trace data 10 - Get SERAM trace data 11 - Get power data 12 - Get clock data



## Get Table of contents information

This will return the TOC contents in MRAM along with the boot status of the Application CPUs.



#### **Legend Reference**

Name Name of entry from JSON file.
CPU Which CPU is this TOC referencing.

Store Address MRAM location
Object address MRAM TOC address

Destination address Copy address for object (if relevant).

Boot Address Boot address Size Size of TOC entry

Version Version id from JSON file
Flags Directives for the TOC object

u Uncompressed imageC Compressed Image

L Image is loaded from MRAM

V Image is verified s Image is Skipped

B Image has been BootedE Image is Encrypted

D Image is Deferred, will be Loaded / Booted later.

When you are in hard maintenance mode, the TOC table contents will look very different. The main reason is that Hard Maintenance skips the TOC processing stage entirely except for some DEVICE CONFIG objects. No Application CPU cores are booted or loaded with images whilst in this mode.



```
Select an option (Enter to return): 2
SES AO v1.107.0 Jul 23 2025 19:24:52
```

This returns the version string for the SES image

**NOTE:** The Banner output is only 80 characters.

Get CPU boot information

This returns the status of the CPU cores.

## Alif Security Toolkit User Guide

#### **Device Enquiry**

Returns if connected to SEROM or SES. Any errors are reported otherwise 0x0 (Success) is returned.

#### **Device Enquiry - SES**

```
Select an option (Enter to return): 4
SERAM Error = 0x0 Extended Error = 0x0 Maintenance Mode = Disabled
Available options:
```

It will also tell you if you are in Maintenance mode, in above case it is DISABLED

```
Select an option (Enter to return): 4
SERAM Error = 0x0 Extended Error = 0x0 Maintenance Mode = Enabled
Available options:
```

In the above case it is ENABLED

## Device Enquiry - SEROM

When connected to SEROM:

```
Available options:

1 - Get TOC info
2 - Get SES Banner
3 - Get CPU boot info
4 - Device enquiry
5 - Get revision info
6 - Get OTP data
7 - Get MRAM data
8 - Get log data
9 - Get SEROM trace data
10 - Get SERAM trace data
11 - Get power data
12 - Get clock data
Select an option (Enter to return): 4
SEROM Error = 0x12 (SEROM_ATOC_HEADER_STRING_INVALID) Extended Error = 0x0 Maintenance Mode = <None>
```

NOTE: If you are connected to SEROM then this means your MRAM is not provisioned with an SES image. Maintenance mode is not applicable in this scenario.



## Get Revision Information

## **Device Information**

| Item         | Meaning                                       |
|--------------|-----------------------------------------------|
| Version      | SOC id register                               |
| ALIF_PN      | ALIF Part Number                              |
| НВКО         | SHA-128 of ALIF RoT Public key                |
| HBK1         | SHA-128 of Customer RoT Public key            |
| HBK_FW       |                                               |
| Wounding     | Shows DISABLED Wounding bits                  |
| DCU          | Debug Lock bits                               |
| MfgData      | ALIF Manufacturing data                       |
| SerialN      | ALIF Device Serial Number                     |
| LCS          | Life Cycle State CM, DM, SE, RMA              |
|              |                                               |
| SES Alt Load | Alternative External memory Load path for SES |
| SES Ext Conf | Details of the External memory device         |

## NOTE:

- SES Alt Load and Ext Conf will only appear if you are not using a BALLETTO or Fusion REV\_B4 device.
- SerialN will return all '0's. The unique serial number for a device is derived from other data within the OTP.

## Alif Security Toolkit User Guide

#### **EAGLE Revision A0**

Returns device specific information such as the SOC ID, Part# and Alternative External memory boot options.

In the example below, these settings are default, so the primary boot path is MRAM only.

```
Select an option (Enter to return): 5
Source
                    SERAM
                 = 0x02A0
                    AE822FA0E5597LS0
ALIF_PN
HBK0
                 = CD74AC7009072C3E27B8B8F73AF34EDE
HBK1
                     HBK_FW
                     Wounding
                    0x1
                Disable
                 = 0x0
                 = 0511010C0000020E000001260000000000014806A78A7A40000008800000068
MfgData
         ** Offset 0x154
+ Valid Data
                                                      (0x1)
                                     [30:30] = 0
[29:24] = 0
[23:16] = 20
[15:0] = 0
                                                      (0x0)
                 + BOR Abort
                 + Temp Sensor
                                                      (0x00)
                                                      (0x14)
                 + ADC24 Offset
                                                      (0x0000)
         ** Offset 0x158
                 + AON LDO
                                                      (0xA)
                 + RET LDO
                                                      (0x4)
                                     [27:24]
[23:20]
[19:16]
[15:12]
[11:11]
                                                      (0xA)
(0x7)
                 + PMU BG
                                             = 10
                 + PERIPH BG
                 + AON BG<4:1>
                                                      (0x7)
                                                      (0x1)
                 + AON BG<0>
                                     [15:11] = 15
[10: 8] = 0
[7: 0] = 106
                 + AON BG (full)
                                                      (0x0F)
                 + Reserved
                                                      (0x0)
                 + DCDC Pre-trim
                                                      (0x6A)
         ** Offset 0x15C
                                     [31:26] = 34
[25:16] = 0
[15:10] = 0
[ 9: 0] = 0
                 + HFRC 76.8MHz
                                                      (0x22)
                 + ADC120 Offset
                                                      (0x000
                 + LFRC 32.7kHz
                                                      (0x00)
                 + ADC121 Offset
                                                      (0x000)
         ** offset 0x160
                 + DCDC Post-trim [31:26] = 26
+ ADC122 Offset [25:16] = 0
+ DAC1 Offset [15: 8] = 0
+ DAC2 Offset [7: 0] = 0
                                                      (0x1A)
                                                      (0x000)
                                                      (0x00)
                                                      (0x00)
        + x-loc
          y-loc
         + Fab
                     UAS Global
         + Wafer ID 17
                    2025
14
         + Year#
         + Week#
         + Lot#
                     0x1 (DM)
SES Alt Load
                 = 00000000
        Loading options
                                : 0x0 MRAM Only
SES Ext Conf
```

#### Revision B4

Returns device specific information such as the SOC ID, Part number.



## Alif Security Toolkit User Guide

#### Analogue Trim decoding

If the device contains any Analogue Trimming information, this will be decoded

```
Select an option (Enter to return): 5
               = SERAM
Source
Version
               = 0xA001
               = AE1C1F4051920PH
ALIF_PN
нвк0
                  AF9771E6F171EE6DE39106BD812BABF0
HBK1
                  HBK_FW
               = 0x9
Wounding
              Disable
       DFT
       BLE
              Disable
DCU
                  04010001000001100000000000000000001680Bc00A883000400940000078
MfgData
       ** Offset 0x154
               + Valid Data
                                                 (0x1)
                                 [31:31] = 1
                                 [30:30] = 0

[29:24] = 0

[23:16] = 22
               + BOR Abort
                                                 (0x0)
                + Temp Sensor
                                                 (0x00)
               + ADC VREF
                                                 (0x16)
               + ADC24 Offset
                                 [15:0] = 0
                                                 (0x0000)
       ** offset 0x158
                                                 (0x8)
               + AON LDO
                                 [31:28] = 8
               + RET LDO
                                 [27:24]
                                                 (0x3)
                                 [23:20] = 10
               + PMU BG
                                                 (0xA)
               + PERIPH BG
                                 [19:16] = 8
                                                 (0x8)
               + AON BG<4:1>
                                 [15:12] = 0
                                                 (0x0)
                                 [11:11] = 0
[15:11] = 0
               + AON BG<0>
                                                 (0x0)
                + AON BG (full)
                                                 (0x00)
                                 [10: 8] = 0
                                                 (0x0)
               + Reserved
               + DCDC Pre-trim
                                 [7:0] = 188
                                                (0xBC)
       ** offset 0x15C
                                 [31:26] = 37
[25:16] = 0
               + HFRC 76.8MHz
                                                 (0x25)
               + ADC120 Offset
                                                 (0x000
               + LFRC 32.7kHz
                                 [15:10] = 1
                                                 (0x01)
               + ADC121 Offset
                                 [9:0]=0
                                                 (0x000)
       ** offset 0x160
               + DCDC Post-trim [31:26] = 30
                                                 (0x1E)
               + ADC122 Offset [25:16] = 0
+ DAC1 Offset [15: 8] = 0
                                                 (0x000)
                                                 (0x00)
               + DAC2 Offset
                                                 (0x00)
       + x-loc
       + y-loc
       + Fab
                   UAS Global
       + Wafer ID
                   2024
       + Year#
       + Week#
                   17
       + Lot#
                   0x1 (DM)
LCS
```

#### Get OTP data

Returns OTP data based on a provided OTP word offset

```
Select an option (Enter to return): 6
Enter word addr(hex): 0x70
0x0070 0x0
Available options:
```

In this example, we are reading the first word (0x70) of the OTP area that is available for customer use.



The customer OTP area is between word offsets **0x70 - 0x7F**. If an offset outside that area is specified, an error message is returned:

```
Select an option (Enter to return): 6
Enter word addr(hex): 0
RX<-- length= 4 command= COMMAND_NAK chksum= 0x10 error= ISP_ERROR_ILLEGAL_ADDRESS
[ERROR] 0x0000 ISP_ERROR_ILLEGAL_ADDRESS
Available options:
```

An error message is reported that you have supplied an ILLEGAL address offset.

Access to the customer OTP area depends on the device's LCS – DM or SE.

| OTP area         | DM LCS      | SE LCS      |
|------------------|-------------|-------------|
| 0x70 - 0x7F      | Allowed     | Not allowed |
| Any other offset | Not allowed | Not allowed |

#### Customer OTP Area description

There are 1024 bits assigned for Customer usable OTP.

| Offset | Purpose                                        | Notes                                            |
|--------|------------------------------------------------|--------------------------------------------------|
| 0x5F   | Customer Security Flags                        | Not implemented                                  |
| 0x60   | Customer AES Key for Octal SPI (AES Key Slot0) |                                                  |
| 0x64   | Customer AES Key for Octal SPI (AES Key Slot1) |                                                  |
| 0x68   | General Purpose AES 128 for OEM use            |                                                  |
| 0x6C   | General Purpose AES 128 for OEM use            |                                                  |
| 0x70   | General OTP                                    | OR Alt1 OEM RoT Public Key When Alt key flag set |
| 0x74   | General OTP                                    | OR Alt1 OEM RoT Public Key When Alt key flag set |
| 0x78   | OEM General OTP bits                           |                                                  |

#### Get MRAM data

Returns four words of MRAM data based on a provided MRAM word offset. The display shows the word offset entered followed by four words of data.

```
Select an option (Enter to return): 7
Enter hex word offset: 0
[0x0] 0x00000000 0x00000000 0x000000000
```

## Get log data

Returns the last SE-UART data sent:



| Name                       | CPU        | Store Addr            | Obj Addr      | Dest Addr     | Boot Addr      | Size         | Version      | Flags | Time (ms) |
|----------------------------|------------|-----------------------|---------------|---------------|----------------|--------------|--------------|-------|-----------|
| DEVICE                     | CMØ+       | 0x805C1EE0            | 0x805C14E0    | <br>          |                | 672          | 0.5.0        | u V   | 0.00      |
| SERAM0                     | CM0+       |                       | 0x000000E0    |               |                | 89024        | 1.0.0        |       | 0.00      |
| SERAM1                     | CM0+       |                       | 0x00020AE0    |               |                | 89024        | 1.0.0        |       | 0.00      |
| HE DBG                     | M55-HE     | 0x805C2B80            | 0x805C2180    | 0x60000000    | 0x60000000     | 2256         | 1.0.0        | uLVB  | 0.00      |
| egend: (u)                 | (C)ompress | sed,(L)oaded,(        | (V)erified,(s | )kipped verif | ication,(B)oot | ted,(E)ncryp | ted,(D)eferr |       |           |
| SES] os Ker<br>SES] Main 1 |            | 1.2<br>oping forever. |               |               |                |              |              |       |           |



## Get trace data

Trace data are Markers left in SES memory space as SEROM and SES are executed. There are separate buffers used for SEROM and SES.

NOTE: If you are in RECOVERY Mode (SEROM only mode) you can only see the SEROM Trace data.

## **SEROM Trace Data**

|          | 4] 0xeeeeee | ee (Er | nd Marker |                                                                                              |             |           |          |                   |
|----------|-------------|--------|-----------|----------------------------------------------------------------------------------------------|-------------|-----------|----------|-------------------|
| dress    | Raw Item    |        |           | Trace Marker                                                                                 | Marker Data | CPII Freq | Diff(µs) | Time elapsed (µs) |
|          |             |        |           |                                                                                              |             |           |          |                   |
|          | 0x026F0105  |        | 0x026F    | Begin Reset_Handler                                                                          | Data:0x01   | 76.8 MHz  |          |                   |
|          | 0x027B3E0A  |        | 0x027B    | Turn On SE System POWER Register<br>SE Firewall configuration<br>HOST Firewall configuration | 0x0000003F  | 76.8 MHz  |          |                   |
|          | 0x3029020D  |        | 0x3029    | SE Firewall configuration                                                                    | Data:0x02   | 76.8 MHz  |          |                   |
|          | 0x30370311  |        | 0x3037    | HOST Firewall configuration                                                                  | Data:0x03   | 76.8 MHZ  |          |                   |
|          | 0x4F350415  |        | 0x4F35    | Firewall controller ready                                                                    | Data:0x04   | 76.8 MHZ  |          |                   |
|          | 0x028D0519  |        | 0x028D    | Firewalls initialized                                                                        | Data:UXU3   | 76.8 MHZ  |          |                   |
|          | 0x0F71311E  |        | 0x0F71    | SOC reset was triggered                                                                      | 0x0000001   | 76.8 MHz  |          |                   |
|          | 0x0F7D3122  |        | 0x0F7D    | SOC reset was triggered                                                                      | 0x00000000  | 76.8 MHZ  |          |                   |
|          | 0x0FA58526  |        | 0x0FA5    | Configure EWIC Enable                                                                        | 0x0047FFC0  | 76.8 MHz  |          |                   |
|          | 0x0FB3862A  |        | 0x0FB3    | Read EWIC Status                                                                             | 0x00000000  | 76.8 MHz  |          |                   |
|          | 0x50AD0F2D  |        | 0x50AD    | Begin Main                                                                                   | Data:0x0F   | 76.8 MHz  |          |                   |
|          | 0x54DB8732  |        | 0x54DB    | Read SOC_ID                                                                                  | 0x0000B300  | 76.8 MHz  |          |                   |
|          | 0x54ED8836  |        | 0x54ED    | Override SOC_ID                                                                              | 0x0000B400  | 76.8 MHz  |          |                   |
|          | 0x2EBD0639  |        | 0x2EBD    | Begin CC312 initializations                                                                  | Data:0x06   | 76.8 MHz  |          |                   |
| 0000054] | 0x2EF1073D  | 15     | 0x2EF1    | $LCS = 0 \rightarrow CM$                                                                     | Data:0x07   | 76.8 MHz  |          |                   |
| 0000058] | 0x0AB71041  | 16     | 0x0AB7    | Find STOC in MRAM                                                                            | Data:0x10   | 76.8 MHz  |          |                   |
| 000005c] | 0x0C7D2745  | 17     | 0x0C7D    | Bank A is newer                                                                              | Data:0x27   | 76.8 MHz  |          |                   |
| 0000060] | 0x50679049  | 18     | 0x5067    | BANK A is VALID                                                                              | Data:0x90   | 76.8 MHz  |          |                   |
| 0000064] | 0x5067934D  | 19     | 0x5067    | BANK B is FIRST BOOT                                                                         | Data:0x93   | 76.8 MHz  |          |                   |
| 0000068] | 0x11519651  | 20     | 0x1151    | BOOT BANK A                                                                                  | Data:0x96   | 76.8 MHz  |          |                   |
| 000006c] | 0x12B71155  | 21     | 0x12B7    | Locate certificate chain                                                                     | Data:0x11   | 76.8 MHz  |          |                   |
| 0000070] | 0x2DEF895A  | 22     | 0x2DEF    | Certificate Active Software Version                                                          | 0x10000000  | 76.8 MHz  |          |                   |
| 00000781 | 0x2E59895E  | 23     | 0x2E59    | Certificate Active Software Version                                                          | 0x20000000  | 76.8 MHz  |          |                   |
| 00000801 | 0x2E798962  | 24     | 0x2E79    | Certificate Active Software Version                                                          | 0xC0000000  | 76.8 MHz  |          |                   |
|          | 0x132F1465  |        | 0x132F    | Verify certificate chain                                                                     | Data:0x14   | 76.8 MHZ  |          |                   |
|          | 0x11FD196A  |        | 0x11FD    | Begin certificate chain verification                                                         | 0x00000003  | 76.8 MHZ  |          |                   |
|          | 0x12111A6E  |        | 0x1211    | Verify each certificate                                                                      | 0x905800C0  | 76.8 MHZ  |          |                   |
|          | 0x12111A72  |        | 0x1211    | Verify each certificate                                                                      | 0x90580408  | 76.8 MHZ  |          |                   |
|          | 0x12111A76  |        | 0x1211    | Verify each certificate                                                                      | 0x90580750  | 76.8 MHZ  |          |                   |
|          | 0x127D1B79  |        | 0x127D    | End certificate chain verification                                                           | Data:0x1B   | 76.8 MHZ  |          |                   |
|          | 0x118F987D  |        | 0x118F    | BANK A BOOTED                                                                                | Data:0x98   | 76.8 MHZ  |          |                   |
|          | 0x4F193282  |        | 0x4F19    | Load MSP Address                                                                             | 0x3003FE00  | 76.8 MHZ  |          |                   |
|          | 0x4FFB3386  |        | 0x4FFB    | Load JUMP Address                                                                            | 0x30009p85  | 76.8 MHZ  |          |                   |
|          | 0x0F491C89  |        | 0x0F49    | Jump to SERAM                                                                                | Data:0x1C   | 76.8 MHZ  |          |                   |



## SERAM Trace Data

| ** SERAM<br>** Trace<br>0x0000018 | option (Enter<br>Trace Buffer<br>Header ***<br>Sc] Raw trace | r dec | ode ***   |                                      |                 |          |           |                   |
|-----------------------------------|--------------------------------------------------------------|-------|-----------|--------------------------------------|-----------------|----------|-----------|-------------------|
|                                   | er detected<br>001 Oxeeeeee                                  | ee (E | nd Marker | )                                    |                 |          |           |                   |
|                                   | Raw Item                                                     |       |           | Trace Marker                         | Marker Data     | CPU Freq | Diff(µs)  | Time elapsed (µs) |
|                                   |                                                              |       |           |                                      |                 |          |           |                   |
|                                   | 0x9DB18E07                                                   |       |           | SERAM reset handler                  | T:580           | 76.8 MHz |           | 7.55              |
|                                   | 0x3441050B                                                   |       | 0x3441    | Firewalls initialized                | T:19939         | 76.8 MHz | 252.07    | 259.62            |
|                                   | 0x99AF4F0F                                                   |       | 0x99AF    | main() start                         | T:32267         | 76.8 MHz | 160.52    | 420.14            |
|                                   | 0x5EED8512                                                   |       | 0x5EED    | Configure EWIC Enable                | 0x007FFFC1      | 76.8 MHz |           |                   |
|                                   | 0x5EFD8616                                                   |       | 0x5EFD    | Read EWIC Status                     | 0x00000000      | 76.8 MHz |           |                   |
|                                   | 0x95535A1B                                                   |       | 0x9553    | Cold boot                            | T:79703         | 76.8 MHZ | 617.66    | 1037.80           |
| 00000030]                         | 0xEEA76E1F                                                   |       | 0xEEA7    | Begin installing analog trim values  | T:123634        | 76.8 MHZ | 572.02    | 1609.82           |
| 00000038]                         | 0xEEB56F23                                                   |       | 0xEEB5    | Finish installing analog trim values | T:124883        | 76.8 MHZ | 16.26     | 1626.08           |
| 00000040]                         | 0xEEBF7F26                                                   |       | 0xeebf    | No trim values specified             | 0x00000000      | 76.8 MHZ |           |                   |
| 00000048]                         | 0x9953472B                                                   | 10    | 0x9953    | CC Lib END                           | T:269633        | 76.8 MHZ | 1884.77   | 3510.85           |
| 00000050]                         | 0x95B1662F                                                   | 11    | 0x95B1    | Finish DCU configuration             | T:271386        | 76.8 MHZ | 22.83     | 3533.67           |
| 00000058]                         | 0x41554433                                                   | 12    | 0x4155    | Maintenance Detection BEGIN          | T:272822        | 76.8 MHZ | 18.70     | 3552.37           |
| 00000060]                         | 0x419B4537                                                   | 13    | 0x419B    | Maintenance Detection END            | T:274214        | 76.8 MHZ | 18.12     | 3570.49           |
| 00000068]                         | 0xF0A1873A                                                   | 14    | 0xF0A1    | Read SOC_ID                          | 0x0000B300      | 76.8 MHZ |           |                   |
| 000000701                         | 0xF0B3883E                                                   | 15    | 0xF0B3    | Override SOC_ID                      | 0x0000B400      | 76.8 MHZ |           |                   |
| 000000781                         | 0x95034E42                                                   | 16    | 0x9503    | STOC Part#                           | 0x32374541 AE72 | 76.8 MHZ |           |                   |
| 000000801                         | 0x0C6D8146                                                   | 17    | 0x0C6D    | SERAM boot error                     | 0x00000020      | 76.8 MHZ |           |                   |
| 000000881                         | 0x0C73814B                                                   | 18    | 0x0C73    | SERAM boot error                     | T:466073        | 76.8 MHZ | 2498.16   | 6068.66           |
| 000000901                         | 0x96774C4F                                                   | 19    | 0x9677    | STOC DEVICE BEGIN                    | T:1309459       | 76.8 MHZ | 10981.59  | 17050.25          |
| 000000981                         | 0x968B4D53                                                   | 20    | 0x968B    | STOC DEVICE END                      | T:2812983       | 76.8 MHZ | 19577.14  | 36627.38          |
| 0000000001                        | 0x9D154257                                                   | 21    | 0x9D15    | PLL BEGIN                            | T:2818645       | 76.8 MHZ | 73.72     | 36701.11          |
|                                   | 0x9D43435B                                                   |       | 0x9D43    | PLL END                              | T:2940777       | 76.8 MHZ | 1590.26   | 38291.37          |
|                                   | 0x96E9555F                                                   |       | 0x96E9    | BANK Maintenance BEGIN               | T:3529616       | 100 MHZ  | 5888.39   | 44179.76          |
|                                   | 0x96F35663                                                   |       | 0x96F3    | BANK Maintenance END                 | T:4258563       | 100 MHZ  | 7289.47   | 51469.23          |
|                                   | 0x973D5067                                                   |       | 0x973D    | STOC Process BEGIN                   | T:4259765       | 100 MHZ  | 12.02     | 51481.25          |
|                                   | 0x9749526B                                                   |       | 0x9749    | TOC Process END                      | T:4266483       | 100 MHZ  | 67.18     | 51548.43          |
|                                   | 0x2123776F                                                   |       | 0x2123    | M55_HE released                      | T:4563003       | 100 MHz  | 2965.20   | 54513.63          |
|                                   | 0x97DB5373                                                   |       | 0x97DB    | TOC Print BEGIN                      | T:5265934       | 100 MHz  | 7029.31   | 61542.94          |
|                                   | 0x97FF5477                                                   |       | 0x97FF    | TOC Print END                        | T:22260913      | 100 MHz  | 169949.79 | 231492.73         |
|                                   | 0x982B807B                                                   |       | 0x982B    | SERAM boot complete                  | T:22833988      | 100 MHz  | 5730.75   | 237223.48         |



#### Get Power data

This option returns the Power state of the SoC:

```
Select an option (Enter to return): 11
 es0_ppu_status
                       0x00000008
                                        ON
 es1_ppu_status
                       0x00000008
                                        ON
 se_ppu_status
  fw_ppu_status
                                        FUNC_RET
 systop_ppu_status
                      0x00000008
                                        ON
 dbgtop_ppu_status
                      0x00000008
                                        ON
 a32_0_ppu_status
a32_1_ppu_status
                       0x00000000
 modem_ppu_status
                       0x00000000
                       0x00000000
                       0x00000001
                                        ON
 sse700_aon_status
```

**NOTE**: If you are in Hard Maintenance mode these values will not be accurate as the state changes in this mode.

## Get Clock data

This option returns the Clock and PLL state of the SoC:

## Alif Security Toolkit User Guide

#### MRAM

Top level menu group

```
Select an option (Enter to exit): 3

Available options:

1 - Erase Application Mram

2 - Fast Erase Application Mram

3 - Fast Erase Appl. Mram (include NTOC)

4 - Get MRAM info

Select an option (Enter to return):
```

NOTE: If you are in Recovery (ROM) mode, these commands will not operate as SEROM does not support these MRAM erase commands.

## **Erase Application MRAM**

|          |        |            |            |            | Boot Addr  |       |         |      |       |
|----------|--------|------------|------------|------------|------------|-------|---------|------|-------|
| DEVICE   |        |            | 0x8057C190 |            |            | 296   | 0.5.0   |      | 15.44 |
| DEVICE   | CM0+   | 0x805c1ec0 | 0x805C14C0 |            |            | 340   | 1.0.0   | u V  | 15.74 |
| * SERAMO | CM0+   |            | 0x000000C0 |            |            | 83408 | 1.101.0 |      | 0.00  |
| SERAM1   | CM0+   |            | 0x00020AC0 |            |            | 83408 | 1.101.0 |      | 0.00  |
| BLINK-HE | M55-HE | 0x8057d6c0 | 0x8057CCC0 | 0x58000000 | 0x58000000 | 10440 | 1.0.0   | uLVB | 16.92 |

This option will erase the Application MRAM. It is the equivalent of using the '-e app' option of appwrite-mram.

In this example, we see that we have one Application (BLINK-HE) running from Application MRAM.

We will now erase this. Choose the Erase Application MRAM. This will instruct SES to erase the Application MRAM. The size of the MRAM to erase is known as you selected the device type using the tools-config.

```
Available options:

1 - Erase Application Mram

2 - Fast Erase Application Mram

3 - Get MRAM info

Select an option (Enter to return): 1
[INFO] erasing 0x80000000 5,767,168 bytes
[INFO] Full Erase done

Available options:

1 - Erase Application Mram

2 - Fast Erase Application Mram

3 - Get MRAM info

Select an option (Enter to return):
```

If we inspect the TOC information, we can see that the BLINK-HE application has been removed from MRAM.



## Fast Erase Application MRAM

This option will invalidate the Application TOC without erasing the Application MRAM. While the effect will be the same as the Erase Application MRAM option, this option does not *clear* the Application MRAM area.

## Fast Erase Application MRAM (including NTOC)

This option will invalidate the Application TOC and erase the first 16 bytes of Application MRAM.

NTOC is the method by which the M55\_HE boots from the start of MRAM (address 0x80000000)

This option is needed when the user wants to invalidate a binary previously burnt in MRAM address 0x80000000, otherwise the ATOC has been erased but SES will still find a valid NTOC and boot it.

#### Get MRAM info (MRAM Walker)

This walks the entire MRAM memory looking for Table of Contents objects:

```
Available options:
   Erase Application Mram
   Fast Erase Application Mram
 - Get MRAM info
Select an option (Enter to return): 3
ATOC 0x8057ffc0
                       OEMTOC01
       + header
       + header_size
       + # toc entries 1
       + entry_size
       + version
                       0x1
STOC 0x80580000
       + header
                       ALIFTOC1
       + header_size
                       48
       + # toc entries 4
       + entry_size
                       0x1
       + version
ATOC
      0x8058eca0
     0x805af6a0
```

In this example, two System TOC objects were found in MRAM.



Top level menu group

```
Available options:

1 - Terminal mode

2 - Get SERAM metrics

3 - Get ECC key

4 - Get Firewall configuration

5 - Alt Boot OTP

Select an option (Enter to return):
```

**NOTE**: Devices that can support Alternative Boot path from external memory will show Option#5.

## Alif Security Toolkit User Guide

#### Terminal Mode

This option echoes the SE-UART output.

```
Select an option (Enter to return): 1
[TERMINAL] Ctrl-C to exit
SEROM v1.96.0 0x0000B400
SES B4 v1.103.0 Dec 12 2024 20:07:29
      No ATOC
STOC DEVICE ok
No LF XTAL
      SERAM bank 0x0 is valid and booted
      MS5-HE booted from address 0x58000000
LCS=1
FC:Rgn
    7:0 8:0 9:0 13:0 13:1 13:2
    Name
                      | Store Addr | Obj Addr
                                                   | Dest Addr
                                                                   Boot Addr
                                                                                                             Flags | Time (ms)|
                                                                                                  1.0.0 u V
1.103.0 ---
    DEVICE
                       0x805C1EC0 | 0x805C14C0
                                                                                                                          15.83
                                                                                      86196
                                                                                                                          0.00
                       ----- | 0x00020AC0
                                                                                      86196
                                                                                                  1.103.0
              CMO+
                                                                                                                          0.00
 egend: (u)(C)ompressed,(L)oaded,(V)erified,(s)kipped verification,(B)ooted,(E)ncrypted,(D)eferred
[SES] SE frequency is 102.99 MHz
```

In this example, [RESET] was pressed on the board, and we see the complete boot up information echoed.

To exit this mode press CTRL-C and it will drop back to the maintenance menu.

#### SES Metrics

Returns (for now) stack information details used by SES as well as the uptime since SES booted. The uptime format is Days:Hours:Minutes:Seconds

#### *Get address/Set address*

These diagnostic commands are not supported.

## Get ECC key

This option returns the public ECC key of the device. If the ECC key is not provisioned yet, all 0's is returned.



```
Available options:

1 - Terminal mode
2 - Get SERAM metrics
3 - Get ECC key
4 - Get Firewall configuration

Select an option (Enter to return): 3

ECC key (HEX): 26E6434B17CE4227585BE3068A05322196005A5349E2D1A7A9D9AE8185DDE76DC5C20DB614A64227AB218D514E76F248EEFD4B46C4AF87602C123A0BFF56E5AF
```

## Get Firewall configuration

This option returns the current Firewall configuration status, i.e., what regions have been configured in which Firewall Components (FC: x').

```
FC: 3 region: 2
FC: 3 region: 3
FC: 3 region: 4
FC: 3 region: 5
FC: 3 region: 6
FC: 3 region: 7
FC: 3 region: 8
FC: 3 region: 9
FC: 3 region: 10
FC: 3 region: 11
FC: 3 region: 12
FC: 3 region: 13
FC: 3 region: 14
FC: 3 region: 15
FC: 3 region: 15
FC: 3 region: 16
FC: 3 region: 17
FC: 3 region: 17
FC: 3 region: 19
FC: 3 region: 19
FC: 3 region: 20
FC: 3 region: 25
FC: 3 region: 26
FC: 3 region: 28
FC: 3 region: 28
FC: 3 region: 28
FC: 3 region: 29
FC: 3 region: 29
FC: 3 region: 30
FC: 4 region: 0
FC: 4 region: 0
FC: 5 region: 1
```



Alternate Boot OTP

This option programs the OTP bits required to support Alternative boot path from External memory.

When executed, it generates OTP information based on configuration from *build/config/otp-altboot.json* file and sends it to write the corresponding OTP area.

There are some confirmations to complete this command as you are writing to OTP, and this is a one-way operation; you *cannot undo these changes*.

Once the command is executed, you can retrieve revision information from the device.

```
Select an option (Enter to return): 5
               SERAM
Source
Version
               0x02A0
ALIF_PN
               0x0
            HBK0
               HBK1
HBK_FW
            Wounding
MfgData
               0x0 (CM)
SES Alt Load
            = 00000100
                        : 0x1 MRAM then Ext Memory
                       : 0x0 OSPI Flash 8bit in XIP Mode
      Ext Memory type
SES Ext Conf = 000B0B0B0105E22B8ADF2B0E000000
      rx_sample_delay
      xip_incr_inst
      xip_wrap_inst
                        : 0xB
      aes_rxds_delay
                       : 0xB
      ddr_drive_edge
                        : 0x1
                        : 0x5
      pinmux_sel
      bus_speed_sel
                        : 0x0
      fast_read_wait_cycles: 0x8
      flash_size
                       : 0x0
                                 32 MB
      valid
                        : 0x1
      reset_port
      reset_pin
                        : 0x5
      spi_mode
                        : 0x0
      io_mode
                        : 0x2
      ddr_en
                        : 0x0
      xip_ddr_en
inst_ddr_en
                        : 0x1
                        : 0x0
      xip_inst_ddr_en
                        : 0x0
      rxds_en
                        : 0x0
      rxds_v1_en
                        : 0xF
      xip_dfs
                        : 0xF
      xip_rxds_en
                        : 0x1
      xip_instr_len
xip_addr_len
xip_spi_mode
                        : 0x2
                        : 0x8
                        : 0x3
      xip_hyperbus_en
                        : 0x0
      tx_wait_count
                         0x0
```

Here there are more fields printed showing the values set for the external memory.

## Setting capabilities

Top level menu group

```
Available options:

1 - Enable LOGGING
2 - Disable LOGGING
3 - Enable PRINTING
4 - Disable PRINTING
```

#### Enable / Disable LOGGING

Controls whether the SES messages are added to the log buffer. The log buffer can be read using the 'Device Information' option.

#### Enable / Disable PRINTING

Toggle PRINTING – controls whether the SERAM messages are printed directly to the SE UART or put in a buffer from where they are periodically printed out.

## Alif Security Toolkit User Guide

#### **ROM**

Devices support a limited subset of ISP commands built into the ROM.

If the NVM contains no viable SES image to load, SEROM will enter an ISP mode to allow recovery.

Recovery mode will take an SES image and write it to the NVM using a specific ISP protocol supported by SEROM, it is not the same as used for wiring the Application MRAM.

#### Top level menu group

```
Available options:

1 - Recovery
2 - Recovery (No Reset)

Select an option (Enter to return):

Available options:

1 - Device Control
2 - Device Information
3 - MRAM
4 - Utilities
5 - Setting capabilities
6 - ROM

Select an option (Enter to exit):
```

#### Recovery Session

```
Available options:
1 - Recovery
2 - Recovery (No Reset)
Select an option (Enter to return): 1
Bootloader stage: SEROM
Bring Up mode - Blank part detected!
Detected Part#: AE722F80F55D5LS
Detected Revision: B4
Device is not provisioned!
[INFO] System TOC Recovery with parameters:
 Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B4
 MRAM Base Address: 0x80580000
alif\SP-AE722F80F55D5LS-rev-b4-dev.bin[################]100%: 270368/270368 bytes
[INFO] recovery time 110.68 seconds
alif\offset-58-rev-b4-dev.bin [################]100%: 16/16 bytes
                          0.00 seconds
[INFO] recovery time
[INFO] Target reset
```

The device is in recovery mode and has loaded the SES image via SEROM into MRAM.



Recovery Session – No Reset

By default, after the recovery operation is performed then the tool will send a request to perform a RESET of the platform.

There is also an option to NOT perform this reset after recovery. This can be useful for observing potential failures that would be masked by the actual reset operation.

An example of this would be a device failing with say a CC312 error code (0x0B000006 - illegal KCEICV) because of the automatic reset, and the user resetting the board one more time after that, both SERAM banks are being marked as invalid, so the reported error code is 0x26 in the recovery screen, which hides the actual issue.



#### Target not in recovery mode

```
Available options:

1 - Device Control
2 - Device Information
3 - MRAM
4 - Utilities
5 - Setting capabilities
6 - ROM

Select an option (Enter to exit): 6

Available options:

1 - Recovery
2 - Recovery (No Reset)

Select an option (Enter to return): 1

Bootloader stage: SERAM
[ERROR] Device not in Recovery mode, use updateSystemPackage Tool
```

This message is shown if the target device is not in recovery mode probably because it is running SES already.

#### Target device mismatch

```
'Available options:
 1 - Device Control
 2 - Device Information
 3 - MRAM
 4 - Utilities
 5 - Setting capabilities
Select an option (Enter to exit): 6
Available options:
1 - Recovery
 2 - Recovery (No Reset)
Select an option (Enter to return): 1
Bootloader stage: SEROM
Detected Part#: AE722F80F55D5LS
Detected Revision: B4
Connected target is not the default Part#
Connected target is not the default Revision
Do you want to set this part as default? (y/n):
```

This message shows that the target Device is different from the one selected by tools-config for this session.

#### Recovery UART Speed

When in RECOVERY mode the device is running ISP from the ROM which runs at RC frequency, so you will notice it is slower than when SES is performing MRAM updates.

- There is no PLL support inside the ROM code so the baud rate cannot be increased like it is when SES is doing updates (Using app-mram-write, updateSystemPackage).
- ISP protocol used in the ROM is MRAM line based i.e. 128bits at a time with no buffering.

## Alif Security Toolkit User Guide

## app-assets-gen

The app-assets-gen tool generates the "assets package" required to provision the device with the app-provision tool (see next section).

This file is loaded by the app-provision tool and contains assets and options for the provisioning. Provisioning means keys and other values to be programmed (OTP) into the device.

The options can be configured with a JSON file. Default configuration file is build\config\assets-app-cfg.json

## Options description:

## • ENCRYPTED\_ASSETS:

- o Defines if the assets are encrypted or not. Unencrypted assets should only be used in trusted environments.
- o NOTE: Encrypted assets are not supported yet.

## TEST\_MODE:

- o This option DOES NOT burn the OTP area, so the program can run multiple times without advancing the LCS to SE.
- o This is provided to test the process without affecting the device.

Once the desired configuration is done, the assets package can be generated using the tool:

```
$ app-assets-gen (-h for help)
```

## Alif Security Toolkit User Guide

```
C:\SETOOLS>app-assets-gen.exe
Generating APP assets with:
- Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Configuration file: build/config/assets-app-cfg.json
- Output file: build/assets-app-cfg.bin

Creating Assets Package...
Checking Assets Package...
Package integrity Ok!
AssetID: APPASSET
Asset Version: 1

Provisioning Options:
ENCRYPTED_ASSETS OFF
TEST_MODE ON

Done!
```

The command generates the assets package and checks the generated binary to extract the Options selected (it reads back the options from the binary, not from the json file).

Also, using the –c flag, the tool will skip the assets package generation, and it just checks the options used to generate it.

```
$ app-assets-gen -c
```

```
C:\SETOOLS>app-assets-gen.exe -c
Generating APP assets with:
- Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
- Output file: build/assets-app-cfg.bin

Checking Assets Package...
Package integrity Ok!
AssetID: APPASSET
Asset Version: 1

Provisioning Options:
ENCRYPTED_ASSETS OFF
TEST_MODE ON

Done!
```

Using the –f option, we can specify an input file (.json format if assets package is being generated, or .bin file if only checking the options used to generate the binary).

#### **Example:**

```
$ app-assets-gen -f build\config\assets-cfg.json
$ app-assets-gen -c -f build\assets-cfg.bin
```

The output file is always created in the build\ folder and the name will be the same as the configuration file.

## Alif Security Toolkit User Guide

app-provision

The app-provision tool will inject user assets (keys and secrets) into the device and move the device from DM (Device Manufacturing) to SE (Secure Enable) LCS (Life-Cycle State).

The SE LCS is used for devices from the manufacturing line and "in the field". It permits the execution of security functions but blocks all debugging and testing capabilities.

Using Secure Boot is mandatory in this SE LCS.

\$ app-provision (-h for help)

```
C:\SETOOLS>app-provision.exe

APP Provision with parameters:

Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2

Assets file: build/assets-app-cfg.bin

[INFO] COM12 open Serial port success
[INFO] Running APP Provisioning code...

←[94m APP Provision ran in TEST MODE!

←[0m
[INFO] Done
```

The default assets file is build\assets-app-cfg.bin. Use the -a option to specify other assets file.

To perform a real provision, configure TEST\_MODE OFF in the assets configuration file, and re-build the assets using the app-assets-gen tool;

```
C:\SETOOLS>app-assets-gen.exe
Generating APP assets with:
 Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
 Configuration file: build/config/assets-app-cfg.json
 Output file: build/assets-app-cfg.bin
Creating Assets Package...
Checking Assets Package...
Package integrity Ok!
AssetID: APPASSET
Asset Version: 1
Provisioning Options:
ENCRYPTED ASSETS
                        OFF
TEST_MODE
                        OFF
Done!
```

Running the app-provision tool with this new assets' binary, it will provision the device;

## Alif Security Toolkit User Guide

```
C:\SETOOLS>app-provision.exe

APP Provision with parameters:

Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2

Assets file: build/assets-app-cfg.bin

[INFO] COM12 open Serial port success

[INFO] Running APP Provisioning code...

←[94m APP Provision Return Code: 0x0

←[0m

[INFO] Done
```

Once this script finishes, the device will advance from DM to SE (Secure Enable) LCS, after reset.

```
Select an option (Enter to return): 1

[TERMINAL] Ctrl-C to exit

|

SEROM v0.47.68 0x00008200

[SES] Cold boot path
*** Host Firewall configured

[SES] MRAM error bypass is Enabled

SES B0 EVALUATION_BOARD v1.0.87 Dec 8 2023 23:59:45

[SES] Device ID = 0x000008200

[SES] LCC=5

[SES] LCC=5

[SES] System partition address 0x80580000

[DEV] Wounding Data: 0x00C0FFFB

[SES] System device configuration processed (0x00000000) BL_STATUS_OK

[SES] Application device configuration processed (0x00000000) BL_ERROR_APP_INVALID_TOC_ADDRESS

[SES] System partition processed (0x00000000) BL_ERROR_APP_INVALID_TOC_ADDRESS

[SES] Application partition processed (0x00000000) BL_ERROR_APP_INVALID_TOC_ADDRESS
```

## app-secure-debug (--rma)

A device in SE LCS (Secure State) blocks all debugging and testing capabilities. The Secure Debug tool gives the user a mechanism to:

- Open debugger access to the APP cores and the related debugging infrastructure, in a device in SE LCS.
- Initiate the process of transitioning a device to RMA LCS (end of product cycle), before sending the device to Alif for failure analysis or further inspection.

Both operations are done by generating a secure debug certificate and sending it to the device via ISP. The secure debug certificate is signed using the same keys as the ones used when generating the ATOC, i.e. for secure booting. The certificates are session-specific and become invalid after the device is reset.

To open debugger access to the APP cores, run:

```
$ app-secure-debug (-h for help)
```



```
C:\Projects\QA\DEV\app-release>python3 app-secure-debug.py
Secure Debug with parameters:
Device Part# E7 (AE722F80F55D5LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
[INFO] COM12 open Serial port success
[INFO] Alif secure debug
Creating Signature...
Binary File: ../build/alif_secure_debug.bin
2024-03-04 11:43:55,787 - Content Certificate Generation Utility started (Logging to ../build/logs/SBContent.log)
Content Certificate File: build/alif_secure_debug.bin.crt
Signature File: build/alif_secure_debug.bin.sign
Verify Certificate
Signature File: build/alif_secure_debug.bin.sign
C:\Projects\QA\DEV\app-release>
```

After this command, a debugger can connect to the application cores and do a debug session.

To initiate the transition to RMA LCS, run:

```
$ app-secure-debug --rma
```

```
C:\Projects\QA\DEV\app-release>python3 app-secure-debug.py --rma
Secure Debug with parameters:
Device Part# E7 (AE722F880F5505LS) - 5.5 MRAM / 13.5 SRAM - Rev: B2
[INFO] CM12 open Serial port success
[INFO] Alif secure debug
Creating Signature...
Binary File: ../build/alif_secure_debug.bin
2024-03-04 11:48:57,040 - Content Certificate Generation Utility started (Logging to ../build/logs/SBContent.log)
Content Certificate File: build/alif_secure_debug.bin.crt
Signature File: build/alif_secure_debug.bin.sign
Verify Certificate
Signature File: build/alif_secure_debug.bin.sign
C:\Projects\QA\DEV\app-release>
```

After this command, the device is still in its current LCS (SE or DM) but the RMA transition is initiated. The device can then be sent to Alif, where the transition to RMA LCS will be completed.



## Tool Exit codes

The tools will return the following runtime execution Error codes.

- 0 Indicates success.
- 1 Indicates failure.

### **NACK Error Handling**

The ISP protocol uses an Acknowledge (ACK) / Not Acknowledge (NACK) protocol scheme. If a NACK is seen, then it will be followed by an Error code.

If a NACK packet is seen it will always be printed, and the tool will EXIT.

### TIMEOUT Error Handling

An ISP session requires an initial ISP START command sent to the Target to put it into ISP mode. If this command fails, then the ISP session will not occur, and an Error is reported that the Target did not respond

```
Available options:

1 - maintenance mode
2 - device reset
3 - device enquiry
4 - get revision info
5 - get TOC info

Select an option: 4
[ERROR] Target did not respond
```

This Error will exit the program.

Possible causes for this Error:

- Incorrect baud rate setting
- Target is not powered or is in a low power state such as STOP mode.



### 10. RECOVERY MODE

Recovery mode occurs when SEROM

- Fails to find an SES image in MRAM that it can boot.
- Fails to verify an SES image from MRAM.
- Fails to decrypt an SES image from MRAM.
- Finds the dual SES Banks are both marked as "bad".

If your device is in Recovery mode, you will see the following SE-UART output

```
[TERMINAL] Ctr]-C to exit

\text{
\te
```

This means you are now back in SEROM. There are two error codes printed error and extended error.

SEROM Error codes are described below.

Extended error codes are for reporting issues (specifically) with the CC312 Crypto Engine.

### **SEROM Error Codes**

```
// Error codes
#define SEROM STATUS SUCCESS
                                                        0x0
// Crypto errors
#define SEROM BSV INIT FAIL
                                                        0x1
#define SEROM BSV LCS GET AND INIT FAIL
                                                        0x2
#define SEROM BSV LCS GET FAIL
                                                        0x2
#define SEROM BSV SEC MODE SET FAIL
                                                        0x3
#define SEROM BSV PRIV MODE SET FAIL
                                                        0x4
#define SEROM BSV CORE CLK GATING ENABLE FAIL
                                                        0x5
```



| // MRAM  | errors                                                                                                                                                                                                                                                        |            |
|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
| #define  | SEROM MRAM INITIALIZATION FAILURE                                                                                                                                                                                                                             | 0x6        |
| #define  | SEROM_MRAM_INITIALIZATION_TIMEOUT                                                                                                                                                                                                                             | 0x7        |
| #define  | SEROM_MRAM_WRITE_FAILURE                                                                                                                                                                                                                                      | 0x8        |
|          |                                                                                                                                                                                                                                                               |            |
| // 7.500 |                                                                                                                                                                                                                                                               |            |
| // ATOC  | errors                                                                                                                                                                                                                                                        | 00         |
| #define  | SEROM_ATOC_EXT_HDR_OFFSET_ZERO SEROM_ATOC_EXT_HDR_OFFSET_TOO_LARGE                                                                                                                                                                                            | 0x9        |
|          | SEROM_ATOC_EXT_HDR_OFFSET_TOO_LARGE SEROM ATOC OBJECT OFFSET ZERO                                                                                                                                                                                             | 0xA<br>0xB |
|          | <u> </u>                                                                                                                                                                                                                                                      | 0xB<br>0xC |
|          |                                                                                                                                                                                                                                                               | 0xC<br>0xD |
|          |                                                                                                                                                                                                                                                               | 0xD<br>0xE |
|          |                                                                                                                                                                                                                                                               | -          |
| #define  | SEROM_ATOC_EXT_HDR_OFFSET_MISALIGNED SEROM_ATOC_HEADER_OFFSET_INVALID                                                                                                                                                                                         | 0x1        |
| #define  | SEROM ATOC HEADER CRC32 ERROR                                                                                                                                                                                                                                 | 0x10       |
|          |                                                                                                                                                                                                                                                               | 0x12       |
| #define  | SEROM ATOC NUM TOC ENTRIES INVALID                                                                                                                                                                                                                            | 0x13       |
|          |                                                                                                                                                                                                                                                               |            |
| // Cert  | SEROM_ATOC_HEADER_STRING_INVALID  SEROM_ATOC_NUM_TOC_ENTRIES_INVALID  ificate errors  SEROM_CONTENT_CERTIFICATE_NULL  SEROM_CERTIFICATE_NULL  SEROM_CERTIFICATE_CHAIN_INVALID  SEROM_INVALID_OEM_ROT  SEROM_CERTIFICATE_ERROR_BASE  SEROM_CERTIFICATE_1_ERROR |            |
| #define  | SEROM_CONTENT_CERTIFICATE_NULL                                                                                                                                                                                                                                | 0x14       |
| #define  | SEROM_CERTIFICATE_NULL                                                                                                                                                                                                                                        | 0x15       |
| #define  | SEROM_CERTIFICATE_CHAIN_INVALID                                                                                                                                                                                                                               | 0x16       |
| #define  | SEROM_INVALID_OEM_ROT                                                                                                                                                                                                                                         | 0x17       |
| #define  | SEROM_CERTIFICATE_ERROR_BASE                                                                                                                                                                                                                                  | 0x18       |
| #define  | SEROM_CERTIFICATE_1_ERROR                                                                                                                                                                                                                                     | 0x19       |
| #derine  | SEROM_CERTIFICATE_Z_ERROR                                                                                                                                                                                                                                     | 0x1A       |
| #define  | SEROM_CERTIFICATE_3_ERROR                                                                                                                                                                                                                                     | 0x1B       |
| // BOOT  | errors                                                                                                                                                                                                                                                        |            |
| #define  | SEROM BOOT CODE LOAD ADDR INVALID                                                                                                                                                                                                                             | 0x1C       |
| #define  | SEROM BOOT VERIFY IN MEMORY CASE INVALID                                                                                                                                                                                                                      | 0x1D       |
| #define  | SEROM_BOOT_ZERO_IMAGE_LENGTH_INVALID                                                                                                                                                                                                                          | 0x1E       |
| #define  | SEROM_BOOT_ENCRYPTED_IMAGE_INVALID                                                                                                                                                                                                                            | 0x1F       |
|          | SEROM_BOOT_VERIFY_IN_FLASH_CASE_INVALID                                                                                                                                                                                                                       | 0x20       |
|          | SEROM_BOOT_IMAGE_LENGTH_TOO_LARGE                                                                                                                                                                                                                             | 0x21       |
|          | SEROM_BOOT_RAW_IMAGE_LOADING_NOT_ALLOWED                                                                                                                                                                                                                      | 0x22       |
|          | SEROM_BOOT_SERAM_JUMP_RETURN_ERROR                                                                                                                                                                                                                            | 0x23       |
|          | SEROM_BOOT_FAILED                                                                                                                                                                                                                                             | 0x24       |
| #define  | SEROM_BOOT_JUMP_ADDRESS_NOT_VALID                                                                                                                                                                                                                             | 0x25       |
| // Danle | selection errors                                                                                                                                                                                                                                              |            |
|          | SEROM BOTH BANKS INVALID                                                                                                                                                                                                                                      | 0x26       |
| наеттие  | OBLOW DOLL DVILLO THANHID                                                                                                                                                                                                                                     | UAZU       |
| #define  | SEROM_ATOC_EXT_HDR_OFFSET_TOO_SMALL                                                                                                                                                                                                                           | 0x27       |
| #define  | SEROM BOOT END OF MAIN ERROR                                                                                                                                                                                                                                  | 0x28       |
|          | SEROM INVALID NULL PTR                                                                                                                                                                                                                                        | 0x26       |
|          | SEROM_INVALID_NOLL_FIR SEROM INVALID TOC OFFSET                                                                                                                                                                                                               | 0x29       |
| " CETTIE | 071/011_11/1/11117_100_011011                                                                                                                                                                                                                                 | UAJU       |

## Alif Security Toolkit User Guide

## 11. Primary Boot Path Alternative

On EAGLE based devices there is a capability to supplement MRAM as the Primary boot source for the SES and STOC.

The external memory support is Octal SPI. As SEROM is responsible for booting SES (from MRAM) it needs to know the details regarding OSPI settings, these are stored in OTP on the SoC.

If a user wants to enable the use of External memory as a backup to MRAM they will have to program the OTP to enable this mode.

The gen-altboot tool is used to create binary objects from a JSON description. These binary files are used via ISP to program the OTP its.

## Alif Security Toolkit User Guide

## 12. CONDUCTOR Tool Flow

The ALIF CONDUCTOR tool is a web-based application that allows a user to configure a Device. Please refer to the CONDUCTOR documentation for more details. This section will focus on the CONDUCTOR material generated for STATIC configuration and how to get this configuration data built using SETOOLS.

CONDUCTOR can be used to generate configurations for

- Static Pin Mux
- Static Clocks
- Static Application space Firewall

The output of the CONDUCTOR tool is a JSON file that can be included into an application as a DEVICE Config object. This object is executed by SES on boot up of the device, so by the time the Application CPUs are booted settings for PinMux, Clock and Firewall are already set.

This method is known as STATIC configuration. As the configuration is stored in Application MRAM space (as part of the ATOC) it will remain there until deleted or overwritten.

### **Configuration Options**

There are two main methods of configuring the device for PinMux, Clock and Firewall:

- STATIC
- DYNAMIC

### STATIC configuration

Configuration data is part of the ATOC (DEVICE Configuration object) and will be installed on each boot of the device before the Application cores are booted.

#### DYNAMIC configuration

Configuration is done using SERVICE library calls from an application core once booted. This means the initializations are done at run-time or dynamically. These settings can also be changed by subsequent SERVICE library calls.

### Using the CONDUCTOR Tool with SETOOLS

The Conductor tool generates two types of output – Device Configuration and C header files. SERAM uses the Device Configuration output. It is a JSON file that needs to be copied to the APP release folder (under build\config) and then referenced by the DEVICE entry in the ATOC config file.

#### Steps -

1. Generate a Device Configuration File from the Conductor tool -

## Alif Security Toolkit User Guide



The default output file name is something like 'Config\_\_AE722F80F55D5AS\_20230705\_0910.json'.

You can rename the file at this point or do that later.

- Copy the file to the <APP release folder>\build\config.
   The Conductor tool saves the generated file in the browser's default Downloads folder, so copy it from there to your APP release.
- 3. Optionally, rename the file, e.g., to 'app-device-config-test.json'.
- 4. Reference the file from the ATOC config file -

```
🔚 app-cfg.json 🔀
  1
  2
           "BLINK-HE": {
  3
                 ·"binary": · "m55 blink he.bin",
  4
                 "version" : "1.0.0",
                 ·"cpu id": "M55 HE",
  5
                ··"loadAddress": "0x58000000",
  6
  7
                ··"flags": · ["load", · "boot"]
  8
  9
             ·"DEVICE": {
               ··· "binary": · "app-device-config-test.json",
 10
                 "version" : "0.5.00"
 11
 12
        - · · · }
 13
```

### Miscellaneous Feature set supported from CONDUCTOR tool

The MISECELLANEOUS section of the Conductor tool has several configuration options that will be passed into SES for processing at Boot time.

## Alif Security Toolkit User Guide

The options that are supported are as follows:

- LFXO CAP CTRL
- LFXO\_GM\_CTRL
- HFXO\_CAP\_CTRL
- HFXO\_PFET\_GM\_CTRL
- HFXO NFET GM CTRL
- SE\_BOOT\_INFO

The unsupported options are printed as Warnings when running the app-gen-toc tool

```
[INFO] Create area for: miscellaneous
[INFO] Process Miscellaneous
[INFO] [WARN] SE not supported: ISP_MAINTENANCE_SUPPORT
[INFO] [WARN] SE not supported: FW_RUNTIME_CFG
[INFO] [WARN] SE not supported: PINMUX_RUNTIME_CFG
[INFO]
      [WARN] SE not supported: CLOCK_RUNTIME_CFG
[INFO]
      [WARN] SE not supported:
                                BOARD_LED_COUNT
[INFO]
      [WARN] SE not supported:
                                BOARD_LEDRGB_COUNT
[INFO] [WARN] SE not supported:
                                BOARD_BUTTON_COUNT
[INFO] [WARN] SE not supported:
                                BOARD_CONFIG_JUMPER_COUNT
[INFO] [WARN] SE not supported: BOARD_SWITCH_OUTPUT_COUNT
Calculating APP area...
```

You must use the '-v' (Verbose) option to see these Warnings.

### SE BOOT INFO

The default for this is '0' which means all SES Prints are enabled on boot up.

| Value | Output              |
|-------|---------------------|
| 0     | All prints enabled  |
| 1     |                     |
| 2     | Suppress all prints |

### Non-CONDUCTOR Options

There are some features that are not supported directly from that Tool.

### Brown Out Reset (BOR) hysteresis and threshold configurable

The device boots using safe default boot BOR parameters – minimal non-zero hysteresis (0x1) and zero threshold (0x0).

It is possible to change the BOR parameters during boot via ATOC device configuration. This feature is currently not supported by the Conductor tool, so the BOR settings must be added to the ATOC device configuration manually.

atoc-device-config.json, 'miscellaneous' section -



```
....miscellaneous": [
.....{
....."id": "LFXO_CAP_CTRL",
....."value": ·8
.....},
.....
```

... BOR parameters added to the section -

```
"id": "BOR_HYSTERESIS",
"value": 2
"id": "BOR_THRESHOLD",
"id": "BOR_THRESHOLD",
"value": 1
```

### SHARED MEM CTRL

Share Memory Control register. This setting provides the value to be written to the Shared Memory Control register on boot. This register controls the address at which the SRAM1 memory appears in the global address space – at its original location 0x0800\_0000 or right after SRAM0 at 0x02400000, which provides a contiguous memory region that combines SRAM0 and SRAM1. The register also controls the access from certain peripherals (NPU, ISP, JPEG) to certain global memory regions.

```
: "SHARED_MEM_CTRL",
....."value": "0x80000000"
.....}
```

**NOTE**: The Shared Memory Control register does not exist in FUSION and BALLETTO devices, so for them this setting is ignored.

### REG ALIASING CTRL

Analogue Register Aliasing setting. By default, it is set to enable aliasing.

```
{
    "id": "REG_ALIASING_CTRL",
    "value": "0x00000001"
}
```

**NOTE**: The Analogue Register Aliasing register does not exist in FUSION and BALLETTO devices, so for them this setting is ignored.

## Alif Security Toolkit User Guide

## 13. Device Debug Strategies

The following section describes some debug strategies that can be applied to a device that appears to be not working.

### Recovery vs SES Mode

In normal operational mode SES will be running on the device. In rare cases this may not be the case, and your Device will be in Recovery mode. This means that SEROM failed to find a valid SES image to boot.

In recovery mode you will use the Maintenance tool to put back (Recover) an SES image into the device.

In recovery mode you are communicating with SEROM only. The ISP command set for SEROM is limited compared to when talking to SES.

The Maintenance tool upon execution checks what state the Target device i.e. SEROM or SES mode. If it detects SEROM mode then a limited set of Maintenance command will be shown.

#### HARD Maintenance mode

This mode allows the user to override the SE Boot sequence and get access to the Secure Enclave.

### Quick Fix guide

Anyone who is troubleshooting a bricked or unresponsive board should do these basic first steps –

• Check if the board is in SEROM or SERAM mode, If you are not sure what mode you are in, use SETOOLS

C:\Windows\System32\cmd.exe - python3 maintenance.py

```
3 - Get CPU boot info
4 - Device enquiry
5 - Get revision info
6 - Get OTP data
7 - Get MRAM data
8 - Get log data
9 - Get SEROM trace data
10 - Get SERAM trace data
11 - Get power data
12 - Get clock data
Select an option (Enter to return): 4
SEROM Error = 0x24 (SEROM_BOOT_FAILED) Extended Error = 0xf1000015 Maintenance Mode = <None>
```

SEROM mode – run the SEROM recovery command.

NOTE: Hard Maintenance mode does not make sense in SEROM mode and is not supported. Recommendation – run the recovery using the option '2. Recovery (No Reset)'. When the recovery is complete, open a terminal, then reset the board and monitor the output on the SE UART. If, after Booting, you are still in recovery mode look for extended Error code in Recovery screen and dump SEROM Trace log

• SERAM mode – enter Hard Maintenance mode and then Erase the Application MRAM.



Maintenance -> Option#3 -> Option#3 (or Option#1)

### Reporting Issues to ALIF

When reporting issues to ALIF always provide the following information

- Version of SETOOLS used.
- Version of Device used
- Maintenance -> Option#2 Device information -> Option#5 Get Revision Information
- SE-UART output on boot up
  - This is the most useful for triaging issues
- SEROM, SERAM TRACEs (Maintenance -> Option#2 Device Information -> Option#9 and Option#10



## 14. Life Cycle State SECURE

Some notes on LCS=SE Policy and operation

- In LCS=SE it is not possible to open JTAG debugger access to the Secure Enclave.
- Read access to MRAM and OTP via ISP is disabled, to prevent reading customer code and data via ISP.



## 15. Document History

| Version | Date          | Change Log                                       |
|---------|---------------|--------------------------------------------------|
| 0.84.0  | October 2023  | Web release for Security Toolkit v0.84.0 tools   |
| 0.85.0  | November 2023 | Initial support for MAC OS in SETOOLS            |
| 0.87.0  | December 2023 | Adding assets-gen and app-provision tool details |
| 1.104.0 | February 2025 | New Maintenance menus when in Recovery mode      |