Serial NOR flash and F-RAM memory are typically used with microcontrollers, so why put a Cortex-M0 inside the memory chip? Cypress Semiconductor does it to enhance functionality and improve security. It can provide secure-boot services to processors that don’t have this support built-in. Support for standard serial interfaces allows designers to easily incorporate the memory chips into existing designs.
Cypress introduced a pair of pin-compatible families of smart serial storage that incorporate a Cortex-M0: the Semper NOR flash and Excelon F-RAM families. The chips support secure firmware-over-the-air (FOTA) updates, but the processor isn’t user-programmable. It’s there to strictly provide the added functionality and security. The families are available in a range of versions, including support for automotive applications, such as those connected to ISO 26262, ASIL B, ASIL D ready, and IEC 61508.
The two families operate as conventional serial memories. It’s only when additional services are used that they differ from their conventional counterparts.
The Semper NOR flash family (Fig. 1) handles capacities up to 4 Gb (512 MB) using Cypress Semiconductor’s 45-nm MirrorBit technology. MirrorBit allows two bits of storage in a single cell. Chips are available with quad and octal SPI interfaces as well as a HyperBus version.
1. The Semper NOR family includes optional security support. Versions are available for a range of interfaces, including quad and octal SPI as well as HyperBus.
Write management is required as with any NOR flash; Cypress’s Semper family has EnduraFlex as well as ECC support. The devices also have on-chip diagnostic capability.
The optional security support includes secure memory regions, secure key storage, and monotonic counters. The Cortex-M0 has its own crypto engine and takes advantage of the system’s safe boot support when it starts up. The secure-boot support is for the host processor. The chip essentially works like a conventional serial memory for the host’s boot process, but it prevents arbitrary update of the boot code. This can only be done when the boot code is authenticated.
Providing secure boot in this fashion does move code in the clear between the memory and the host processor. However, this is only of concern if an attacker has physical access to the device. Processors that implement their own secure boot transfer encrypted code from the storage device. Still, implementing secure boot in an external device like this is just as effective at protecting the system from remote attacks.
Though the Excelon F-RAM family (Fig. 2) also includes optional security support, it lacks some of the features available in the Semper platform. Both include secure authentication and secure key storage, but the Excelon lacks the crypto engine and secure-boot support. F-RAM is more likely to be used for data storage, so these features are often unnecessary. It’s also possible to mix Semper and Excelon devices on the same bus, providing program storage with the additional security.
2. The Excelon F-RAM family of intelligent storage overcomes the write limitations of flash memory. Security support is also optional.
Excelon chips support SPI and quad SPI interfaces. They’re available in capacities up to 16 Mb. The lower capacity is offset by its essentially unlimited endurance and ultra-low-power operation. F-RAM also has no write delays.
The automotive-grade parts for both families are AEC-Q100-qualified and proven at extreme temperatures (−40 to +125°C).