DS2252T Secure Microcontroller Module www.dalsemi.com FEATURES 8051-compatible microcontroller for secure/sensitive applications - 32, 64, or 128 kbytes of nonvolatile SRAM for program and/or data storage - In-system programming via on-chip serial port - Capable of modifying its own program or data memory in the end system Firmware security features: - Memory stored in encrypted form - Encryption using on-chip 64-bit key - Automatic true random key generator - SDI (Self-Destruct Input) - Improved security over previous generations - Protects memory contents from piracy Crashproof operation - Maintains all nonvolatile resources for over 10 years in the absence of power - Power-fail Reset - Early Warning Power-fail Interrupt - Watchdog Timer - Precision reference for power monitor Fully 8051-compatible - 128 bytes scratchpad RAM - Two timer/counters - On-chip serial port - 32 parallel I/O port pins Permanently powered real time clock PACKAGE OUTLINE 1 20 21 40 40-Pin SIMM DESCRIPTION The DS2252T Secure Microcontroller Module is an 8051-compatible microcontroller based on nonvolatile RAM technology. It is designed for systems that need to protect memory contents from disclosure. This includes key data, sensitive algorithms, and proprietary information of all types. Like other members of the Secure Microcontroller family, it provides full compatibility with the 8051 instruction set, timers, serial port, and parallel I/O ports. By using NV RAM instead of ROM, the user can program, then reprogram the microcontroller while in-system. This allows frequent changing of sensitive processes with minimal effort. The DS2252T provides an array of mechanisms to prevent an attacker from examining the memory. It is designed to resist all levels of threat including observation, analysis, and physical attack. As a result, a massive effort would be required to obtain any information about 1 of 15 011800 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T memory contents. Furthermore, the “Soft” nature of the DS2252T allows frequent modification of secure information. This minimizes that value of any information that is obtained. Using a security system based on the DS5002FP, the DS2252T protects the memory contents from disclosure. It loads program memory via its serial port and encrypts it in real time prior to storing it in SRAM. Once encrypted, the RAM contents and the program flow are unintelligible. The real data exists only inside the processor chip after being decrypted. Any attempt to discover the on-chip data, encryption keys, etc., results in its destruction. Extensive use of nonvolatile lithium-backed technology creates a microcontroller that retains data for over 10 years at room temperature, but which can be erased instantly if tampered with. The DS2252T even interfaces directly to external tamper protection hardware. The DS2252T provides a permanently powered real time lock with interrupts for time stamp and date. It keeps time to one hundredth of a second using its onboard 32 kHz crystal. Like other Secure Microcontrollers in the family, the DS2252T provides crashproof operation in portable systems or systems with unreliable power. These features include the ability to save the operating state, Power-fail Reset, Power-fail Interrupt, and Watchdog Timer. All nonvolatile memory and resources are maintained for over 10 years at room temperature in the absence of power. A user loads programs into the DS2252T via its on-chip Serial Bootstrap Loader. This function supervises the loading of software into NV RAM, validates it, then becomes transparent to the user. It also manages the loading of new encryption keys automatically. Software is stored in onboard CMOS SRAM. Using its internal Partitioning, the DS2252T can divide a common RAM into user selectable program and data segments. This Partition can be selected at program loading time, but can be modified anytime later. The microcontroller will decode memory access to the SRAM, access memory via its Bytewide bus and write-protect the memory portion designated as program (ROM). A detailed summary of the security features is provided in the User’s Guide section of the Secure Microcontroller data book. An overview is also available in the DS5002FP data sheet. 2 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T DS2252T BLOCK DIAGRAM Figure 1 3 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T PIN ASSIGNMENT 1 P1.0 11 P1.5 21 P3.1 TXD 31 2 VCC 12 P0.4 22 ALE 32 P3.6 WR P2.4 3 P1.1 13 P1.6 23 P3.2 INT0 33 P3.7 RD 4 P0.0 14 P0.5 24 PROG 34 P2.3 5 P1.2 15 P1.7 25 35 XTAL2 6 7 8 9 10 P0.1 P1.3 P0.2 P1.4 P0.3 16 17 18 19 20 P0.6 RST P0.7 P3.0 RXD SDI 26 27 28 29 30 P3.3 INT1 P2.7 P3.4 T0 P2.6 P3.5 T1 P2.5 36 37 38 39 40 P2.2 XTAL1 P2.1 GND P2.0 PIN DESCRIPTION PIN DESCRIPTION 4, 6, 8, 10, P0.0 - P0.7. General purpose I/O Port 0. This port is open-drain and can not drive a logic 12, 14, 16, 1. It requires external pullups. Port 0 is also the multiplexed Expanded Address/Data bus. 18 When used in this mode, it does not require pullups. 1, 3, 5, 7, 9, 11, 13, 15 P1.0 - P1.7. General purpose I/O Port 1. 40, 38, 36, P2.0 - P2.7. General purpose I/O Port 2. Also serves as the MSB of the Expanded 34, 32, 30, Address bus. 28, 26 19 P3.0 RXD. General purpose I/O port pin 3.0. Also serves as the receive signal for the on board UART. This pin should NOT be connected directly to a PC COM port. 21 P3.1 TXD. General purpose I/O port pin 3.1. Also serves as the transmit signal for the on board UART. This pin should NOT be connected directly to a PC COM port. 23 P3.2 INT0 . General purpose I/O port pin 3.2. Also serves as the active low External Interrupt 0. This pin is also connected to the INTP output of the DS1283 Real Time Clock. 25 P3.3 INT1 . General purpose I/O port pin 3.3. Also serves as the active low External Interrupt 1. 27 P3.4 T0. General purpose I/O port pin 3.4. Also serves as the Timer 0 input. 29 P3.5 T1. General purpose I/O port pin 3.5. Also serves as the Timer 1 input. 31 P3.6 WR . General purpose I/O port pin. Also serves as the write strobe for Expanded bus operation. 33 P3.7 RD . General purpose I/O port pin. Also serves as the read strobe for Expanded bus operation. 17 RST - Active high reset input. A logic 1 applied to this pin will activate a reset state. This pin is pulled down internally, can be left unconnected if not used. An RC power-on reset circuit is not needed and is NOT recommended. 4 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T PIN DESCRIPTION 22 ALE - Address Latch Enable. Used to de-multiplex the multiplexed Expanded Address/Data bus on Port 0. This pin is normally connected to the clock input on a ’373 type transparent latch. 35, 37 XTAL2, XTAL1. Used to connect an external crystal to the internal oscillator. XTAL1 is the input to an inverting amplifier and XTAL2 is the output. 39 GND - Logic ground. 2 VCC - +5V. 24 PROG - Invokes the Bootstrap loader on a falling edge. This signal should be debounced so that only one edge is detected. If connected to ground, the microcontroller will enter Bootstrap loading on power up. This signal is pulled up internally. 20 SDI – Self-Destruct Input. A logic 1 applied to this input causes a hardware unlock. This involves the destruction of Encryption Keys, Vector RAM, and the momentary removal of power from VCCO. This pin should be grounded if not used. INSTRUCTION SET The DS2252T executes an instruction set that is object code-compatible with the industry standard 8051 microcontroller. As a result, software development packages such as assemblers and compilers that have been written for the 8051 are compatible with the DS2252T. A complete description of the instruction set and operation are provided in the User’s Guide section of the Secure Microcontroller Data Book. MEMORY ORGANIZATION Figure 2 illustrates the memory map accessed by the DS2252T. The entire 64k of program and 64k of data are available to the Byte-wide bus. This preserves the I/O ports for application use. An alternate configuration allows dynamic Partitioning of a 64k space as shown in Figure 3. Any data area not mapped into the NV RAM is reached via the Expanded bus on Ports 0 and 2. Off-board program memory is not available for security reasons. Selecting PES=1 provides access to the Real Time Clock as shown in Figure 4. These selections are made using Special Function Registers. The memory map and its controls are covered in detail in the User’s Guide section of the Secure Microcontroller Data Book. 5 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T DS2252T MEMORY MAP IN NON-PARTITIONABLE MODE (PM=1) Figure 2 FFFFh -- PROGRAM MEMORY DATA MEMORY (MOVX) NV RAM PROGRAM NV RAM DATA -- 64K 0000h -- DS2252T MEMORY MAP IN PARTITIONABLE (PM=0) Figure 3 FFFFh -- PROGRAM MEMORY DATA MEMORY (MOVX) NV RAM DATA PARTITION NV RAM PROGRAM 0000h -- NOTE: PARTITIONABLE MODE IS NOT SUPPORTED ON THE 128KB VERSION OF THE DS2252T. LEGEND: = NV RAM MEMORY = NOT AVAILABLE = EXPANDED BUS (PORTS 0 AND 2) 6 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T DS2252T MEMORY MAP WITH (PES=1) Figure 4 FFFFh -- PROGRAM MEMORY DATA MEMORY (MOVX) -- 64K C000h -PARTITION B000h -- NV RAM PROGRAM -- 16K 4000h -- REAL-TIME CLOCK 0000h -- = NOT ACCESSIBLE POWER MANAGEMENT The DS2252T monitors VCC to provide Power-fail Reset, early warning Power-fail Interrupt, and switchover to lithium backup. It uses an internal band-gap reference in determining the switch points. These are called VPFW, VCCMIN, and VLI respectively. When VCC drops below VPFW, the DS2252T will perform an interrupt vector to location 2Bh if the power-fail warning is enabled. Full processor operation continues regardless. When power falls further to VCCMIN, the DS2252T invokes a reset state. No further code execution will be performed unless power rises back above VCCMIN. All decoded chip enables and the R/ W signal go to an inactive (logic 1) state. VCC is still the power source at this time. When VCC drops further to below VLI, internal circuitry will switch to the built-in lithium cell for power. The majority of internal circuits will be disabled and the remaining nonvolatile states will be retained. The User’s Guide has more information on this topic. The trip points VCCMIN and VPFW are listed in the electrical specifications. 7 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T ABSOLUTE MAXIMUM RATINGS* Voltage on Any Pin Relative to Ground Voltage on VCC Relative to Ground Operating Temperature2 Storage Temperature Soldering Temperature -0.3V to (VCC + 0.5V) -0.3V to +6.0V -40°C to +85°C -55°C to +125°C 260°C for 10 seconds 1 This is a stress rating only and functional operation of the device at these or any other conditions above those indicated in the operation sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods of time may affect reliability. 2 Storage temperature is defined as the temperature of the device when VCC=0V and VLI=0V. In this state the contents of SRAM are not battery-backed and are undefined. (tA=0°C to 70°C; VCC=5V ± 10%) DC CHARACTERISTICS PARAMETER SYMBOL MIN TYP MAX UNITS NOTES Input Low Voltage VIL -0.3 +0.8 V 1 Input High Voltage VIH1 2.0 VCC+0.3 V 1 Input High Voltage (RST, XTAL1, PROG ) VIH2 3.5 VCC+0.3 V 1 Output Low Voltage @ IOL=1.6 mA (Ports 1, 2, 3) VOL1 0.15 0.45 V 1 Output Low Voltage @ IOL=3.2 mA (Ports 0, ALE) VOL2 0.15 0.45 V 1 Output High Voltage @ IOH= -80 µA (Ports 1, 2, 3) VOH1 2.4 4.8 V 1 Output High Voltage @ IOH=-400 µA (Ports 0, ALE) VOH2 2.4 4.8 V 1 Input Low Current VIN = 0.45V (Ports 1, 2, 3) IIL -50 µA Transition Current; 1 to 0 VIN = 2.0V (Ports 1, 2, 3) ITL -500 µA Input Leakage Current 0.45 < VIN < VCC (Port 0) IIL ±10 µA RST Pulldown Resistor RRE 40 150 kΩ Power Fail Warning Voltage VPRW 4.25 4.37 4.50 V 1 Minimum Operating Voltage VCCMIN 4.00 4.12 4.25 V 1 Operating Current @ 16 MHz ICC 45 mA 4 Idle Mode Current @ 12 MHz IIDLE 7.0 mA 5 Stop Mode Current ISTOP 80 µA 6 Pin Capacitance CIN 10 pF 7 8 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T (tA=0°C to 70°C; VCC=5V ± 10%) DC CHARACTERISTICS (continued) Reset Trip Point in Stop Mode w/BAT=3.0V w/BAT=3.3V 4.0 4.4 4.25 4.65 V 1 SDI Input High Voltage VIHS 2.0 VCC V 1, 2 SDI Input High Voltage VIHS 2.0 3.5 V 1, 2 SDI PullDown Resistor RSDI 25 60 kΩ AC CHARACTERISTICS PARAMETER (tA=0°C to 70°C; VCC=0V to 5V) SYMBOL SDI Pulse Reject (4.5V < VCC < 5.5V) (VCC=0V, VBAT=2.9V) tSPR SDI Pulse Accept (4.5V < VCC < 5.5V) (VCC=0V, VBAT=2.9V) tSPA 9 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 MIN 10 50 TYP MAX UNITS NOTES 2 4 µs 10 µs 10 DS2252T AC CHARACTERISTICS: EXPANDED BUS MODE TIMING SPECIFICATIONS # 1 PARAMETER Oscillator Frequency 2 (tA=0°C to70°C; VCC=5V ± 10%) SYMBOL 1/tCLK MIN 1.0 ALE Pulse Width tALPW 2tCLK -40 ns 3 Address Valid to ALE Low tAVALL tCLK -40 ns 4 Address Hold After ALE Low tAVAAV tCLK -35 ns Pulse Width tRDPW 6tCLK -100 ns tWRPW 6tCLK -100 ns 14 RD 15 WR Pulse Width RD Low to Valid Data In 16 @ 12 MHz @ 16 MHz MAX 16 (-16) 5tCLK -165 5tCLK -105 tRDLDV ns ns 17 Data Hold after RD High tRDHDV 18 Data Float after RD High tRDHDZ 2tCLK -70 ns 19 20 0 UNITS MHz ns ALE Low to Valid Data In @ 12 MHz @ 16 MHz tALLVD 8CLK -150 8tCLK -90 ns ns Valid Addr. to Valid Data In @ 12 MHz @ 16 MHz tAVDV 9tCLK -165 9tCLK -105 ns ns 3tCLK +50 ns 21 ALE Low to RD or WR Low tALLRDL 3tCLK -50 22 Address Valid to RD or WR Low tAVRDL 4tCLK -130 ns 23 Data Valid to WR Going Low tDVWRL tCLK -60 ns tDVWRH 7tCLK -150 7tCLK -90 ns ns tCLK -50 ns 24 Data Valid to WR High @ 12 MHz @ 16 MHz 25 Data Valid after WR High tWRHDV 26 RD Low to Address Float tRDLAZ 27 RD or WR High to ALE High tRDHALH EXPANDED DATA MEMORY READ CYCLE 10 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 tCLK -40 0 ns tCLK +50 ns DS2252T EXPANDED DATA MEMORY WRITE CYCLE AC CHARACTERISTICS (continued) EXTERNAL CLOCK DRIVE # 28 29 30 31 (tA=0°C to70°C; VCC=5V ± 10%) PARAMETER SYMBOL MIN MAX UNITS External Clock High Time @ 12 MHz @ 16 MHz tCLKHPW 20 15 ns ns External Clock Low Time @ 12 MHz @ 16 MHz tCLKLPW 20 15 ns ns External Clock Rise Time @ 12 MHz @ 16 MHz tCLKR 20 15 ns ns External Clock Fall Time @ 12 MHz @ 16 MHz tCLKF 20 15 ns ns EXTERNAL CLOCK TIMING 11 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T AC CHARACTERISTICS (continued) POWER CYCLING TIMING (tA=0°C to70°C; VCC=5V ± 10%) # PARAMETER SYMBOL MIN tF 130 MAX 32 Slew Rate from VCCMIN to 3.3V 33 Crystal Start-up Time tCSU (note 8) 34 Power-On Reset Delay tPOR 21504 UNITS µs tCLK POWER CYCLE TIMING AC CHARACTERISTICS (cont'd) SERIAL PORT TIMING - MODE 0 # PARAMETER 35 (tA=0°C to70°C; VCC=5V ± 10%) SYMBOL MIN Serial Port Clock Cycle Time tSPCLK 12tCLK µs 36 Output Data Setup to Rising Clock Edge tDOCH 10tCLK -133 ns 37 Output Data Hold after Rising Clock Edge tCHDO 2tCLK -117 ns 38 Clock Rising Edge to Input Data Valid tCHDV 39 Input Data Hold after Rising Clock Edge tCHDIV 12 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 MAX 10tCLK -133 0 UNITS ns ns DS2252T SERIAL PORT TIMING - MODE 0 NOTES: 1. All voltage referenced to ground. 2. SDI should be taken to a logic high when VCC=+5V, and to approximately 3V when VCC<3V. 3. SDI is deglitched to prevent accidental destruction. The pulse must be longer than tSPR to pass the deglitcher, but SDI is not guaranteed unless it is longer than tSPA. 4. Maximum operating ICC is measured with all output pins disconnected; XTAL1 driven with tCLKR, tCLKF=10 ns, VIL = 0.5V; XTAL2 disconnected; RST = PORT0 = VCC. 5. Idle mode IIDLE is measured with all output pins disconnected; XTAL1 driven with tCLKR, tCLKF= 10 ns, VIL = 0.5V; XTAL2 disconnected; PORT0 = VCC, RST = VSS. 6. Stop mode ISTOP is measured with all output pins disconnected; PORT0 = VCC; XTAL2 not connected; RST = XTAL1 = VSS. 7. Pin capacitance is measured with a test frequency - 1 MHz, tA= 25°C. 8. Crystal start-up time is the time required to get the mass of the crystal into vibrational motion from the time that power is first applied to the circuit until the first clock pulse is produced by the on-chip oscillator. The user should check with the crystal vendor for a worst case specification on this time. 13 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003 DS2252T PACKAGE DRAWING PKG MIN MAX A 2.645 2.655 B 2.379 2.389 C 0.995 1.005 D 0.395 0.405 E 0.245 0.255 F 0.075 0.085 H 0.245 0.255 I Powered by ICminer.com Electronic-Library Service CopyRight 2003 0.050 BSC G J 14 of 15 INCHES DIM 0.950 BSC 0.120 0.130 K 1.320 1.330 L 1.445 1.455 M 0.057 0.067 N - 0.300 O - 0.165 P 0.047 0.054 DATA SHEET REVISION SUMMARY The following represent the key differences between 12/13/95 and 08/16/96 version of the DS2252T data sheet. Please review this summary carefully. 1. Change VCC slew rate specification to reference 3.3V instead of VLI. 2. Add minimum value to PCB thickness. The following represent the key differences between 08/16/96 and 05/28/97 version of the DS2252T data sheet. Please review this summary carefully. 1. AC characteristics for battery-backed SDI pulse specification added. The following represent the key differences between 05/28/97 and 11/08/99 version of the DS2252T data sheet. Please review this summary carefully. (PCN I80903) 1. Correct Absolute Maximum Ratings to reflect changes to DS5002FP microprocessor. 2. Add note clarifying that SRAM contents are not defined under storage temperature conditions. The following represent the key differences between 11/08/99 and 01/18/00 version of the DS2252T data sheet. Please review this summary carefully. 1. Datasheet conversion from Interleaf to Word. 15 of 15 Powered by ICminer.com Electronic-Library Service CopyRight 2003