DS2252T DS2252T Secure Microcontroller Module FEATURES PACKAGE OUTLINE • 8051 compatible microcontroller for secure/sensitive applications – 32K, 64K, or 128K bytes of nonvolatile SRAM for program and/or data storage – In–system programming via on–chip serial port – Capable of modifying its own program or data memory in the end system 1 Memory stored in encrypted form Encryption using on–chip 64–bit key Automatic true random key generator SDI Self Destruct Input Improved security over previous generations Protects memory contents from piracy • Crashproof Operation – Maintains all nonvolatile resources for over 10 years in the absence of power – Power–fail Reset – Early Warning Power–fail Interrupt – Watchdog Timer – Precision reference for power monitor • Fully 8051 Compatible – – – – 128 bytes scratchpad RAM Two timer/counters On–chip serial port 32 parallel I/O port pins • Permanently powered real time clock Copyright 1995 by Dallas Semiconductor Corporation. All Rights Reserved. For important information regarding patents and other intellectual property rights, please refer to Dallas Semiconductor data books. 21 40 40-Pin SIMM • Firmware Security Features: – – – – – – 20 DESCRIPTION The DS2252T is an 8051 compatible microcontroller based on nonvolatile RAM technology. It is designed for systems that need to protect memory contents from disclosure. This includes key data, sensitive algorithms, and proprietary information of all types. Like other members of the Secure Microcontroller family, it provides full compatibility with the 8051 instruction set, timers, serial port, and parallel I/O ports. By using NVRAM instead of ROM, the user can program, then reprogram the microcontroller while in–system. This allows frequent changing of sensitive processes with minimal effort. The DS2252T provides an array of mechanisms to prevent an attacker from examining the memory. It is designed to resist all levels of threat including observation, analysis, and physical attack. As a result, a massive effort would be required to obtain any information about memory contents. Furthermore, the “Soft” nature of the DS2252T allows frequent modification of secure information. This minimizes that value of any information that is obtained. 121395 1/14 DS2252T Using a security system based on the DS5002FP, the DS2252T protects the memory contents from disclosure. It loads program memory via its serial port and encrypts it in real–time prior to storing it in SRAM. Once encrypted, the RAM contents and the program flow are unintelligible. The real data exists only inside the processor chip after being decrypted. Any attempt to discover the on–chip data, encryption keys, etc., results in its destruction. Extensive use of nonvolatile lithium backed technology create a microcontroller that retains data for over 10 years at room temperature, but which can be erased instantly if tampered with. The DS2252T even interfaces directly to external tamper protection hardware. The DS2252T provides a permanently powered real time lock with interrupts for time stamp and date. It keeps time to one hundredth of a second using its on– board 32 KHz crystal. Like other Secure Microcontrollers in the family, the DS2252T provides crashproof operation in portable systems or systems with unreliable power. These features include the ability to save the operating state, Power–fail Reset, Power–fail Interrupt, and Watchdog Timer. All nonvolatile memory and resources are maintained for over 10 years at room temperature in the absence of power. A user loads programs into the DS2252T via its on–chip Serial Bootstrap Loader. This function supervises the loading of software into NVRAM, validates it, then becomes transparent to the user. It also manages the loading of new encryption keys automatically. Software is stored in on–board CMOS SRAM. Using its internal Partitioning, the DS2252T can divide a common RAM into user selectable program and data segments. This Partition can be selected at program loading time, but can be modified anytime later. The microcontroller will decode memory access to the SRAM, access memory via its Byte–wide bus and write–protect the memory portion designated as program (ROM). A detailed summary of the security features is provided in the User’s Guide section of the Secure Microcontroller data book. An overview is also available in the DS5002FP data sheet. ORDERING INFORMATION PART NUMBER RAM SIZE MAX CRYSTAL SPEED TIMEKEEPING? DS2252T–32–16 32K bytes 16 MHz Yes DS2252T–64–16 64K bytes 16 MHz Yes DS2252T–128–16 128K bytes 16 MHz Yes Operating information is contained in the User’s Guide section of the Secure Microcontroller Data Book. This data sheet provides ordering information, pinout, and electrical specifications. 121395 2/14 DS2252T DS2252T BLOCK DIAGRAM Figure 1 DS2252T +3V VCC VCCO RST ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ ÏÏÏÏÏÏÏ BYTE–WIDE ADDRESS BUS ALE XTAL1 XTAL2 32K OR 128K SRAM BYTE–WIDE DATA BUS GND DS5002FP PROG CE1 SDI ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ P0.0–0.7 P1.0–1.7 P2.0–2.7 P3.0–3.7 P3.2 R/W CE2 32K SRAM (–64 only) PE1 DS1283 REAL TIME CLOCK INTP 121395 3/14 DS2252T PIN ASSIGNMENT 1 P1.0 11 P1.5 21 P3.1 TXD 31 P3.6 WR 2 VCC 12 P0.4 22 ALE 32 P2.4 3 P1.1 13 P1.6 23 P3.2 INT0 33 P3.7 RD 4 P0.0 14 P0.5 24 PROG 34 P2.3 5 P1.2 15 P1.7 25 P3.3 INT1 35 XTAL2 6 P0.1 16 P0.6 26 P2.7 36 P2.2 7 P1.3 17 RST 27 P3.4 T0 37 XTAL1 8 P0.2 18 P0.7 28 P2.6 38 P2.1 9 P1.4 19 P3.0 RXD 29 P3.5 T1 39 GND 10 P0.3 20 SDI 30 P2.5 40 P2.0 PIN DESCRIPTION PIN DESCRIPTION 4, 6, 8, 10, P0.0 – P0.7. General purpose I/O Port 0. This port is open–drain and can not drive a logic 1. 12, 14, 16, 18 It requires external pull–ups. Port 0 is also the multiplexed Expanded Address/Data bus. When used in this mode, it does not require pull–ups. 1, 3, 5, 7, 9, 11, 13, 15 P1.0 – P1.7. General purpose I/O Port 1. 40, 38, 36, 34, 32, 30, 28, 26 P2.0 – P2.7. General purpose I/O Port 2. Also serves as the MSB of the Expanded Address bus. 19 P3.0 RXD. General purpose I/O port pin 3.0. Also serves as the receive signal for the on board UART. This pin should NOT be connected directly to a PC COM port. 21 P3.1 TXD. General purpose I/O port pin 3.1. Also serves as the transmit signal for the on board UART. This pin should NOT be connected directly to a PC COM port. 23 P3.2 INT0. General purpose I/O port pin 3.2. Also serves as the active low External Interrupt 0. This pin is also connected to the INTP output of the DS1283 Real Time Clock. 25 P3.3 INT1. General purpose I/O port pin 3.3. Also serves as the active low External Interrupt 1. 27 P3.4 T0. General purpose I/O port pin 3.4. Also serves as the Timer 0 input. 29 P3.5 T1. General purpose I/O port pin 3.5. Also serves as the Timer 1 input. 31 P3.6 WR. General purpose I/O port pin. Also serves as the write strobe for Expanded bus operation. 33 P3.7 RD. General purpose I/O port pin. Also serves as the read strobe for Expanded bus operation. 17 RST – Active high reset input. A logic 1 applied to this pin will activate a reset state. This pin is pulled down internally, can be left unconnected if not used. An RC power–on reset circuit is not needed and is NOT recommended. 22 ALE – Address Latch Enable. Used to de–multiplex the multiplexed Expanded Address/Data bus on Port 0. This pin is normally connected to the clock input on a ’373 type transparent latch. 121395 4/14 DS2252T PIN 35, 37 DESCRIPTION XTAL2, XTAL1. Used to connect an external crystal to the internal oscillator. XTAL1 is the input to an inverting amplifier and XTAL2 is the output. 39 GND – Logic ground. 2 VCC – +5V. 24 PROG – Invokes the Bootstrap loader on a falling edge. This signal should be debounced so that only one edge is detected. If connected to ground, the microcontroller will enter Bootstrap loading on power up. This signal is pulled up internally. 20 SDI – Self Destruct Input. A logic 1 applied to this input causes a hardware unlock. This involves the destruction of Encryption Keys, Vector RAM, and the momentary removal of power from VCCO. This pin should be grounded if not used. INSTRUCTION SET The DS2252T executes an instruction set that is object code compatible with the industry standard 8051 microcontroller. As a result, software development packages such as assemblers and compilers that have been written for the 8051 are compatible with the DS2252T. A complete description of the instruction set and operation are provided in the User’s Guide section of the Secure Microcontroller Data Book. MEMORY ORGANIZATION are available to the Byte–wide bus. This preserves the I/O ports for application use. An alternate configuration allows dynamic Partitioning of a 64K space as shown in Figure 3. Any data area not mapped into the NVRAM is reached via the Expanded bus on Ports 0 and 2. Off– board program memory is not available for security reasons. Selecting PES=1 provides access to the Real– time Clock as shown in Figure 4. These selections are made using Special Function Registers. The memory map and its controls are covered in detail in the User’s Guide section of the Secure Microcontroller Data Book. Figure 2 illustrates the memory map accessed by the DS2252T. The entire 64K of program and 64K of data 121395 5/14 DS2252T DS2252T MEMORY MAP IN NON–PARTITIONABLE MODE (PM=1) Figure 2 ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ ÉÉÉÉÉÉ PROGRAM MEMORY FFFFh NVRAM PROGRAM 0000h ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ DATA MEMORY (MOVX) NVRAM DATA DS2252T MEMORY MAP IN PARTITIONABLE MODE (PM=0) Figure 3 ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÎÎÎÎÎ ÉÉÉÉÉ ÎÎÎÎÎ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ PROGRAM MEMORY FFFFh PARTITION NVRAM PROGRAM 0000h ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ ÉÉÉÉÉ DATA MEMORY (MOVX) NVRAM DATA NOTE: PARTITIONABLE MODE IS NOT SUPPORTED ON THE 128KB VERSION OF THE DS2252T. ÉÉ ÉÉ LEGEND: = NVRAM MEMORY = EXPANDED BUS (PORTS 0 AND 2) 121395 6/14 ÎÎ ÎÎ = NOT AVAILABLE 64K DS2252T DS2252T MEMORY MAP WITH (PES=1) Figure 4 ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÏÏÏÏÏÏ ÎÎÎÎÎÎ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ ÏÏÏÏÏÏ PROGRAM MEMORY FFFFh C000h PARTITION 8000h NVRAM PROGRAM 4000h 0000h ÎÎ ÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ ÎÎÎÎÎÎ DATA MEMORY (MOVX) 64K 16K REAL–TIME CLOCK NOT ACCESSIBLE POWER MANAGEMENT The DS2252T monitors VCC to provide Power–fail Reset, early warning Power–fail Interrupt, and switch over to lithium backup. It uses an internal band–gap reference in determining the switch points. These are called VPFW, VCCMIN, and VLI respectively. When VCC drops below VPFW, the DS2252T will perform an interrupt vector to location 2Bh if the power fail warning was enabled. Full processor operation continues regardless. When power falls further to VCCMIN, the DS2252T invokes a reset state. No further code execution will be performed unless power rises back above VCCMIN. All decoded chip enables and the R/W signal go to an inactive (logic 1) state. VCC is still the power source at this time. When VCC drops further to below VLI, internal circuitry will switch to the built–in lithium cell for power. The majority of internal circuits will be disabled and the remaining nonvolatile states will be retained. The User’s Guide has more information on this topic. The trip points VCCMIN and VPFW are listed in the electrical specifications. 121395 7/14 DS2252T ABSOLUTE MAXIMUM RATINGS* Voltage on Any Pin Relative to Ground Operating Temperature Storage Temperature Soldering Temperature –0.3V to +7.0V 0°C to 70°C –40°C to +70°C 260°C for 10 seconds * This is a stress rating only and functional operation of the device at these or any other conditions above those indicated in the operation sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods of time may affect reliability. (tA=0°C to 70°C; VCC=5V ± 10%) DC CHARACTERISTICS PARAMETER SYMBOL MIN Input Low Voltage VIL Input High Voltage Input High Voltage (RST, XTAL1, PROG) Output Low Voltage @ IOL=1.6 mA (Ports 1, 2, 3) VOL1 Output Low Voltage @ IOL=3.2 mA (Ports 0, ALE) VOL2 Output High Voltage @ IOH=–80 µA (Ports 1, 2, 3) VOH1 2.4 Output High Voltage @ IOH=–400 µA (Ports 0, ALE) VOH2 2.4 TYP MAX UNITS NOTES –0.3 +0.8 V 1 VIH1 2.0 VCC+0.3 V 1 VIH2 3.5 VCC+0.3 V 1 0.15 0.45 V 1 0.15 0.45 V 1 4.8 V 1 4.8 V 1 Input Low Current VIN=0.45V (Ports 1, 2, 3) IIL –50 µA Transition Current; 1 to 0 VIN=2.0V (Ports 1, 2, 3) ITL –500 µA Input Leakage Current 0.45<VIN<VCC (Port 0) IIL ±10 µA RST Pulldown Resistor RRE 40 150 KΩ Power Fail Warning Voltage VPRW 4.25 4.37 4.50 V 1 Minimum Operating Voltage VCCMIN 4.00 4.12 4.25 V 1 ICC 45 mA 4 Idle Mode Current @ 12 MHz IIDLE 7.0 mA 5 Stop Mode current ISTOP 80 µA 6 CIN 10 pF 7 V 1 Operating Current @ 16 MHz Pin Capacitance Reset Trip Point in Stop Mode w/BAT=3.0V w/BAT=3.3V 4.0 4.4 4.25 4.65 SDI Input Low Voltage VILS 0.4 V 1 SDI Input High Voltage VIHS 2.0 VCC V 1, 2 SDI Input High Voltage VIHS 2.0 3.5 V 1, 2 SDI Pull–Down Resistor RSDI 25 60 KΩ 121395 8/14 DS2252T AC CHARACTERISTICS PARAMETER (tA = 0°C to70°C; VCC=0V to 5V) SYMBOL SDI Pulse Reject tSPR SDI Pulse Accept tSPA MIN TYP MAX UNITS NOTES 2 µs 3 µs 3 10 AC CHARACTERISTICS EXPANDED BUS MODE TIMING SPECIFICATIONS (tA = 0°C to70°C; VCC = 5V + 10%) # PARAMETER SYMBOL MIN MAX UNITS 1 Oscillator Frequency 1/tCLK 1.0 16 (–16) MHz 2 ALE Pulse Width tALPW 2tCLK–40 ns 3 Address Valid to ALE Low tAVALL tCLK–40 ns 4 Address Hold After ALE Low tAVAAV tCLK–35 ns 14 RD Pulse Width tRDPW 6tCLK–100 ns 15 WR Pulse Width tWRPW 6tCLK–100 ns 16 RD Low to Valid Data In @12 MHz @16 MHz tRDLDV 17 Data Hold after RD High tRDHDV 18 Data Float after RD High tRDHDZ 2tCLK–70 ns 19 ALE Low to Valid Data In @12 MHz @16 MHz tALLVD 8tCLK–150 8tCLK–90 ns ns 20 Valid Addr. to Valid Data In @12 MHz @16 MHz tAVDV 9tCLK–165 9tCLK–105 ns ns 21 ALE Low to RD or WR Low tALLRDL 3tCLK–50 3tCLK+50 ns 22 Address Valid to RD or WR Low tAVRDL 4tCLK–130 ns 23 Data Valid to WR Going Low tDVWRL tCLK–60 ns 24 Data Valid to WR High @12 MHz @16 MHz tDVWRH 7tCLK–150 7tCLK–90 ns ns 25 Data Valid after WR High tWRHDV tCLK–50 26 RD Low to Address Float tRDLAZ 27 RD or WR High to ALE High tRDHALH 5tCLK–165 5tCLK–105 0 tCLK–40 ns ns ns ns 0 ns tCLK+50 ns 121395 9/14 DS2252T EXPANDED DATA MEMORY READ CYCLE 2 27 ALE 19 21 14 RD 16 18 3 26 4 17 A7–A0 (Rn OR DPL) PORT 0 A7–A0 (PCL) DATA IN INSTR IN 22 20 PORT 2 P2.7–P2.0 OR A15–A8 FROM DPH A15–A8 FROM PCH EXPANDED DATA MEMORY WRITE CYCLE 27 ALE 21 15 WR 23 4 3 PORT 0 A7–A0 (Rn OR DPL) 25 24 DATA OUT A7–A0 (PCL) 22 PORT 2 121395 10/14 P2.7–P2.0 OR A15–A8 FROM DPH A15–A8 FROM PCH INSTR IN DS2252T AC CHARACTERISTICS (cont’d) EXTERNAL CLOCK DRIVE (tA = 0°C to70°C; VCC = 5V + 10%) # PARAMETER SYMBOL MIN MAX UNITS 28 External Clock High Time @12 MHz @16 MHz tCLKHPW 20 15 ns ns 29 External Clock Low Time @12 MHz @16 MHz tCLKLPW 20 15 ns ns 30 External Clock Rise Time @12 MHz @16 MHz tCLKR 20 15 ns ns 31 External Clock Fall Time @12 MHz @16 MHz tCLKF 20 15 ns ns EXTERNAL CLOCK TIMING 28 29 30 31 1 AC CHARACTERISTICS (cont’d) POWER CYCLING TIMING (tA = 0°C to70°C; VCC = 5V + 10%) # PARAMETER SYMBOL MIN tF 130 MAX 32 Slew Rate from VCCMIN to VLI 33 Crystal Start up Time tCSU (note 8) 34 Power On Reset Delay tPOR 21504 UNITS µs tCLK 121395 11/14 DS2252T POWER CYCLE TIMING VCC VPFW VCCMIN VLI 32 INTERRUPT SERVICE ROUTINE 33 CLOCK OSC 34 INTERNAL RESET LITHIUM CURRENT AC CHARACTERISTICS (cont’d) SERIAL PORT TIMING – MODE 0 # PARAMETER 35 (tA = 0°C to70°C; VCC = 5V + 10%) SYMBOL MIN Serial Port Clock Cycle Time tSPCLK 12tCLK µs 36 Output Data Setup to Rising Clock Edge tDOCH 10tCLK–133 ns 37 Output Data Hold after Rising Clock Edge tCHDO 2tCLK–117 ns 38 Clock Rising Edge to Input Data Valid tCHDV 39 Input Data Hold after Rising Clock Edge tCHDIV 121395 12/14 MAX 10tCLK–133 0 UNITS ns ns DS2252T SERIAL PORT TIMING – MODE 0 INSTRUCTION 0 1 2 3 4 5 6 7 8 ALE 35 CLOCK 36 37 DATA OUT 0 1 2 WRITE TO SBUF REGISTER 3 4 5 6 7 SET TI 39 38 SET RI INPUT DATA VALID VALID VALID VALID VALID VALID VALID CLEAR RI NOTES: 1. All voltage referenced to ground. 2. SDI should be taken to a logic high when VCC=+5V, and to approximately 3V when VCC<3V. 3. SDI is deglitched to prevent accidental destruction. The pulse must be longer than tSPR to pass the deglitcher, but SDI is not guaranteed unless it is longer than tSPA. 4. Maximum operating ICC is measured with all output pins disconnected; XTAL1 driven with tCLKR, tCLKF=10 ns, VIL = 0.5V; XTAL2 disconnected; RST = PORT0 = VCC. 5. Idle mode IIDLE is measured with all output pins disconnected; XTAL1 driven with tCLKR, tCLKF = 10 ns, VIL = 0.5V; XTAL2 disconnected; PORT0 = VCC, RST = VSS. 6. Stop mode ISTOP is measured with all output pins disconnected; PORT0 = VCC; XTAL2 not connected; RST = XTAL1 = VSS. 7. Pin capacitance is measured with a test frequency – 1 MHz, tA = 25°C. 8. Crystal start–up time is the time required to get the mass of the crystal into vibrational motion from the time that power is first applied to the circuit until the first clock pulse is produced by the on–chip oscillator. The user should check with the crystal vendor for a worst case specification on this time. 121395 13/14 DS2252T PACKAGE DRAWING P (SIDE B) O (SIDE A) N A U1B U1A U3 U2 J (SIDE B) C M D CL E G I I H K L F PKG 40–PIN DIM MIN MAX A 2.645 2.655 B 2.379 2.389 C 0.995 1.005 D 0.395 0.405 E 0.245 0.255 F 0.050 BSC G 0.075 0.085 H 0.245 0.255 I 121395 14/14 0.950 BSC J 0.120 0.130 K 1.320 1.330 L 1.445 1.455 M 0.057 0.067 N – 0.300 O – 0.165 P – 0.054