Corstone-700 reference design system

Reference design for building advanced and secure System on Chips (SoCs)

The Arm Corstone-700 offers a fully verified flexible subsystem and system IP to enable faster, lower effort and lower risk development of secure SoCs for high-performance IoT endpoints, gateways, and embedded applications.

The Corstone-700 system architecture combines Cortex-A32 and up to two Cortex-M systems of choice (example integration provided with Cortex-M3). Corstone-700 is built with many advanced features:

  • System level interrupt routing of shared interrupts, with pre-integration of GIC-400 for Cortex-A32 processor
  • Message Handling Unit for inter-system communication, supporting both Secure and Non-secure messages
  • Extensive built-in security, with system-wide TrustZone technology. It includes a firewall providing memory compartmentalization, and a Secure Enclave based on Cortex-M0+ processor for hardware root of trust and cryptographic acceleration
  • Secure and authenticated debug infrastructure using SoC-600 and SDC-600 components
  • An extremely power-efficient pre-integrated Clock and Power Control to control all clock and power domains, using PCK-600 power management components

Corstone-700 also has two ready-available prototyping platforms for early software prototyping: A Fixed Virtual Platform (FVP) and an FPGA-based implementation on MPS3. Both platforms are supported by an open-source software stack, with drivers and OS support for all processing elements. The reference stack is based on Linux for Cortex-A32 processor, RTX for Cortex-M3 processor, and provides a firmware running on the Secure Enclave.

Features

The Corstone-700 combines software and hardware components for Cortex-M based designs.
The components include:

Corstone SSE-700 subsystem
It contains SSE-700, a flexible compute subsystem designed to provide a secure solution for high-performance IoT – ideal for a range of Power, Performance, and Area (PPA) applications. It is powered by the Arm Cortex-A32 processor and includes up to two Cortex-M-based subsystems, providing a standardized programming interfaces for inter-processor communications. The configurable subsystem implements advanced built-in security features, and allows expansion with sensors, connectivity, video, audio, and machine learning on the device. The following diagram demonstrates an example reference design:

Corstone-700 block diagram

Corstone-700 Secure Enclave
The Secure Enclave provides Root of Trust (RoT) and cryptographic functions for the SSE-700 subsystem. It is based on a Cortex-M0+ processor core and associated peripherals, such as timers and watchdogs.

Corstone SSE-123 subsystem
The SSE-123 Example Subsystem included in Corstone-700 provides a secure design for the heart of your Cortex-M23 based system. Designed to be the lowest cost and power efficient implementation of an Arm TrustZone system, it is targeted at the constrained market segment. TrustZone offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU.

Corstone SSE-200 subsystem
A TrustZone-enabled reference design subsystem with the latest power-management technology, based on the Cortex-M33 processor.

SIE-200 System IP
Includes all the components to create TrustZone-enabled systems. Including, AHB5 interconnect generator, memory and peripheral protection controllers, bridges, and more.

Corstone SSE-050 subsystem
An efficient and expandable reference design subsystem based on the Cortex-M3 processor.

CoreLink GFC-100
CoreLink Generic Flash Controller (GFC-100) enables an embedded Flash macro to be integrated easily into any system.

CoreLink GFC-200
Similar to GFC-100, but the GFC-200 can have accesses from two masters. The two masters can operate in separate domains, such as a Non-secure domain and a Secure domain.

CoreLink PCK-600 Power Control
The Arm CoreLink PCK-600 Power Control Kit provides a suite of system IP that is pre-verified to ease system power, and clock management infrastructure integration.

CoreSight SDC-600
CoreSight SDC-600 addresses device security needs by allowing silicon and tool vendors to enforce protection and to police debug access, and by working closely with cryptographic elements and debug certificate authentication.

Cortex-M System Design Kit
The Cortex-M System Design Kit (CMSDK) includes many components, such as the multi-layer AHB generator, bridges, adapters, and controllers. The CMSDK offers a reliable and efficient way to connect your system. The CMSDK package includes a few system examples to inspire your future design.

AHB Flash Cache
To get the most of Flash-based systems (either with embedded Flash or external Flash), an efficient cache system is necessary. Within a compact area, this block significantly improves performance and power consumption of your SoC.

Real-Time Clock
A Real-Time Clock (RTC) for applications that must maintain a time base, which is likely to be the case for all embedded applications.

True Random Number Generator
The True Random Number Generator (TRNG) is the minimum element that you must integrate into a device to ensure a strong security foundation.