CM7326/7327 Hardware Key Developer‘s Manual

BDM-610020027 Rev. A

ISO9001 and AS9100 Certified

RTD Embedded Technologies, Inc. 103 Innovation Blvd. State College, PA 16803-0906

Phone: +1-814-234-8087 FAX: +1-814-234-5218

E-mail [email protected] [email protected]

web site http://www.rtd.com

CM7326/7327 Hardware Key Developer’s Manual 2

Revision History

Rev. A Initial Release

Published by:

RTD Embedded Technologies, Inc. 103 Innovation Blvd. State College, PA 16803-0906

Copyright 1999,2002,2003,2004 by RTD Embedded Technologies, Inc. All rights reserved Printed in U.S.A.

The RTD Logo is a registered trademark of RTD Embedded Technologies. cpuModule and utilityModule are trademarks of RTD Embedded Technologies. PhoenixPICO and PhoenixPICO BIOS are trademarks of Ltd. PS/2, PC/XT, PC/AT and IBM are trademarks of International Business Machines Inc. MS-DOS, Windows, Windows 95, Windows 98 and Windows NT are trademarks of Microsoft Corp. PC/104 is a registered trademark of PC/104 Consortium. All other trademarks appearing in this document are the property of their respective owners.

CM7326/7327 Hardware Key Developer’s Manual 3

Contents 1 THE SERVICES OF THE HARDWARE KEY...... 5 2 THE STRUCTURE OF THE HARDWARE KEY ...... 6 2.1 INTERNAL ID ...... 6 2.2 READABLE/WRITABLE DATA MEMORY (RAM)...... 6 2.3 NON-VOLATILE PROGRAMME AND DATA MEMORY (EEPROM)...... 6 2.4 MEMORY MAP ...... 8 2.5 INTERNAL ALGORITHM ...... 9

CM7326/7327 Hardware Key Developer’s Manual 4

1 The services of the hardware key ♦ Set-in, unalterable identification code of 96 bit, of which 64 bit is public ♦ Identification code (key) of 832 + 192 bit, which can be programmed ♦ Memory protection against partial or full reading or overwriting ♦ Trying to give the access code is possible only three times, after that the code can be accepted only after resetting (switching off the computer) ♦ Watchdog function (with two separate time bases) with a programmable wide time range ♦ -led immediate cold restart (hardware RESET) ♦ Online documentation

CM7326/7327 Hardware Key Developer’s Manual 5

2 The structure of the hardware key

2.1 Internal ID The use of the hardware key at the field of security techniques is served by the identification code in the device, which is of 96 bit, only readable, cannot be deleted or changed (address range: 040h-04Bh). The first 64 bit of the above mentioned 96 is public, that is it can be read without any limitations. It can be used for checking the authorised use with the help of a given software. The code can also serve as a parameter of a certain arithmetical operation, which is used for encoding – decoding by the computer programme. Knowing the other 32 bit left, you can delete the key memory previously made secret. As the key memory is released from secrecy with the help of the code (after deleting the whole memory), it is called as MAKEPUB (Make Public) in other parts of this manual and in the utilities. Note: You can have only three attempts to give the correct MAKEPUB code. After that, if the code is still wrong, the hardware key allows further attempts only after switching off (and restart). But:: even if unauthorised people get hold of the MAKEPUB code, it is not possible for them to read the programme memory in case it was made secret previously. The code allows access (reading/writing) only after deleting the programme memory.

2.2 Readable/writable data memory (RAM) The readable/writable memory at the beginning of the memory (range: 000h-01Fh) has an unlimited access (except the security register regarding memory security, for its description, see later). It is typically used for setting the parameters for coding/decoding, and transferring the results (return values). Its further use, transferring function parameters in case of some device functions, are described later. Attention! The content of RAM memory area changes or can even be deleted after switching off (or restart), and even in case of some device functions!

2.3 Non-volatile programme and data memory (EEPROM) The memory area at the address range 080h-0EFh contains a non-volatile, so called EEPROM memory (can be deleted and programmed electronically, only readable memory). Its advantage is that the data it contains do not change or disappear even when switched off. The bytes at the top of this memory area are used for configuration. The following tables show their specifications. Note: access to memory (RAM / EEPROM) can be set according to the content of the security register (configuring secrecy of memory). If the content of the register allows full access (for example 0FFh), then the access to the memories are unlimited. However, if this register configures any other memory secrecy, the EEPROM memory becomes protected against reading from certain places as well as against full writing on the entire area of EEPROM. It means that the otherwise public EEPROM area is not writable either; it is only readable.

address (offset) length content 0E8h - 0EBh 4 reserved (068h - 06Bh) 0ECh - 0EDh 2 The second half (second 16 bits) of the (06Ch - 06Dh) CMDCODE of 32 bits necessary for calling PGOpen(…) 0EEh 1 WatchDog configuration register, for the meanings (06Eh) of its bits, see Table 2.3.2. 0EFh 1 security register (configuring memory secrecy), (06Fh) for the meanings of its bits, see Table 2.3.4. Table 2.3.1 Configuration registers

bit(s) content b0 Not used (=0) b3-b1 First time constant of WD (after RESET) (8 possible time ranges) b4 Not used (=0) b7-b5 Second time constant of WD (after refresh) (8 possible time ranges) Table 2.3.2 WatchDog (0EEh) configuration register

bit(s) content bit(s) content

CM7326/7327 Hardware Key Developer’s Manual 6

000 1.5 s 100 48 s 001 4.5 s 101 100 s 010 10 s 110 208 s 011 23 s 111 420 s Table 2.3.3 Time constants of the WatchDog circuit (error rate: 5%)

CM7326/7327 Hardware Key Developer’s Manual 7

bit(s) content b2-b0 EEPROM protection (Table 2.3.5.) b4-b3 Not used (=11) b7-b5 RAM protection (Table 2.3.5.) Table 2.3.4 Security (0EFh) configuration register

bit(s) EEPROM protection RAM protection 000 First 1 byte public Number of protected bytes: 1 (address: 4) 001 First 2 bytes public Number of protected bytes: 2 (address: 4-5) 010 First 4 bytes public Number of protected bytes: 4 (address: 4-7) 011 First 8 bytes public Number of protected bytes: 8 (address: 4-11) 100 First 16 bytes public Number of protected bytes: 16 (address: 4- 19) 101 First 32 bytes public Not used 110 All bytes public Not used except configuration area 111 All bytes public No protected bytes (All bytes public) Table 2.3.5 Security (0EFh) configuration register

2.4 Memory map As described above, the internal memory of hwKey contains not only the addresses necessary to get access to RAM and EEPROM, but also other described areas. (Figure and Table 2.4.).

Address start Address end Length Content 0x00 0x1F 32 memory (RAM) 0x20 0x3F 29 Used (0xFF) 0x40 0x4B 12 Internal ID 0x4C 0x7F 52 Used (0xFF) 0x80 0xEF 112 Key memory (EEPROM) 0xF0 0xFF 16 Used (0xFF) Table 2.4. The memory map of the hardware key

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF 0x Data memory (RAM, readable/writable) 1x 2x Used (0FFh) 3x 4x Internal ID, only readable 5x 6x Used (0FFh) 7x 8x 9x Ax Non-volatile key and configuration memory Bx (EEPROM, readable/writable) Cx Dx Ex Fx Used (0FFh) Figure 2.4 The memory map of the hardware key

CM7326/7327 Hardware Key Developer’s Manual 8

2.5 Internal algorithm The pgRun() function starts the internal algorithm. This internal algorithm encodes or decodes the first 32 bit of the RAM memory (0..3 addresses) using the prestored user key-data (RAM memory 8-31 and EEPROM memory 0-103). The RAM memory range 4..7 used by internal coding algorithm. This address range can be clear.

CM7326/7327 Hardware Key Developer’s Manual 9

Limited Warranty RTD Embedded Technologies, Inc. warrants the hardware and software products it manufactures and produces to be free from defects in materials and workmanship for one year following the date of shipment from RTD Embedded Technologies, INC. This warranty is limited to the original purchaser of product and is not transferable.

During the one year warranty period, RTD Embedded Technologies will repair or replace, at its option, any defective products or parts at no additional charge, provided that the product is returned, shipping prepaid, to RTD Embedded Technologies. All replaced parts and products become the property of RTD Embedded Technologies. Before returning any product for repair, customers are required to contact the factory for an RMA number.

THIS LIMITED WARRANTY DOES NOT EXTEND TO ANY PRODUCTS WHICH HAVE BEEN DAMAGED AS A RESULT OF ACCIDENT, MISUSE, ABUSE (such as: use of incorrect input voltages, improper or insufficient ventilation, failure to follow the operating instructions that are provided by RTD Embedded Technologies, "acts of God" or other contingencies beyond the control of RTD Embedded Technologies), OR AS A RESULT OF SERVICE OR MODIFICATION BY ANYONE OTHER THAN RTD Embedded Technologies. EXCEPT AS EXPRESSLY SET FORTH ABOVE, NO OTHER WARRANTIES ARE EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND RTD Embedded Technologies EXPRESSLY DIS- CLAIMS ALL WARRANTIES NOT STATED HEREIN. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES FOR MECHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE LIMITED TO THE DURATION OF THIS WARRANTY. IN THE EVENT THE PRODUCT IS NOT FREE FROM DEFECTS AS WARRANTED ABOVE, THE PURCHASER'S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT AS PROVIDED ABOVE. UNDER NO CIRCUMSTANCES WILL RTD Embedded Technologies BE LIABLE TO THE PURCHASER OR ANY USER FOR ANY DAMAGES, INCLUDING ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, EXPENSES, LOST PROFITS, LOST SAVINGS, OR OTHER DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, AND SOME STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE.

CM7326/7327 Hardware Key Developer’s Manual 10

RTD Embedded Technologies, Inc. 103 Innovation Blvd. State College PA 16803-0906 USA Our website: www.rtd.com

CM7326/7327 Hardware Key Developer’s Manual 11