ADVANCED TECHNOLOGIES i.MX SOFTWARE IP DENNIS THOMPSON MANAGER, AMERICAS PROFESSIONAL ENGINEERING SERVICES AMF-AUT-T2704 | JUNE 2017 NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners. © 2017 NXP B.V. PUBLIC AGENDA • Introduction and Strategy • Graphic Optimizations • TRLE • FastBoot / HAB • AUTOSAR MCAL for i.MX • Trusted Execution Environment (TEE) • Audio Video Bridging (AVB) • Miracast • Apple CarPlay • Android Auto • Rear View Camera (RVC) • IVI GENIVI Platform • Support and Engineering Services • Business Models • Case Histories PUBLIC 1 Microcontroller Software, Support & Services Strategy Accelerate our customers' time to market and reduce project risk by: Delivering Comprehensive Seamless Building Components with Ease of Use to Jump Start Projects Developing Innovative Software Embedded Processing Products and Solutions Enhancing the Solutions Hardware IP Providing Knowledge and Value through Professional Support and Services PUBLIC 2 Software, Professional Support & Services Complimentary Software & Tools Kinetis Design Studio, THREAD, BLE, RTOS, Linux & Android BSP Complimentary Support Professional Services Communities Managing Skills Gaps & Engineering Capacity Technical Information Center Global Staffing Capability Distributor Apps Engineers Vested Interest in Mutual Success Field Application Engineers Embedded Processing Solutions Professional Support Hardware Support Risk Reduction Schematics & Layout Review Hot Fixes Software IP (integrated) IVI Platform,CarPlay, Android Auto, AVB, Miracast, HDCP, TRLE, TEE, Home Kit, Autosar MCAL, Graphic Tools, PUBLIC 3 01. Graphic Optimizations & Packages PUBLIC 4 i.MX Production Graphics Service Package Service Package for Linux or Green Hills Integrity • Enables production quality version of graphics stack for i.MX 6 • Staffed with experts on i.MX 6 GPUs and graphics • Custom application-specific testing • Leverages previous experience with other cluster programs Services Provided • Custom test application to exercise the graphics stack to customer specific requirements • Injects CAN use cases into the test application to stress test the graphics stack • Runs selected Kronos API unit tests PUBLIC 5 HUD Warping Algorithms • Distortion correction software system transparently cancels deformations from physical parts − Lenses, mirrors, windshield • Easily integrated in to industry standard OpenGL SW application PUBLIC 6 02. Tessellation Run Length Encoding (TRLE) Image Compression PUBLIC 7 Tessellation Run Length Encoding (TRLE): Defined tes·sel·la·tion (tesəˈlāSH(ə)n/) 1. an arrangement of shapes closely fitted together, especially of polygons, in a repeated pattern without gaps or overlapping. PUBLIC 8 Tessellation Run Length Encoding (TRLE) Image Compression Input Image Output • NXP patent pending technology • Utilizes geometry tessellation image compression • Leverages 3D graphics engines • Optimized for i.MX applications processors • Target: graphics intensive interfaces. EX: auto instrument clusters PUBLIC 9 Benefits of NXP TRLE Compression Technology Pixel accurate 2D Up to 9x compression of compression perfect for textures for lower storage computer generated costs graphics Smaller overall RAM size Leverages 3D GPU and bandwidth hardware for faster, requirements for lower smoother rendering system costs PUBLIC 10 03. Fast & High Assurance Boot (HAB) PUBLIC 11 Fast Boot and HAB (High Assurance Boot) Services • Extensive experience, particularly with automotive use cases • Typically involves HAB with failsafe (redundant images) • Preloader IP optimizes U-Boot loading and authentication • Guidance for using HAB in development vs production modes • Authentication is part of boot sequence and boot time − Included during fast boot analysis and optimizations PUBLIC 12 Automotive Fast Boot Linux Scenarios • Full Graphics Instrument Cluster − Cold start to needles within 900ms − High Assurance Boot to authenticate the booted image • Fast CAN response − Receive and store CAN messages in ~50m from a cold start − A Fast Boot solution on i.MX allows eliminating the CAN management microcontroller • Rearview camera − Cold start to camera image in less than 1s PUBLIC 13 Fast Boot Typical Approach • Specific to customer requirements and hardware − Boot Flow Analysis: . Power sequencing (can be optimized, but fixed time for power up) . ROM Code (fixed time) . Preloader (NXP IP optimization) . U-boot (can be optimized) . Authentication (varies based on size of encrypted images) . Kernel boot (can be optimized) − U-Boot and Kernel Optimizations: . Memory initialization . Upgrades to the eMMC and NAND drivers . Remove or delay startup services and driver unit not required during boot . Load drivers as modules in specific order . Fine tune the file system for performance PUBLIC 14 Fast Boot is Customer Specific Engagement • No off-the-shelf “Fast Boot solution” or number • Dependent on the boot memories, power sequencing, image sizes, etc. − NOR is generally faster − eMMC can vary significantly − i.MX device (CPU speed) • Definition of “booted” varies based on application • Authentication takes time! PUBLIC 15 04. AUTOSAR MCAL for i.MX PUBLIC 16 i.MX AUTOSAR MCAL PUBLIC 17 i.MX AUTOSAR MCAL Software • AUTOSAR ASR 4.0 MCAL: Tested Running from RAM using NXP EVB • ADC, LIN, FlexRay, and WDG-External can be provided as Custom Complex Drivers • EB tresos StudioTM Configuration Tool and Plugins are a part of the software • All components configurable in any AUTOSAR-Compliant Configuration Tool • MCALs Tested using Vector DaVinci Configuration Tool PUBLIC 18 i.MX MCAL Complex Drivers/Services PUBLIC 19 i.MX AUTOSAR MCAL Options PUBLIC 20 Software Lifecycle Methodologies & Quality: Engineering Discipline PUBLIC 21 05. Trusted Execution Environment (TEE) PUBLIC 22 Trusted Execution Environment (TEE) Definition • Provide safe environment for developing and executing secure applications • GlobalPlatform Association Specifications (www.globalplatform.org) Advantages • TEE provides protection against attacks from the rich OS • Easy to Audit small footprint • Execute only trusted/authorized software • Sensitive data are protected from the rest of the application processor software and outside world PUBLIC 23 ARM TrustZone TEE Relies on ARM TrustZone Normal World Secure World Technology Normal Security Applications Services • Provides hardware isolation • Each physical processor core provides 2 virtual User Mode User Mode cores Privileged Monitor Privileged − Secure World Mode Mode Mode − Normal World r Rich o Security t i n OS o Kernel • New Monitor mode: M − Mechanism to switch between the 2 worlds − Gatekeeper for secure World − Entered via new SMC instruction or via exceptions Normal Secure • CPU state is carried out to the AXI bus Memory & Memory & Peripherals Peripherals − AxProt [1] 0= Secure , 1= Non-secure − Allows implementation of secure-aware memory and peripherals PUBLIC 24 TEE Software Stack Normal World Secure World Client ClientClient ApplicationsApplications Crypto service DRM service Sources Applications Trusted (using(using secure secure Key derivation HDCP Rich OS Applications (usingservices) secure Applications services)services) … DTCP-IP … GlobalPlatform Client API GlobalPlatform Internal API Rich OS Libraries Crypto Task Trustzone Library Data storage operation dispatcher Trusted OS Rich OS Trustzone BSP support Driver Secure Timer Secure RAM OTP Crypto BSP support Processor Drivers…. Engines Monitor TEE Stack Binaries Trusted OS BSP Secure Applications Rich OS PUBLIC 25 NXP TEE Software Stack Multi-platform • Runs on complete NXP SoC family: i.MX 6, i.MX 7, i.MX 8 (roadmap) • SoC agnostic: supported on ARM cores with TrustZone capability Integrated with Yocto i.MX Linux BSP • Linux running in non secure mode, TEE in secure mode • Integration with secure/non_secure modes (boot, power management) • TEE stack delivered as binary and secure applications as sources Integrated with i.MX Security Features • TZ, HAB, CSU, TZASC, CAAM, SNVS Tamper… are integrated with TEE Based on GlobalPlatform Association Specifications • Standard API open to customer or 3rd party to develop Secure Applications Professional Services • Available for customization and Secure Application development PUBLIC 26 TEE & High Assurance Boot (HAB) • TEE firmware is located in the boot Normal World Secure World partition along with the kernel image Reset and the device tree HAB Library i.MX6 Boot U-Boot ROM • U-boot, linux and TEE are signed CSF Boot Device Driver Linux, • High Assurance Boot (HAB) U-boot dtb, TEE infrastructure is used for u-boot, Linux CSF and TEE firmware authentication TEE Linux OS Firmware Trusted OS PUBLIC 27 V2X with TEE to Protect Message Authentication Normal World Secure World V2X V2X Secure Authentication Services Message Authentication ECDSA Key Application Cipher sign / verify Management GlobalPlatform Client API GlobalPlatform Internal API Tee supplicant Trustzone Library Cryptography Data storage Task dispatcher Trusted OS File System Networking stack Trustzone Driver eMMC Ethernet BSP support Wifi Driver Driver Driver Linux OS Secure Clock Secure RAM OCOTP BSP support Processor CAAM RNG Monitor TEE Stack Trusted OS BSP Secure V2X Applications (not included in TEE product, added by customers) Current Software offering PUBLIC 28 MIRACAST with HDCP on TEE to Protect the HDCP Keys Normal World Secure World Video Player Miracast HDCP Controller HDCP Service Gstreamer Wifi-direct Session Manager Locality