Tuesday, December 23, 2014

Setting up an ARM Cortex®-A9 based SBC

The RiOTboard - an ARM Cortex-A9 based SBC



The RIoTboard is an ARM Cortex-A9 based single board computer (SBC). The RIoTboard has a Freescale i.MX6 Solo application processor and an integrated Freescale Kinetis MCU for additional debugging and development. The i.MX6 Solo supports the single ARM Cortex-A9 MPCore Platform. The i.MX6 Solo contains ARM TrustZone technology and the i.MX 6 SoC on the RIoTboard has a 96 KB Boot Rom with support for high assurance boot. Other features of the board include 1 GB of DDR3 memory, 4 GB eMMC, JTAG, Serial, mini USB for OpenSDA, mini USB for USB OTG, LVDS, parallel RGB expansion, 4 USB-A ports, HDMI, audio, reset button, microSD card slot, SD card slot, and boot onboard boot switches. The board is very reasonably priced. Last but not least, the Freescale i.MX 6 ARM Cortex-A9 application processor has ARM TrustZone technology.

The i.MX6 Solo processor on the RIoTboard is labeled MCIMX6S8DVM10AB. According to the i.MX6 Solo data sheet, the processor supports a number of security related features. The list includes ARM TrustZone technology with TZ architecture support, a secure JTAG controller for locking down and protecting the JTAG port, a cryptographic acceleration and assurance module with secure RAM and a true PRNG, a central security unit (CSU) including secure non-volatile storage, high assurance boot, and the separation of memory and interrupts between secure world and normal world. There are more security related features but this is a general list.

Setting up a RIoTboard

Embedded devices used for development purposes often have network controllers on them.  From mobile phones to radios, routers, watches, and wearables, these devices are sending and receiving IP datagrams to external Internet hosts via one or many of their network interfaces; WiFi, 3G, 4G, and Bluetooth.  Most of the processors being sold today can run rich operating systems with full software support for multiple network interface controllers.  In addition, many of the processors being sold today contain support for both virtualization and trusted execution. 

A network router that is isolated from the Internet and any local computers can be connected to the embedded device via the device's primary network interface. If there are multiple network interfaces on the embedded device, then multiple routers can be connected to the embedded device - one for each interface type. 3G and 4G routers, while not widely available, can be connected to the 3G or 4G modem on the embedded device.

IP traffic can be sent and received from both secure world and normal world via multiple network interfaces.  Raw packet analysis tools on the router can be used to inspect incoming and outgoing traffic from the embedded device.  After the router is connected to the embedded device, data that is transmitted over the embedded device's network interface can be recorded to a format such as PCAP and saved for later analysis.  A firewall can also be deployed on the router and all outgoing traffic originating from the embedded device can be blocked.  Inexpensive routers with ARM based processors and ARM TrustZone technology can be purchased from most retail stores.

Short of having access to JTAG hardware debuggers, a Bus Pirate can be used in conjunction with OpenOCD for debugging the i.MX 6 processor on the RiOTboard. A bus pirate can also be used in transparent UART bridge mode for connecting the host to the target (the RiOTboard).

This type of setup can be very useful for debugging embedded devices, analyzing embedded devices, developing software for embedded devices, and testing embedded devices prior to production.


The Netgear WNR3500U (right) can run multiple operating systems.


  • Digital multimeter for testing continuity of JTAG, SWD, and Serial cables
  • Proper ground and wrist strap
  • 2x ethernet cable
  • WNR3500U router
  • microSD card 8 GB Class I
  • SD card 8 GB Class I
  • RiOTboard
  • 5 VDC power supply for RiOTboard
  • 2x Bus Pirate
  • Cortex SWD 10 to 20 pin adapter
  • 2x 5-pin female to female breakout cable
  • FTDI mini USB to 5-pin female breakout board
  • 4-pin female to female breakout cable
  • HDMI cable
  • USB mouse
  • USB keyboard
  • Display
  • Host computer with Linux (Fedora 21)
  • 4x mini USB to USB-A cables
  • 10-pin female to female SWD / JTAG cable
  • Card reader

Using the Bus Pirate as a transparent UART bridge

Bus Pirate Pin 01 GND  <---> RiOTboard J18 Pin 3 GND
Bus Pirate Pin 08 MOSI <---> RiOTboard J18 Pin 1 UART2 TX
Bus Pirate Pin 10 MISO <---> RiOTboard J18 Pin 2 UART2 RX

Flashing the PIC on the Bus Pirate is straightforward (see documentation) and should be performed so that the Bus Pirate is running the latest firmware.

RiOTboard connected via JTAG and UART to Host




No comments:

Post a Comment

Note: Only a member of this blog may post a comment.