The process of setting up Cyclone programmers to perform production programming at a local or remote facility is simple and straightforward. PEmicro's Cyclones support programming of STMicroelectronics' popular STM32 and Bluetooth Low-Energy (BlueNRG) devices, as well as the SPC5 automotive and STM8 8-bit families.
In addition, Cyclone programmers leverage PEmicro's ProCryption Security to use industry-standard RSA/AES cryptography to safeguard programming images containing valuable IP. The IP owner also gains added control over factors like when and how many devices can be programmed, and how many errors are allowed.
This article will provide an overview of Cyclone programming - what the various components are and how they interact - and then explore the security aspect of the production programming process, in order to show that IP security does not need to be unduly complicated or expensive to be effective.
Topics - Jump To:
_______________________________________________________________________________________
STMicroelectronics Tools Integration
Before beginning, it is worth briefly noting that PEmicro offers integration and features that are geared towards STMicroelectronics devices to help make sure that projects are as obstacle-free as possible while they proceed toward the production programming phase.
Cyclone Programming Overview
Cyclones are stand-alone programmers that are easy to setup and control. To start we will take a look at how they operate and some extremely useful features they offer.
Physical Setup
- Can operate Independent of a computer
- Controllable from the PC (Ethernet, USB, Serial)
- Consumes Stand-Alone Programming (SAP) images
- Various target programming communications:
Cyclone Can Program Stand-Alone or be Controlled Via PC
SAP Images
SAP images combine all data needed for programming. They are created using an included utility and stored as single files on a PC or or in the Cyclone’s encrypted memory. For example, one essential part of the initial setup process will be selecting the algorithm for the specific STMicroelectronics device being used, and then creating a programming sequence using the specific commands and settings that it offers.
BIN - Binary Files - Multiple Object Files
- Combined or Split
- Pre-Processed
| ALG - Target Config
(Algorithm) Data - Flash Specific
Algorithms - Device Specific
Settings
| CFG - Configuration File - Programming
Script - User Settings
| ADV - Advanced Options - Security restrictions
- Serialization
- Cryptography
- Barcode Driven
|
Control and Automation
When programming, Cyclones can be controlled individually or in groups, using one of the Control Suite components: Control Console, Control SDK, and Control GUI.
- Control Console allows powerful scripted automation
- Control SDK allows custom software to control and automate Cyclones
- Manual control is also available via the Control GUI, including remote access to the Cyclone's screen
Multiple Cyclones Programming in Parallel
Some additional useful features include Dynamic Data and Serialization, as well as Overlay of data. Users programming STMicroelectronics devices on a production line will want to learn more about the Cyclone's powerful serial number capabilities.
Power Provisioning and Measurement
Cyclone setups that will program STMicroelectronics targets may require different power schemes, depending on the design of the target board, target voltages, and even the device architecture. Cyclones are designed to:
- Optionally power a target before, during, and after programming
- Source power at many voltage levels, from the Cyclone itself, or an external power supply
- Switch power as required
Cyclone Power Management
Current and voltage can also be measured during operation:
A much more detailed exploration is available by reading 5 Different Ways to Power a Target with a Cyclone Programmer.
Performance Metrics
Time is money when it comes to production programming, so Cyclones are built to program and verify at extremely fast speeds:
| Cyclone FX | Multilink FX |
| Target | Program (Standalone) | Verify (Standalone) | Program (PROGACMP) | Verify (PROGACMP) |
| STM32L552ZE | 95 KB/s | 575 KB/s | 87 KB/s | 206 KB/s |
| STM32G491RE | 106 KB/s | 1435 KB/s | 98 KB/s | 184 KB/s |
| STM32U5 | 262KB/s | 699 KB/s | 91 KB/s | 161 KB/s |
| STM32H7A3ZI | 584 KB/s | 630 KB/s | 167 KB/s | 176 KB/s |
ProCryption Security
Once a company has finished development of an STMicroelectronics project, the next step is often to shift to the production programming phase by sending their newly developed IP to a remote facility where their product will be programmed and tested.
One of the most important features that Cyclone programmers offer is ProCryption security. This allows SAP images, which contain that valuable intellectual property, to be encrypted such that they can only be unlocked by specific Cyclone units, and programmed under specific circumstances.
How might this work in practical terms?
The Encryption Process in a Nutshell
In order to understand how to manage the procedures, it is important to first take a brief look at how PEmicro encrypts programming images using ProCryption Security.
Programming Image Encryption Overview
In the simplest terms: The user will create an ImageKey. This ImageKey will then serve two functions:
- The ImageKey will be used to encrypt SAP images during the image creation process. These eSAP images can then be safely distributed to a production facility.
- That ImageKey must also be provisioned onto a Cyclone unit in order for that Cyclone to decrypt those same SAP images.
A more detailed explanation of this process is available by reading Cyclone ProCryption Security: RSA/AES Encryption Added for Production Programming.
SAP Image Encryption Procedure and Features
Therefore, in order to manage image encryption at a remote facility, there are two general procedures that will need to be followed:
1) Initial ImageKey Creation and Provisioning of Cyclones (Infrequent)
This procedure is mainly for setup/preparation and will not occur often. If, for example, a product called "RunReady 2" needs to be programmed at the "XYZ Production" facility, the user would:
a. Create An "XYZ Production" ImageKey
ImageKey Creation via Cyclone Image Creation Utility
b. Provision one or more Cyclones with the "XYZ Production" ImageKey
Provision Cyclone with ImageKey via Control GUI
c. The provisioned Cyclones reside at, or can be sent to, the XYZ Production facility.
This same ImageKey will then be used when encrypting "RunReady 2" programming images that are intended for that specific facility, and it is the presence of the ImageKey on the provisioned Cyclones that will allow them to decrypt those same images.
2) Using the ImageKey to Encrypt SAP Images During Creation (As Frequently As Needed)
The second procedure will happen as frequently as needed whenever the "RunReady 2" programming image is created or modified. This is often carried out using the Cyclone's Image Creation Utility but the procedure can also be automated. In the ProCryption Security area, the user would:
a. Select the "XYZ Production" ImageKey as the Image Encryption Setting
b. Add Programming Restrictions
Another powerful feature of ProCryption Security is the ability to restrict programming by date range or number of programs/failures. When the time comes, for example, to create an updated eSAP image with a new date range, it is very easy to accomplish.
c. Generate An Encrypted Programming Image
The eSAP file is saved and ready to be distributed to Cyclones provisioned with the proper ImageKey.
A more detailed explanation of these procedures is available by reading Cyclone ProCryption Security: A Step by Step Example. 
Note: Cyclone programmers leverage the industry leading wolfSSL cryptography stack to provide advanced cryptography protection and enablement for production programming setups.
Strong Protection, Simple Implementation
This example demonstrates how easy it is to set up and operate the Cyclone, and to add the security and control that the ProCryption Security license provides to the user's STMicroelectronics device production programming process. Once configured, it works seamlessly to keep valuable IP safe without a difficult management process.
Anyone interested in working with STMicroelectronics devices is welcome to contact PEmicro about support for specific devices, features offered by our tools, or any other question or concern.
