PEmicro Blog

Cyclone Programming Overview for STMicroelectronics Devices

Apr 19, 2022

The process of setting up Cyclone programmers to perform production programming at a local or remote facility is simple and straightforward. PEmicro's Cyclones support programming of STMicroelectronics' popular STM32 and Bluetooth Low-Energy (BlueNRG) devices, as well as the SPC5 automotive and STM8 8-bit families.

In addition, Cyclone programmers leverage PEmicro's ProCryption Security to use industry-standard RSA/AES cryptography to safeguard programming images containing valuable IP. The IP owner also gains added control over factors like when and how many devices can be programmed, and how many errors are allowed.

This article will provide an overview of Cyclone programming - what the various components are and how they interact - and then explore the security aspect of the production programming process, in order to show that IP security does not need to be unduly complicated or expensive to be effective. 

Topics - Jump To:

_______________________________________________________________________________________

STMicroelectronics Tools Integration

Before beginning, it is worth briefly noting that PEmicro offers integration and features that are geared towards STMicroelectronics devices to help make sure that projects are as obstacle-free as possible while they proceed toward the production programming phase.

Cyclone Programming Overview

Cyclones are stand-alone programmers that are easy to setup and control. To start we will take a look at how they operate and some extremely useful features they offer.

Physical Setup

  • Can operate Independent of a computer
  • Controllable from the PC (Ethernet, USB, Serial)
  • Consumes Stand-Alone Programming (SAP) images
  • Various target programming communications:
    • BDM, JTAG, SWD, USB, etc


Cyclone Can Program Stand-Alone or be Controlled Via PC

SAP Images

SAP images combine all data needed for programming. They are created using an included utility and stored as single files on a PC or or in the Cyclone’s encrypted memory. For example, one essential part of the initial setup process will be selecting the algorithm for the specific STMicroelectronics device being used, and then creating a programming sequence using the specific commands and settings that it offers.

BIN - Binary Files

  • Multiple Object Files
  • Combined or Split
  • Pre-Processed

ALG - Target Config
(Algorithm) 
Data

  • Flash Specific
    Algorithms
  • Device Specific
    Settings

CFG - Configuration File

  • Programming
    Script
  • User Settings

ADV - Advanced Options

  • Security restrictions
  • Serialization
  • Cryptography
  • Barcode Driven

Control and Automation

When programming, Cyclones can be controlled individually or in groups, using one of the Control Suite components: Control Console, Control SDK, and Control GUI. 

  • Control Console allows powerful scripted automation
  • Control SDK allows custom software to control and automate Cyclones
  • Manual control is also available via the Control GUI, including remote access to the Cyclone's screen

Multiple Cyclones Programming in Parallel

Some additional useful features include Dynamic Data and Serialization, as well as Overlay of data. Users programming STMicroelectronics devices on a production line will want to learn more about the Cyclone's powerful serial number capabilities

Power Provisioning and Measurement

Cyclone setups that will program STMicroelectronics targets may require different power schemes, depending on the design of the target board, target voltages, and even the device architecture. Cyclones are designed to:

  • Optionally power a target before, during, and after programming 
  • Source power at many voltage levels, from the Cyclone itself, or an external power supply
  • Switch power as required

Cyclone Power Management

Current and voltage can also be measured during operation: 

A much more detailed exploration is available by reading 5 Different Ways to Power a Target with a Cyclone Programmer.

Performance Metrics

Time is money when it comes to production programming, so Cyclones are built to program and verify at extremely fast speeds:


Cyclone FXMultilink FX
TargetProgram (Standalone)Verify (Standalone)Program (PROGACMP)Verify (PROGACMP)
STM32L552ZE95 KB/s575 KB/s87 KB/s206 KB/s
STM32G491RE106 KB/s1435 KB/s98 KB/s184 KB/s
STM32U5262KB/s699 KB/s91 KB/s161 KB/s
STM32H7A3ZI584 KB/s630 KB/s167 KB/s176 KB/s

ProCryption Security

Once a company has finished development of an STMicroelectronics project, the next step is often to shift to the production programming phase by sending their newly developed IP to a remote facility where their product will be programmed and tested.

One of the most important features that Cyclone programmers offer is ProCryption security. This allows SAP images, which contain that valuable intellectual property, to be encrypted such that they can only be unlocked by specific Cyclone units, and programmed under specific circumstances.

How might this work in practical terms?

The Encryption Process in a Nutshell

In order to understand how to manage the procedures, it is important to first take a brief look at how PEmicro encrypts programming images using ProCryption Security.

Programming Image Encryption Overview

In the simplest terms: The user will create an ImageKey. This ImageKey will then serve two functions:

  1. The ImageKey will be used to encrypt SAP images during the image creation process. These eSAP images can then be safely distributed to a production facility.
  2. That ImageKey must also be provisioned onto a Cyclone unit in order for that Cyclone to decrypt those same SAP images.

A more detailed explanation of this process is available by reading Cyclone ProCryption Security: RSA/AES Encryption Added for Production Programming.

SAP Image Encryption Procedure and Features

Therefore, in order to manage image encryption at a remote facility, there are two general procedures that will need to be followed: 

1) Initial ImageKey Creation and Provisioning of Cyclones (Infrequent)

This procedure is mainly for setup/preparation and will not occur often. If, for example, a product called "RunReady 2" needs to be programmed at the "XYZ Production" facility, the user would:

a. Create An "XYZ Production" ImageKey

ImageKey Creation via Cyclone Image Creation Utility

b. Provision one or more Cyclones with the "XYZ Production" ImageKey

Provision Cyclone with ImageKey via Control GUI

c. The provisioned Cyclones reside at, or can be sent to, the XYZ Production facility. 

This same ImageKey will then be used when encrypting "RunReady 2" programming images that are intended for that specific facility, and it is the presence of the ImageKey on the provisioned Cyclones that will allow them to decrypt those same images.

2) Using the ImageKey to Encrypt SAP Images During Creation (As Frequently As Needed)

The second procedure will happen as frequently as needed whenever the "RunReady 2" programming image is created or modified. This is often carried out using the Cyclone's Image Creation Utility but the procedure can also be automated. In the ProCryption Security area, the user would:

a. Select the "XYZ Production" ImageKey as the Image Encryption Setting

b.  Add Programming Restrictions

Another powerful feature of ProCryption Security is the ability to restrict programming by date range or number of programs/failures. When the time comes, for example, to create an updated eSAP image with a new date range, it is very easy to accomplish.

c. Generate An Encrypted Programming Image

The eSAP file is saved and ready to be distributed to Cyclones provisioned with the proper ImageKey.

A more detailed explanation of these procedures is available by reading Cyclone ProCryption Security: A Step by Step Example.


Note: Cyclone programmers leverage the industry leading wolfSSL cryptography stack to provide advanced cryptography protection and enablement for production programming setups.

Strong Protection, Simple Implementation

This example demonstrates how easy it is to set up and operate the Cyclone, and to add the security and control that the ProCryption Security license provides to the user's STMicroelectronics device production programming process. Once configured, it works seamlessly to keep valuable IP safe without a difficult management process.

Anyone interested in working with STMicroelectronics devices is welcome to contact PEmicro about support for specific devices, features offered by our tools, or any other question or concern.

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     Prog ACMP     Interface Library Routines     ARM     STMicroelectronics     Production Programming     Debug     Automated Control