# DS2252(T) Secure Microcontroller #### **FEATURES** - 8051 compatible uC for secure/sensitive applications - 32, 64, or 128K bytes of nonvolatile SRAM for program and/or data storage - In-system programming via on-chip serial port - Capable of modifying its own program or data memory in the end system - Firmware Security Features: - Memory stored in encrypted form - Encryption using on-chip 64-bit key - Automatic true random key generator - SDI Self Destruct Input - Top coating prevent microprobe - Improved security over previous generations - Protects memory contents from piracy ## Crashproof Operation - Maintains all nonvolatile resources for over 10 years in the absence of power - Power-fail Reset - Early Warning Power-fail Interrupt - Watchdog Timer - Precision reference for power monitor ## Fully 8051 Compatible - 128 bytes scratchpad RAM - Two timer/counters - On-chip serial port - 32 parallel I/O port pins - Optional permanently powered Real-time Clock (DS2252T) #### PACKAGE OUTLINE 40-Pin SIMM #### DESCRIPTION The DS2252(T) is an 8051 compatible microcontroller based on nonvolatile RAM technology. It is designed for systems that need to protect memory contents from disclosure. This includes key data, sensitive algorithms, and proprietary information of all types. Like other members of the Soft Micro family, it provides full compatibility with the 8051 instruction set, timers, serial port, and parallel I/O ports. By using NVRAM instead of ROM, the user can program, then reprogram the microcontroller while in-system. This allows frequent changing of sensitive processes with minimal effort. The DS2252 provides an array of mechanisms to prevent an attacker from examining the memory. It is designed to resist all levels of threat including observation, analysis, and physical attack. As a result, a massive effort would be required to obtain any information about memory contents. Furthermore, the "Soft" nature of the DS2252 allows frequent modification of secure information. This minimizes that value of any information that is obtained. Using a security system based on the DS5002, the DS2252 protects the memory contents from disclosure. It loads program memory via its serial port and encrypts it in real-time prior to storing it in SRAM. Once encrypted, the RAM contents and the program flow are unintelligible. The real data exists only inside the processor chip after being decrypted. Any attempt to discover the on-chip data, encryption keys, etc., results in its destruction. Extensive use of nonvolatile lithium backed technology create a micro that retains data for over 10 years, but which can be erased instantly if tampered with. The DS2252 even interfaces directly to external tamper protection hardware. The DS2252T provides a permanently powered Realtime Clock with interrupts for time stamp and date. It keeps time to one hundredth of second using its onboard 32 KHz crystal. Like other Soft Micros in the family, the DS2252(T) provides crashproof operation in portable systems or systems with unreliable power. These features include the ability to save the operating state, Power-fail Reset, Power-fail Interrupt, and Watchdog Timer. All nonvola- tile memory and resources are maintained for over 10 years at room temperature in the absence of power. A user loads programs into the DS2252(T) via its on-chip Serial Bootstrap Loader. This function supervises the loading of software into NVRAM, validates it, then becomes transparent to the user. It also manages the loading of new encryption keys automatically. Software is stored in on-board CMOS SRAM. Using its internal Partitioning, the DS2252(T) can divide a common RAM into user selectable program and data segments. This Partition can be selected at program loading time, but can be modified anytime later. The micro will decode memory access to the SRAM, access memory via its Byte-wide bus and write-protect the memory portion designated as program (ROM). A detailed summary of the security features is provided in the User's Guide section of the Soft Micro data book. An overview is also available in the DS5002FP data sheet. #### ORDERING INFORMATION | PART NUMBER | RAM SIZE | MAX CRYSTAL SPEED | TIMEKEEPING? | |----------------|------------|-------------------|--------------| | DS2252-32-12 | 32K bytes | 12 MHz | No | | DS2252-32-16 | 32K bytes | 16 MHz | No | | DS2252-64-12 | 64K bytes | 12 MHz | No | | DS2252-64-16 | 64K bytes | 16 MHz | No | | DS2252-128-12 | 128K bytes | 12 MHz | No | | DS2252-128-16 | 128K bytes | 16 MHz | No | | DS2252T-32-12 | 32K bytes | 12 MHz | Yes | | DS2252T-32-16 | 32K bytes | 16 MHz | Yes | | DS2252T-64-12 | 64K bytes | 12 MHz | Yes | | DS2252T-64-16 | 64K bytes | 16 MHz | Yes | | DS2252T-128-12 | 128K bytes | 12 MHz | Yes | | DS2252T-128-16 | 128K bytes | 16 MHz | Yes | Operating information is contained in the User's Guide section of the Soft Microcontroller Data Book. This data sheet provides ordering information, pinout, and electrical specifications. # DS2252(T) BLOCK DIAGRAM Figure 1 | PIN A | SSIGNMENT | | | | | | | |-------|-----------------|----|----------|----|------------------|----|---------| | 1 , | P1.0 | 11 | P1.5 | 21 | P3.1 TXD | 31 | P3.6 WR | | 2 | V <sub>CC</sub> | 12 | P0.4 | 22 | ALE | 32 | P2.4 | | 3 | P1.1 | 13 | P1.6 | 23 | P3.2 INT0 | 33 | P3.7 RD | | 4 | P0.0 | 14 | P0.5 | 24 | PROG | 34 | P2.3 | | 5 | P1.2 | 15 | P1.7 | 25 | P3.3 <u>INT1</u> | 35 | XTAL2 | | 6 | P0.1 | 16 | P0.6 | 26 | P2.7 | 36 | P2.2 | | 7 | P1.3 | 17 | RST | 27 | P3.4 T0 | 37 | XTAL1 | | 8 | P0.2 | 18 | P0.7 | 28 | P2.6 | 38 | P2.1 | | 9 | P1.4 | 19 | P3.0 RXD | 29 | P3.5 T1 | 39 | GND | | 10 | P0.3 | 20 | SDI | 30 | P2.5 | 40 | P2.0 | # **PIN DESCRIPTION** | PIN NUMBER | DESCRIPTION | |-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 4, 6, 8, 10, 12, 14, 16, 18 | P0.0–P0.7 General purpose I/O Port 0. This port is open–drain and can not drive a logic 1. It requires external pull–ups. Port 0 is also the multiplexed Expanded Address/Data bus. When used in this mode, it does not require pull–ups. | | 1, 3, 5, 7, 9, 11, 13, 15 | P1.0–P1.7<br>General purpose I/O Port 1. | | 40, 38, 36, 34, 32, 30, 28,<br>26 | P2.0-P2.7 General purpose I/O Port 2. Also serves as the MSB of the Expanded Address bus. | | 19 | P3.0 RXD General purpose I/O port pin 3.0. Also serves as the receive signal for the on board UART. This pin should NOT be connected directly to a PC COM port. | | 21 | P3.1 TXD General purpose I/O port pin 3.1. Also serves as the transmit signal for the on board UART. This pin should NOT be connected directly to a PC COM port. | | 23 | P3.2 INTO General purpose I/O port pin 3.2. Also serves as the active low External Interrupt 0. | | 25 | P3.3 INT1 General purpose I/O port pin 3.3. Also serves as the active low External Interrupt 1. | | 27 | P3.4 T0 General purpose I/O port pin 3.4. Also serves as the Timer 0 input. | | 29 | P3.5 T1 General purpose I/O port pin 3.5. Also serves as the Timer 1 input. | | 31 | P3.6 WR General purpose I/O port pin. Also serves as the write strobe for Expanded bus operation. | 052893 4/14 | PIN NUMBER | DESCRIPTION | |------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 33 | P3.7 RD General purpose I/O port pin. Also serves as the read strobe for Expanded bus operation. | | 17 | RST Active high reset input. A logic 1 applied to this pin will activate a reset state. This pin is pulled down internally, can be left unconnected if not used. An RC power—on reset circuit is not needed and is NOT recommended. | | 22 | ALE Address Latch Enable. Used to de-multiplex the multiplexed Expanded Address/Data bus on Port 0. This pin is normally connected to the clock input on a '373 type transparent latch. | | 35, 37 | XTAL2, XTAL1 Used to connect an external crystal to the internal oscillator. XTAL1 is the input to an inverting amplifier and XTAL2 is the output. | | 39 | GND<br>Logic ground. | | 2 | V <sub>CC</sub><br>+5V | | 24 | PROG Invokes the Bootstrap loader on a falling edge. This signal should be debounced so that only one edge is detected. If connected to ground, the micro will enter Bootstrap loading on power up. This signal is pulled up internally. | | 20 | SDI Self Destruct Input. A logic 1 applied to this input causes a hardware unlock. This involves the destruction of Encryption Keys, Vector RAM, and the momentary removal of power from V <sub>CCO</sub> . This pin should be grounded if not used. To activate, it should be taken to a logic 1 or +3V. | ### **INSTRUCTION SET** The DS2252(T) executes an instruction set that is object code compatible with the industry standard 8051 microcontroller. As a result, software development packages such as assemblers and compilers that have been written for the 8051 are compatible with the DS2252(T). A complete description of the instruction set and operation are provided in the User's Guide section of the Soft Microcontroller Data Book. ### **MEMORY ORGANIZATION** Figure 2 illustrates the memory map accessed by the DS2252(T). The entire 64K of program and 64K of data are available to the Byte—wide bus. This preserves the I/O ports for application use. An alternate configuration allows dynamic Partitioning of a 64K space as shown in Figure 3. Any data area not mapped into the NVRAM is reached via the Expanded bus on Ports 0 and 2. Off—board program memory is not available for security reasons. Selecting PES=1 provides access to the Real—time Clock on the DS2252T as shown in Figure 4. These selections are made using Special Function Registers. The memory map and its controls are covered in detail in the User's Guide section of the Soft Microcontroller Data Book. # MEMORY MAP OF THE DS2252(T) WITH PM=1 Figure 2 # MEMORY MAP OF THE DS2252(T) WITH PM=0 Figure 3 LEGEND: - NV NVRAM MEMORY ■ NOT AVAILABLE · EXPANDED BUS (PORTS 0 AND 2) # MEMORY MAP OF THE DS2252(T) WITH PES=1 Figure 4 NOT ACCESSIBLE ### **POWER MANAGEMENT** The DS2252(T) monitors V<sub>CC</sub> to provide Power-fail Reset, early warning Power-fail Interrupt, and switch over to lithium backup. It uses an internal band-gap reference in determining the switch points. These are called V<sub>PFW</sub>, V<sub>CCMIN</sub>, and V<sub>LI</sub> respectively. When V<sub>CC</sub> drops below V<sub>PFW</sub>, the DS2252(T) will perform an interrupt vector to location 2Bh if the power fail warning was enabled. Full processor operation continues regardless. When power falls further to V<sub>CCMIN</sub>, the DS2252(T) invokes a reset state. No further code execution will be performed unless power rises back above $V_{CCMIN}$ . All decoded chip enables and the $R/\overline{W}$ signal go to an inactive (logic 1) state. $V_{CC}$ is still the power source at this time. When $V_{CC}$ drops further to below $V_{LI}$ , internal circuitry will switch to the built—in lithium cell for power. The majority of internal circuits will be disabled and the remaining nonvolatile states will be retained. The User's Guide has more information on this topic. The trip points $V_{CCMIN}$ and $V_{PFW}$ are listed in the electrical specifications. ## **ABSOLUTE MAXIMUM RATINGS\*** Voltage on Any Pin Relative to Ground Operating Temperature Storage Temperature Soldering Temperature -0.3V to 7.0V 0°C to +70°C -40°C to 70°C 260°C for 10 seconds \* This is a stress rating only and functional operation of the device at these or any other conditions above those indicated in the operation sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods of time may affect reliability. ## DC CHARACTERISTICS (t<sub>A</sub>=0°C to 70°C; $V_{CC}$ =5V $\pm$ 10%) | PARAMETER | SYMBOL | MIN | TYP | MAX | UNITS | NOTES | |---------------------------------------------------------------------------|--------------------|------------|------|----------------------|-------|-------| | Input Low Voltage | V <sub>IL</sub> | 0.3 | | 0.8 | ٧ | 1 | | Input High Voltage | V <sub>IH1</sub> | 2.0 | | V <sub>CC</sub> +0.3 | V | 1 | | Input High Voltage (RST, XTAL1, PROG) | V <sub>IH2</sub> | 3.5 | | V <sub>CC</sub> +0.3 | ٧ | 1 | | Output Low Voltage<br>@ I <sub>OL</sub> =1.6 mA (Ports 1, 2, 3) | V <sub>OL1</sub> | | 0.15 | 0.45 | ٧ | 1 | | Output Low Voltage<br>@ I <sub>OL</sub> =3.2 mA (Ports 0, ALE) | Vol2 | | 0.15 | 0.45 | ٧ | 1 | | Output High Voltage<br>@ I <sub>OH</sub> =-80 μA (Ports 1, 2, 3) | V <sub>OH1</sub> | 2.4 | 4.8 | | ٧ | 1 | | Output High Voltage<br>@ I <sub>OH</sub> —400 μA (Ports 0, ALE) | V <sub>OH2</sub> | 2.4 | 4.8 | | ٧ | 1 | | Input Low Current V <sub>IN</sub> =0.45V<br>(Ports 1, 2, 3) | I <sub>IL</sub> | | | 50 | μΑ | | | Transition Current; 1 to 0 V <sub>IN</sub> =2.0V (Ports 1, 2, 3) | ITL | | | -500 | μА | | | Input Leakage Current<br>0.45 <v<sub>IN<v<sub>CC (Port 0)</v<sub></v<sub> | I <sub>IL</sub> | | | ±10 | μΑ | | | RST Pulldown Resistor | R <sub>RE</sub> | 40 | Ì | 150 | ΚΩ | | | Power Fail Warning Voltage | V <sub>PRW</sub> | 4.25 | 4.37 | 4.50 | ٧ | 1 | | Minimum Operating Voltage | V <sub>CCMIN</sub> | 4.00 | 4.12 | 4.25 | ٧ | 1 | | Operating Current | Icc | | | 45 | mA | 4 | | Idle Mode Current | IDLE | | | 7.0 | mA | 5 | | Stop Mode current | ISTOP | | | 80 | μΑ | 6 | | Pin Capacitance | C <sub>IN</sub> | | | 10 | pF | 7 | | Reset Trip Point in Stop Mode<br>w/BAT=3.0V<br>w/BAT=3.3V | | 4.0<br>4.4 | | 4.25<br>4.65 | ٧ | 1 | | SDI Input Low Voltage | V <sub>ILS</sub> | | | 0.4 | ٧ | 1 | | SDI Input High Voltage | V <sub>IHS</sub> | 2.0 | | Vcc | ٧ | 1, 2 | | SDI Input High Voltage | V <sub>IHS</sub> | 2.0 | | 3.5 | ٧ | 1, 2 | | SDI Pull-Down Resistor | R <sub>SDI</sub> | 25 | | 60 | ΚΩ | | ## **AC CHARACTERISTICS** $(t_A = 0$ °C to70°C; $V_{CC}=0$ V to 5V) | PARAMETER | SYMBOL | MIN | TYP | MAX | UNITS | NOTES | |------------------|------------------|-----|-----|-----|-------|-------| | SDI Pulse Reject | tspr | | | 2 | μs | 3 | | SDI Pulse Accept | t <sub>SPA</sub> | 10 | - | | μs | 3 | # **AC CHARACTERISTICS** **EXPANDED BUS MODE TIMING SPECIFICATIONS** | # | PARAMETER | SYMBOL | MIN | MAX | UNITS | |----|-------------------------------------------------|---------------------|-------------------------------------------------|--------------------------------------------------|----------| | 1 | Oscillator Frequency | 1/t <sub>CLK</sub> | 1.0 | 12 (-12)<br>16 (-16) | MHz | | 2 | ALE Pulse Width | t <sub>ALPW</sub> | 2t <sub>CLK</sub> -40 | | ns | | 3 | Address Valid to ALE Low | <sup>t</sup> AVALL | t <sub>CLK</sub> -40 | | ns | | 4 | Address Hold After ALE Low | t <sub>AVAAV</sub> | t <sub>CLK</sub> -35 | | ns | | 14 | RD Pulse Width | t <sub>RDPW</sub> | 6t <sub>CLK</sub> -100 | | ns | | 15 | WR Pulse Width | twRPW | 6t <sub>CLK</sub> -100 | | ns | | 16 | RD Low to Valid Data In @12 MHz<br>@16 MHz | t <sub>RDLDV</sub> | | 5t <sub>CLK</sub> -165<br>5t <sub>CLK</sub> -105 | ns<br>ns | | 17 | Data Hold after RD High | <sup>t</sup> RDHDV | 0 | | ns | | 18 | Data Float after RD High | <sup>‡</sup> RDHDZ | | 2t <sub>CLK</sub> -70 | ns | | 19 | ALE Low to Valid Data In @12 MHz<br>@16 MHz | tallvd | | 8t <sub>CLK</sub> -150<br>8t <sub>CLK</sub> -90 | ns<br>ns | | 20 | Valid Addr. to Valid Data In @12 MHz<br>@16 MHz | t <sub>AVDV</sub> | | 9t <sub>CLK</sub> -165<br>9t <sub>CLK</sub> -105 | ns<br>ns | | 21 | ALE Low to RD or WR Low | t <sub>ALLRDL</sub> | 3t <sub>CLK</sub> -50 | 3t <sub>CLK</sub> +50 | ns | | 22 | Address Valid to RD or WR Low | t <sub>AVRDL</sub> | 4t <sub>CLK</sub> -130 | | ns | | 23 | Data Valid to WR Going Low | t <sub>DVWRL</sub> | t <sub>CLK</sub> -60 | | ns | | 24 | Data Valid to WR High @12 MHz<br>@16 MHz | t <sub>DVWRH</sub> | 7t <sub>CLK</sub> -150<br>7t <sub>CLK</sub> -90 | | ns<br>ns | | 25 | Data Valid after WR High | twRHDV | t <sub>CLK</sub> -50 | | ns | | 26 | RD Low to Address Float | t <sub>RDLAZ</sub> | | 0 | ns | | 27 | RD or WR High to ALE High | <sup>t</sup> RDHALH | t <sub>CLK</sub> -40 | t <sub>CLK</sub> +50 | ns | ## **EXPANDED DATA MEMORY READ CYCLE** # **EXPANDED DATA MEMORY WRITE CYCLE** 224 # AC CHARACTERISTICS (cont'd) EXTERNAL CLOCK DRIVE $(t_A = 0^{\circ}C \text{ to}70^{\circ}C; V_{CC} = 5V \pm 10\%)$ | # | PARAMETER | SYMBOL | MIN | MAX | UNITS | |----|---------------------------------------------|---------------------|----------|----------|----------| | 28 | External Clock High Time @12 MHz<br>@16 MHz | <sup>‡</sup> CLKHPW | 20<br>15 | | ns<br>ns | | 29 | External Clock Low Time @12 MHz<br>@16 MHz | tCLKLPW | 20<br>15 | | ns<br>ns | | 30 | External Clock Rise Time @12 MHz<br>@16 MHz | <sup>t</sup> CLKR | | 20<br>15 | ns<br>ns | | 31 | External Clock Fall Time @12 MHz<br>@16 MHz | t <sub>CLKF</sub> | | 20<br>15 | ns<br>ns | ## **EXTERNAL CLOCK TIMING** # AC CHARACTERISTICS (cont'd) POWER CYCLING TIMING $(t_A = 0^{\circ}C \text{ to} 70^{\circ}C; V_{CC} = 5V \pm 10\%)$ | # | PARAMETER | SYMBOL | MIN | MAX | UNITS | |----|------------------------------------------------------|------------------|-----|----------|------------------| | 32 | Slew Rate from V <sub>CCMIN</sub> to V <sub>LI</sub> | t <sub>F</sub> | 130 | | μs | | 33 | Crystal Start up Time | tcsu | | (note 8) | | | 34 | Power On Reset Delay | t <sub>POR</sub> | | 21504 | t <sub>CLK</sub> | ## **POWER CYCLE TIMING** # AC CHARACTERISTICS (cont'd) SERIAL PORT TIMING - MODE 0 $(t_A = 0^{\circ}C \text{ to} 70^{\circ}C; V_{CC} = 5V \pm 10\%)$ | # | PARAMETER | SYMBOL | MIN | MAX | UNITS | |----|------------------------------------------|--------------------|-------------------------|-------------------------|-------| | 35 | Serial Port Clock Cycle Time | <sup>t</sup> spclk | 12t <sub>CLK</sub> | | μs | | 36 | Output Data Setup to Rising Clock Edge | <sup>‡</sup> DОСН | 10t <sub>CLK</sub> -133 | | ns | | 37 | Output Data Hold after Rising Clock Edge | t <sub>CHDO</sub> | 2t <sub>CLK</sub> -117 | | ns | | 38 | Clock Rising Edge to Input Data Valid | t <sub>CHDV</sub> | | 10t <sub>CLK</sub> -133 | ns | | 39 | Input Data Hold after Rising Clock Edge | t <sub>CHDIV</sub> | 0 | | ns | ### **SERIAL PORT TIMING -- MODE 0** #### NOTES: - 1. All voltage referenced to ground. - SDI should be taken to a logic high when V<sub>CC</sub>=+5V, and to approximately 3V when V<sub>CC</sub><3V.</li> - SDI is deglitched to prevent accidental destruction. The pulse must be longer than t<sub>SPR</sub> to pass the deglitcher, but SDI is not guaranteed unless it is longer than t<sub>SPA</sub>. - Maximum operating I<sub>CC</sub> is measured with all output pins disconnected; XTAL1 driven with t<sub>CLKR</sub>, t<sub>CLKF</sub>=10 ns, V<sub>IL</sub> = 0.5V; XTAL2 disconnected; RST = PORT0 = V<sub>CC</sub>. - Idle mode l<sub>IDLE</sub> is measured with all output pins disconnected; XTAL1 driven with t<sub>CLKR</sub>, t<sub>CLKF</sub> = 10 ns, V<sub>IL</sub> = 0.5V; XTAL2 disconnected; PORT0 = V<sub>CC</sub>, RST = V<sub>SS</sub>. - Stop mode I<sub>STOP</sub> is measured with all output pins disconnected; PORT0 = V<sub>CC</sub>; XTAL2 not connected; RST = XTAL1 = V<sub>SS</sub>. - 7. Pin capacitance is measured with a test frequency 1 MHz, $t_A = 25$ °C. - 8. Crystal start—up time is the time required to get the mass of the crystal into vibrational motion from the time that power is first applied to the circuit until the first clock pulse is produced by the on—chip oscillator. The user should check with the crystal vendor for a worst case specification on this time. ## **PACKAGE DRAWING**