The Data Exchange Unit (DEU)

The DEU is explained in more detail in the Hardware Reference Manual, however for the purposes of this document it can be thought of as a secure communications channel which is managed by the hardware and ROM in the device.

It provides limited, strictly-controlled features and is not accessible outside of the ROM.

Data Exchange Flow

The DEU communication is managed by the ROM and the hardware in the device.

This is a secure channel that causes a cold reset on the first attempt to access it, hence passing control to the ROM to perform any interaction.

On completion of the interaction with the device it again causes a cold reset, allowing the ROM to re-evaluate the Root of Trust and debug requirements in the system.

In this way, no application code may access the DEU as the ROM ensures that the communication is controlled.

This process is demonstrated in the "Data Exchange Flow" figure:

Figure: Data Exchange Flow

Data Exchange Unit Protocols

As can be seen from the diagram above, the DEU allows a controlled interaction to take place to perform a limited number of operations.

In the general case, a sequence of commands would be provided to a device in order to perform a specific function. These are indicated in the "Loading a Debug Certificate" figure, the "Erasing a Certificate Area" figure, and the "Retrieving a Device SOC ID" figure.

Figure: Loading a Debug Certificate

Figure: Erasing a Certificate Area

Figure: Retrieving a Device SOC ID