JAN/FEB 2018 A MICROCHIP TECHNOLOGY INC. PUBLICATION

Just in Accelerate Your On the Cutting Time Touch Design Edge of 6 10 18 Learning A MICROCHIP TECHNOLOGY INC. PUBLICATION JAN/FEB 2018

COVER STORY EVENTS 4 Heightened Security 9 Get Ready for Las Vegas! Protect IP and Deploy Secure Connected Systems with New ATECC608A CryptoAuthentication™ Device DESIGN CORNER NEW PRODUCTS 10 Accelerate Your Touch Design 6 Just In Time New 8-bit PIC18 K83 Family Improves Response Time 12 Securing the Edge to Critical System Events on CAN Network 15 Debugging on the IoT Simple Connection 7 On the Cutting Edge of Learning Latest Single-Wire Serial EEPROM Enables Remote 18 Identification and Authentication MAKER SPACE 20 Get Launched Hits the Road contents

The Microchip name and logo, the Microchip logo, AnyRate, AVR, AVR logo, AVR Freaks, BeaconThings, BitCloud, CryptoMemory, CryptoRF, dsPIC, FlashFlex, flexPWR, Heldo, JukeBlox, KEELOQ, KEELOQ logo, Kleer, LANCheck, LINK MD, maXStylus, maXTouch, MediaLB, megaAVR, MOST, MOST logo, MPLAB, OptoLyzer, PIC, picoPower, PICSTART, PIC32 logo, Prochip Designer, QTouch, RightTouch, SAM-BA, SpyNIC, SST, SST Logo, SuperFlash, tinyAVR, UNI/O, and XMEGA are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. ClockWorks, The Embedded Control Solutions Company, EtherSynch, Hyper Speed Control, HyperLight Load, IntelliMOS, mTouch, Precision Edge, and Quiet-Wire are registered trademarks of Microchip Technology Incorporated in the U.S.A. Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any Capacitor, AnyIn, AnyOut, BodyCom, chipKIT, chipKIT logo, CodeGuard, CryptoAuthentication, CryptoCompanion, CryptoController, dsPICDEM, dsPICDEM. net, Dynamic Average Matching, DAM, ECAN, EtherGREEN, In-Circuit Serial Programming, ICSP, Inter-Chip Connectivity, JitterBlocker, KleerNet, KleerNet logo, Mindi, MiWi, motorBench, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, PureSilicon, QMatrix, RightTouch logo, REAL ICE, Ripple Blocker, SAM-ICE, Serial Quad I/O, SMART-I.S., SQI, SuperSwitcher, SuperSwitcher II, Total Endurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA are trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. SQTP is a service mark of Microchip Technology Incorporated in the U.S.A. Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries. GestIC and ULPP are registered trademarks of Microchip Technology Germany II GmbH & Co. & KG, a subsidiary of Microchip Technology Inc., in other countries. The LoRa name and associated logo are registered trademarks of Semtech Corporation or its subsidiaries. USB Type-C™ is a trademark of USB Implementers Forum. ARM and Cortex are registered trademarks of ARM Ltd. in the EU and other countries. All other trademarks mentioned herein are property of their respective companies. © 2017, Microchip Technology Incorporated, All Rights Reserved.M

2 EDITOR’S NOTE

Reflections on 2017 JAN/FEB 2018 s a new year unfolds, it is common to look back over the previous 12 months to A MICROCHIP TECHNOLOGY INC. PUBLICATION identify significant milestones and major accomplishments. Here at Microchip, 2017 offered us many occasions to celebrate. We launched the year witha Asuccessful integration of our business systems following the acquisition of Atmel. Our product portfolios expanded as we introduced a number of new devices throughout the year. We also launched the Microchip 2.0 initiative, which combines the company’s product, technology, system and employee strengths to allow us to provide multiple solutions for the circuit boards that drive our customers’ end applications.

Microchip was also honored by a number of award programs. The company was named a top place to work in the California Bay Area, New York and Austin, Texas, and was also listed as one of Arizona’s Most Admired Companies for 2017 by both Just in Ready for a On the Cutting AZ Big Media as well as BestCompaniesAZ. It was also included as a finalist in the Time Head Start? Edge of Learning GSA Most Respected Public Semiconductor Company Awards. 6 10 18

Some other highlights include the AWS-ECC508 security device and MPLAB® Don’t Miss the Next Issue of Xpress IDE being selected as finalists in the ECN Impact Awards. The AWS-ECC508 MicroSolutions was also selected as an honoree in the 2017 CES Innovations awards and was Published six times a year, named a finalist in the Design News Golden Mousetrap Awards and Embedded MicroSolutions is a valuable resource Computing Design’s 2017 Most Innovative Products awards program. for product and technology news about Microchip’s innovative The most exciting news of all, however, was that Microchip achieved its first quarter solutions. Subscribe today to receive of over one billion dollars in net sales as reported in the results for the quarter ending email notifications when each new on September 30, 2017. We are energized by this achievement, thankful to all our issue of MicroSolutions is ready. Use customers who made it possible, and looking forward to many more opportunities the link below: to serve you in 2018. We wish you much success with your designs in the New Year! CLICK TO SUBSCRIBE

As always, we would be happy to get your feedback on MicroSolutions. Feel free to email us at [email protected].

Find Us on These Social Channels

Microchip Technology Inc. 2355 W. Chandler Blvd. | Chandler, AZ 85224 | www.microchip.com

3 COVER STORY

HEIGHTENED SECURITY

Protect IP and Deploy Secure Connected Systems with New ATECC608A CryptoAuthentication™ Device

Take Advantage of Microchip’s New Security Design Partner Program to Ease the Development of Secure Designs

rom remote cyberattacks to the creation of counterfeit products, widespread security Fthreats are affecting industries around the globe. When carried out, these threats can lead to substantial losses in service revenue, escalating recovery costs and, perhaps most significantly, irreparable damage to brand equity. Now more than ever, it is critical to implement robust security into new and existing designs to protect Intellectual Property (IP) and enable trusted authentication of connected devices.

(continued on page 5)

4 COVER STORY

after deployment. These techniques allow the system to preserve a secured and trusted identity.

Trusted in-manufacturing provisioning: Companies can use Microchip’s secured manufacturing facilities to safely provi- sion their keys and certificates, eliminating the risk of exposure The ATECC608A allows you to add hardware-based security to your designs. during manufacturing. Experienced and Capable To meet this growing challenge to today’s connected applications—especially for those spanning from hard- Security Partners ware to the cloud—Microchip has created the ATECC608A When you select one of our hardware security solutions, you CryptoAuthentication device, a secure element that allows you also have access to our Security Partners within our Design to add hardware-based security to your designs. We have also Partner Program. These industry-leading companies, includ- established a Security Design Partner Program to connect you ing Amazon Web Services (AWS) and Google Cloud Platform, with third-party partners that can enhance and expedite the provide complementary cloud-driven security models and development of secure designs. infrastructure. Other partners are well versed in implementing Microchip’s security devices and libraries. Whether you are The foundation of secured communication is the ability to create, looking to secure an Internet of Things (IoT) application or add protect and authenticate a device’s unique and trusted identity. authentication capabilities for consumables, such as cartridges By keeping a device’s private keys isolated from the system in or accessories, the expertise of our Security Design Partners can a secured area, coupled with its industry-leading cryptography reduce both your development cost and your time to market. practices, the ATECC608A provides a high level of security that can be used in nearly any type of design. The primary features “The work done on the ATECC608A chip through our of the ATECC608A include: collaboration with Microchip enables Google IoT customers to get a new offering that provides high levels of security with Best-in-class key generation: The Federal Information Processing a seamless onboarding experience,” said Antony Passemard, Standard (FIPS)-compliant Random Number Generator (RNG) Product Management Lead for Google Cloud IoT. generates unique keys that comply with the latest requirements from the National Institute of Standards and Technology (NIST), providing an easier path to a whole-system FIPS certification. Development Tools Boot validation capabilities for small systems: New commands To assist you with the rapid prototyping of your secure solution, facilitate the signature validation and digest computation of the the new CryptoAuth Xplained Pro Evaluation and Devel- host microcontroller (MCU) firmware for systems with small opment Kit (ATCryptoAuth-XPRO-B) is an add-on board that MCUs, such as an ARM® Cortex®-M0+ based device, as well as is compatible with any Microchip Xplained or Xplained Pro for more robust embedded systems. evaluation board.

Trusted authentication for LoRa® nodes: The AES-128 engine If you are looking for a way to heighten the security in your next also makes security deployments for LoRa infrastructures possi- design, the ATECC608A can be ordered from microchipDIRECT ble by enabling authentication of trusted nodes within a network. or from Microchip’s worldwide distribution network.

Fast cryptography processing: The hardware-based integrated Elliptical Curve Cryptography (ECC) algorithms create smaller keys and establish a certificate-based root of trust more quickly and securely than other implementation approaches that rely on Want More Information? legacy methods. Visit the website at: Tamper-resistant protections: Anti-tampering techniques www.microchip.com/CryptoAuthentication protect keys from physical attacks and attempted intrusions

5 Just In Time New Products New 8-bit PIC18 K83 Family Improves Response Time to Critical System Events on CAN Network

Core Independent Peripherals Make CAN-Based Designs Simpler and More Cost Effective

f you are developing an application that includes a Controller these MCUs with just a few clicks will save considerable time Area Network (CAN) system, you know that software devel- in developing CAN-based applications for the medical, industri- Iopment can slow you down. You can now change the way al and automotive markets, such as motorized surgical tables, you design with CAN using our new PIC18 K83 family of micro- asset tracking, ultrasound machines, automated conveyors and controllers (MCUs). These two new devices combine a CAN automotive accessories. bus with an extensive array of Core Independent Peripherals The PIC18 K83 devices contain 15 time-saving CIPs. These (CIPs). You can use these CIPs to increase your system’s capa- include Cyclic Redundancy Check (CRC) with memory bilities and simplify the creation of your CAN-based applications scan for ensuring the integrity of nonvolatile memory; Direct while avoiding the complexity of added software. Memory Access (DMA) for enabling data transfers between A key advantage of using a PIC18 K83 MCU in your CAN-based memory and peripherals without CPU involvement; Windowed system is that the CIPs provide deterministic response to real- Watchdog Timer (WWDT) for triggering system resets; 12-bit time events, shorten design time and can be easily configured Analog-to-Digital Converter with Computation (ADC2) for auto- through MPLAB® Code Configurator (MCC), a free software mating analog signal analysis for real-time system response; plug-in for MPLAB X Integrated Development Environment and Complementary Waveform Generator (CWG) for enabling (IDE) and the cloud-based MPLAB Xpress IDE. It is signifi- high-efficiency synchronous switching for motor control. cantly easier to configure a hardware-based peripheral to accomplish a task instead of writing and validating an entire software routine. The ability to use MCC to configure one of Development Support The PIC18 K83 family of MCUs is supported by the Curiosity High Pin Count (HPC) Development Board (DM164136).

The PIC18F25K83 comes with 32 KB of Flash memory and the PIC18F26K83 offers 64 KB of Flash memory Both devices are available in 28-pin SPDIP, SOIC, SSOP, UQFN and QFN pack- ages. They can be ordered today from microchipDIRECT or from Microchip’s worldwide distribution network.

Want More Information?

Visit the website at:

The PIC18 K83 devices contain 15 time-saving CIPs, including www.microchip.com/K83 CRC, DMA, WWDT, ADC2 and CWG.

6 Simple New Products Connection Latest Single-Wire Serial EEPROM Enables Remote Identification and Authentication

AT21CS11 Offers Extended Voltage Range to Accommodate Lithium-Ion Battery Applications

ecause of their unique combination of capabilities, serial space for electronic components is limited. With its operational Electrically Erasable Programmable Read-Only Memory voltage range of 2.7V to 4.5V, it is also well suited for use in B(EEPROM) devices are used to add critical memory storage lithium-ion battery-powered devices such as disposable to a wide range of advanced electronic systems and applications. medical devices and e-cigarettes. Their features include byte-write alterability, nonvolatile data storage, one million cycles of write endurance, very low power supply voltage operation, 100-year data retention, extremely low The AT21CS11 is active and standby currents and low cost. Microchip’s AT21CS family of single-wire, two-pin serial EEPROMs are tiny—but well-suited for use in mighty—devices that incorporate an innovative memory archi- tecture, best-in-class power consumption and value-added lithium-ion battery- features for use in applications such as consumables, cables, batteries, wearables and Internet of Things applications. powered applications. As the second member of this family of single-wire serial EEPROMs, the AT21CS11 is ideal for identifying and authenti- Each AT21CS11 contains both a preprogrammed unique cating remote items, such as printer cartridges or cables, where serial number and five EEPROM memory sections. Any or all of the memory sections can be permanently locked by the end-equipment manufacturer to allow tracking of products and identifying attachments to assist with counterfeit prevention. If you need to warranty your product or prevent counterfeits and ensure proper continued operation of your goods through autho- rized replacements, this serial EEPROM is an excellent option.

The AT21CS11 connects to a system through a Single Input/ Output (SI/O) wire that enables both communication and a supply of power to the device. The need for only one wire and a ground allows makers of Fiber to the Home (FTTH) cable ends to add critical cable characteristic parameters to different cable The AT21CS11 connects to a system through a Single Input/ types. The SI/O wire also allows you to use a simple two-point Output wire that enables both communication and a supply of mechanical snap-in or twist-on connector for disposable devices power to the device.

(continued on page 8)

7 where larger three-, five- or eight-wire solutions are impractical. This single-wire option allows you to add EEPROM intelligence New Products to remote devices over the simplest connection possible.

When the EEPROM is located in a detachable cable or cartridge, from Microchip’s worldwide distribution network. An manufacturers can create attachments that can be easily identi- easy-to-use and interactive kit, the AT21CS01/AT21CS11 fied or authenticated. The device has 1 Kbit of EEPROM memory Single-Wire Evaluation Kit (DM160232), will also be available (four sectors of 256 bits each), a unique, factory-programmed soon to help you get started with using this new serial EEPROM 64-bit serial number and 128 bits for extra user-programmable in your next project. tracking memory. The extra memory allows you to add unique identification and operating parameters, such as consumption and usage information, in locations that can be remote from the Want More Information? main electronics. Visit the website at: The AT21CS11 is available in a variety of space-saving package www.microchip.com/AT21CS11 options and can be ordered today from microchipDIRECT or

8 Get Ready for EVENTS Las Vegas!

Meet with Microchip Experts and Learn About Our Latest Innovations at CES® 2018

icrochip invites you to join us at CES 2018 to see our latest product and technology demonstrations and meet with our product experts to discuss your design challenges. You will find us in Booth MP26070 at the Las Vegas Convention Center MSouth Hall 2, where we will feature the following technology zones: Security Find out how we make “difficult” easy with our advanced solutions for implementing hardware-based security in cloud-connected embedded systems. See demonstrations of how our CryptoAuthentication™ devices combine with solutions from AWS IoT, Google IoT Core, Microsoft® Azure and Afero to protect and isolate private keys, support secure boot and protect IP. Automotive Solutions Power and Connectivity Solutions We will be showcasing a broad spectrum of solutions for Discover our latest innovations in the area of power and applications such as ADAS, cybersecurity, HMI, connected car, connectivity solutions, including USB Type-C™ and USB Power infotainment and networking. Products areas will include USB Delivery, robust Ethernet connectivity, and wireless charging connectivity and charging, automotive touch (buttons, sliders, including support for the 15 Qi standard and a proprietary 200W touch screens and gesturing), MOST® technology, Ethernet, reference design. We will also demonstrate the technology needed security ICs and LED lighting. to drive an induction cooktop, and our Energy Estimation Engine demonstrations will display the power/energy consumption of Touch and Gesture Windows® 10 software programs and Linux® operating systems. We will show you how to simplify and speed up your development of attractive and intuitive user interfaces using Health and Fitness touch and gesture control. Our solutions include water-tolerant We can show you how to cost-effectively utilize our technologies touch and the latest technologies for implementing touch so that you have the flexibility to design the health and fitness screens, 3D gestures and force sensing with haptic feedback in solutions necessary for the digital health revolution. Stop by to automotive applications. see demonstrations of connected solutions for wearable remote patient monitoring, drug delivery and fitness.

It’s easy to schedule an appointment for a product demonstration at our booth using our online CES reservation system. We also invite you to be our guest at CES by registering for a complimentary attendee pass. We look forward to seeing you in Las Vegas!

9 Design Corner

Accelerate Your Touch Design

Microchip’s Code Configurators Speed the Development of Touch User Interfaces

rom your customer’s perspective, the user interface is the To help you get a head start with product. In today’s competitive environment, providing your development, Microchip offers Fmodern, attractive and intuitive user interfaces is essen- two free, graphical programming tial for product differentiation. A well-designed, touch-enabled environments that support almost user interface can be one of the keys to success when it comes every MCU in our extensive port- to launching a new product into the market. Incorporating a folios. If you select an 8-, 16- or capacitive touch interface in your design also eliminates the 32-bit PIC MCU, MPLAB® Code need to use mechanical buttons and springs, which simplifies Configurator (MCC) is integrated your layout and reduces costs. In the race to get to market into the cloud-based MPLAB Xpress Integrated Development quickly and cost effectively, you need to get up to speed rapidly Environment (IDE) or it is also available as a free plug-in for with the latest touch technologies. MPLAB X IDE. If you are using an AVR or SAM MCU in your design, then you can use the easily accessible Atmel START. Even though developing capacitive touch applications may sound challenging, it doesn’t have to be hard. When you choose After a recent upgrade in features, Atmel START now supports our PIC®, AVR® or SAM microcontrollers (MCUs), we provide more MCU families including the following devices that feature a a complete set of tools and touch libraries that enable touch PTC, making them well suited for use in touch-enabled designs: sensing in your design. Our “MCUs with touch” are devices • All tinyAVR® and megaAVR® MCUs that feature dedicated Core Independent Peripherals (CIPs) to implement touch applications with minimal intervention from • SAM D10/D11 MCUs the CPU. Look for MCUs that include these features: • SAM D20/D21 MCUs • SAM DA1 MCUs • A Hardware Capacitive Voltage Divider (HCVD) module • SAM D51/E51/E53/E54 • An Analog-to Digital Converter with Computation (ADC2) with HCVD module Both code configurators make it easy to select and configure • A Peripheral Touch Controller (PTC) peripherals and functions specific to your application and gen- erate production-ready code. You always have access to the These on-chip touch modules can be used to enable the latest libraries. MCC and Atmel START offer capabilities that go highest sensitivity, the lowest power consumption, superior way beyond the basic setup of clocks and GPIO configuration. noise immunity and water tolerance in your design.

(continued on page 11) 10 In addition to their many features, they also support capacitive touch sensing, making them the best tools to successfully Design Corner develop your touch-based projects with minimal effort and in the shortest amount of time. hopping to provide robust touch sensing that surpasses more It is simple to add buttons, sliders, wheels or proximity detection than 10V conducted immunity. to any application. These code configurator tools generate lean code that is tailored to meet the requirements of your touch Once you have completed your AVR or SAM MCU-based design and to use the MCU’s resources as efficiently as possi- project configuration within Atmel START, you can continue ble. They also provide easy access to the Microchip mTouch® finalizing your development using Atmel Studio 7 or IAR as Library for PIC MCUs and the QTouch® Library for AVR and your IDE of choice. To tune and complete your design, use the SAM MCUs, which are optimized for touch performance and Data Visualizer, a powerful tool that allows you to process and code size. In addition to offering slider and wheel decoding visualize all relevant touch data. A step-by-step guide, com- right out of the box, these libraries make it easy to implement plete user guide, sample projects and more are available from water-tolerant touch for designs that are exposed to rain or Microchip’s Developer Help website. other sources of moisture. They will help you develop low-pow- Ready to get started? Visit our Touch and Gesture Design er wake-on-touch applications that consume less than 5 µA. Center to learn more about how we can help you drive your They also offer noise avoidance technologies like frequency next user interface design into the winner’s circle.

11 Design Corner

Securing the Edge

A Design Imperative for the Era of the Internet of Things Contributed by Sequitur Labs

any large enterprises are focusing their IT investments data generated by IoT devices, allowing new insights from, as on developing, deploying and maintaining cloud well as control of, remotely deployed assets. services. Developers are now being trained in the M Cloud-connected devices however present a different challenge latest cloud-related technologies and services. As practices than traditional PC platforms have in the past. Developing code have matured, developers have created new ways of writing to run on embedded devices requires knowledge of both hard- applications to make use of the cloud. ware and software. The resource limitations of many of these Over the past few years, microservices—functions that operate devices further compounds the difficulties. Embedded devices independently to complete a single task—have become popular are often required to run with very limited power budgets, have among cloud developers. One of their key benefits is their ability CPU cores with limited compute capability and are typically to be changed and updated independently from other services optimized for specific workloads. This means that developers that are running concurrently on the platform. This model fits in must develop and maintain separate code for resource-limited well with the continuous delivery practices adopted by many devices and for the cloud. Given the vast investment companies cloud developers. Another growing trend is the use of contain- are making in cloud technologies, the ability to deploy contain- ers, which enable the delivery of services along with the exact ers and microservices to these edge devices holds tremendous environment they require for deployment on servers or in virtual appeal and value. machines (VMs). Docker pioneered the use of containers and Addressing the need to bring the power of cloud intelligence to continues to set standards and lead the market in practices mobile and IoT devices, Microsoft® has implemented an intel- related to their use. ligent edge initiative called Azure IoT Edge. It enables Docker IoT Challenges for Cloud Developers containers and microservices to be deployed on IoT edge The Internet of Things, or IoT, has been in the news for both gateways and other devices. This greatly simplifies the devel- the dramatic transformation it promises and for the perils and oper’s task, as code can be created once for the cloud and implementation challenges associated with it. The IoT compris- then be easily pushed to remote edge gateways. It increases es a network of connected devices that includes sensors, inter- design agility while reducing the time to market and the costs mediate devices known as edge gateways (or simply gateways) associated with maintaining two different code bases. However, and a slew of cloud services. The cloud ingests and analyzes this capability also introduces the essential need for security at the edge.

(continued on page 13) 12 Securing the Edge How should a device maker go about securing edge devices Design Corner such as gateways? Gateways function as access points between sensors and cloud services. As such, they perform achieved with a system that combines Azure IoT Edge, the IoT the vital function of connecting to and aggregating data from Security Suite by Sequitur Labs and the SAMA5D2 MPU. Click sensors and transmitting that data to cloud services for analysis on the video screenshot below to see a demonstration of Docker and further operations. Gateways may also act as device man- containers and microservices running on a SAMA5D2 MPU- agement nodes performing a variety of command and control based gateway that is connected to a SAM E54 microcontroller- functions over associated sensors. All these operations must be based leaf node. The system controls a simple door lock that performed securely. Sensors associated with the gateway must opens and shuts upon receiving a command from the gateway. be authenticated, data received from it must be encrypted and the gateway must authenticate itself to a cloud service prior to transmitting any data. Additionally, software applications on the gateway and the device’s firmware itself must be periodically updated. These functions, if not properly secured, are vulnerable to malware or denial of service and man-in-the-middle attacks.

The standard requirements for securing these devices are:

• Secure boot: The device must implement a secure boot process all the way up from the hardware to the OS. • Isolation of critical processes: Security-critical processes, data and functions should be isolated and unreachable without proper credentials. This demonstration illustrates: • Immutable ID: A unique device ID that cannot be corrupted is essential in many operations that take place during a • Secure container provisioning to a SAMA5D2 MPU-based device’s lifecycle. gateway • Secure storage: This is not limited to data coming out of • Edge node attestation sensors. It also includes sensitive material such as keys and • Container integrity checking and remediation certificates, which should be isolated and stored separately. • Hardware crypto operations Encrypting data is not just good practice. It is essential. • Certificate and key management in secured key store • Secure peripherals: Sometimes peripherals perform security- critical functions (e.g. biometric readers). These peripherals The IoT Security Suite is preconfigured to establish the secure should only be configured to run, or be accessible to an enclave and make use of the SAMA5D2 MPU’s hardware- application, in a secure state. based security components. The secure domain implements • Secure update: Certificates and keys should be used to Sequitur’s trusted execution environment, CoreTEE™, on the execute firmware and application updates to assure trust- gateway. CoreTEE provides a programmable, isolated envi- worthiness throughout the device’s lifecycle. ronment for executing security-critical functions and storing sensitive data such as keys and certificates. The solution also The right combination of hardware and software is required to includes Sequitur’s CoreLockr™, a software middleware layer implement these security measures. First, it is critical to choose comprising easy-to-use APIs for developers to access services the appropriate hardware platform. Device makers typically and peripherals isolated by CoreTEE. select a hardware platform that meets their design’s functional and power consumption requirements. However, security should The demonstration uses the SAMA5D2 MPU’s Integrity Check be a primary criterion as well. The SAMA5D2 ARM® Cortex®-A5 Monitor (ICM) to monitor the integrity of the OS hosting the based microprocessor (MPU) from Microchip provides several Docker container by responding to and remediating a mali- innovative security features including tamper resistance, secure cious code injection into the kernel. In this scenario, the mali- RAM, secure fuses, True Random Number Generator (TRNG) cious code injection invokes the ICM, causing an interrupt and support for a variety of cryptographic algorithms. in the secure enclave that is detected by CoreTEE. CoreTEE solves the security breach by rolling the kernel back to a known To ensure that implementing security is as seamless as possible, and trusted image. A second scenario demonstrates how to it is important to make these features easy to use. This can be use hardware security to authenticate the leaf node using an (continued on page 14) 13 ARM TrustZone®-based secure enclave on the SAMA5D2 MPU and the hardware crypto engine on the SAM E54 microcontroller. Design Corner

Given the magnitude of the risks and challenges, it is clear that the practice of layering on security used during the PC era will these technologies in their new designs. Microchip and Sequitur not be adequate to address the security requirements of the IoT Labs are committed to advancing new security solutions for use era. The key to securing the IoT is a combination of a hardware in IoT and other embedded devices. For more information, visit device with advanced security technologies and trusted soft- www.microchip.com/SAMA5D2. ware that is designed make it easy for developers to implement

Cryptography Code Protection Physical Attacks Protection Secure Key Store

• Hardware acceleration for • ARM® TrustZone® and MMU • Battery backed-up secure area • Battery backed-up secure 3DES/AES • On-the-fly DDR/QSPI • Tamper pins – dynamic and SRAM with erasure upon • Software library for RSA, encryption – AES128 static security event Elliptic Curves (ACSL) • Scrambling of internal and • Voltage, frequency and • Battery backed-up secure • High-quality True Random external memories temperature monitors register for master key Number Generator (TRNG) • Integrity check monitor • Die shield • 544 fuses for customer use • Hashing up to SHA512 • Secure debug modes • JTAG monitoring • ARM TrustZone protected storage • Protection against side • Secure bootloader (public • Secure packaging channels and private key)

Table 1: SAMA5D2 Hardware Security Capabilities

S T

M A Y L H P N

ast and easy access to all o your purcasin needs it our usiness Dasboard Scedule your orders and drop sip to multiple addresses orldide dd your custom code to a microcontroller or memory device Dedicated customer support team includin live cat olume pricin available nd many more eatures

DIRET T M M M T I U..A. . A . M T I. A . C

14 Design Corner

Debugging on the IoT

Capture, Visualize and Control Analog and Digital Signals with Portable, Connected and Open-Source OpenScope MZ Contributed by Digilent, Inc.

n the world of embedded systems, designers are constantly An IoT-Ready Instrumentation Solution engineering around the unseen. Traditional laboratories The OpenScope MZ was designed to be an oscilloscope, logic Iprovide the necessary tools to debug designs and charac- analyzer, power supply, waveform generator, Bode plot, FFT terize signals, but these are often out of reach for use in the plot and a simple data logger. When combined with WaveForms field: locked to a benchtop, stuck in a lab or just too heavy to Live (WFL), Digilent’s powerful and intuitive browser and mobile carry around. To meet this need, there has been a surge in the instrumentation software, the OpenScope MZ delivers its availability of portable oscilloscopes, logic analyzers and other amazing instrumentation capabilities right to your phone, tablet tools that can be powered by a laptop computer. However, even or computer. these options have their limitations. Applications like robotics and field-deployed Internet of Things (IoT) devices require a different type of solution. For them, bulky benchtop-based equipment and portable instrumentation tethered to a computer can’t be the only options.

To meet this challenge, Digilent released the OpenScope MZ, a portable Wi-Fi® connected instrumentation device featuring a powerful 32-bit PIC32MZ microcontroller (MCU).

The OpenScope MZ was not only designed to be a wireless instrumentation solution, but it was also developed to be as open source as possible. This not only enables designers to modify the hardware and/or the user interface, it also allows users to “peek under the hood” as a teaching or learning oppor- tunity. Nearly every peripheral of the PIC32MZ is used, and you can examine the source code and driver to learn how to

(continued on page 16) 15 maximize peripheral performance. Visit the Digilent wiki to find out more about the design of the OpenScope MZ. Design Corner

eight DMAs, nine timers and nine PWMs, the PIC32MZ is ideal for the OpenScope MZ application.”

An in-depth design review of the OpenScope MZ was offered as one of the sessions at Microchip’s 2017 MASTERs Conference in Phoenix, Arizona. A video of this three-hour class is available for you to view on Digilent’s YouTube channel.

The PIC32MZ combines with the OpenScope’s peripherals, firmware and software to deliver an impressive list of features:

While the multi-functionality of the OpenScope MZ is impressive, • Connectivity the firmware is really an engineering feat. The OpenScope MZ • Wi-Fi (802.11g) via Microchip’s MRF24WG0MA module firmware takes advantage of almost all of the extensive resourc- • USB 2.0 (high speed required) es available on the PIC32MZ MCU. The MCU’s many peripher- • Oscilloscope als, serial communications ports and other features enable a • Two channels number of functions that require virtually no intervention from • 12-bit resolution per channel the CPU. Some of these functions include: • 6.25 MS/s sample rate • Flat bandwidth up to 1 MHz at ±0.5 dB • Oscilloscope implemented with two interleaved dedicated • 2 MHz of bandwidth at -3 dB ADCs with DMA • 1 MΩ of input impedance • Interleaving/time base controlled by timer peripherals • ±20V input voltage range • DMA controller creates a continuous sampling buffer • Maximum buffer size of 32640 samples per channel during acquisition • Dedicated sample and holds for four dedicated ADCs • Arbitrary Waveform Generator • ADC threshold detection hardware used to implement • Sine, triangle, sawtooth, square and DC outputs analog trigger level • 10-bit resolution • 1 Hz to 1 MHz frequency • Arbitrary waveform generator implemented with DMA • 3V pk2pk output with ±1.5 V offset controller and I/Os • 10 mA output current • R2R ladder used to implement high-speed DAC via • 25000 sample buffer size high-current digital I/Os • Timers trigger the DMA controller which moves the data • Logic Analyzer and GPIO stored in a waveform table onto the GPIOs • 10 channels multiplexed between the logic analyzer and as GPIO • Logic analyzer implemented with the DMA controller and I/Os • 3.3V CMOS logic for both the logic analyzer and GPIO • Timers trigger the DMA controller to move the I/O state • 7 mA source and 12 mA sink when used as GPIO into buffer RAM • Logic analyzer has a sample rate of 10 MS/s • Power supply output implemented with hardware PWMs and • Maximum buffer size of 32640 samples per channel for ADC channels for calibration the logic analyzer • Wi-Fi radio provides connectivity; MCU runs TCP/IP stack to • Power Supply access it via SPI • Two channels • ±4V output voltage Why a PIC32MZ MCU? • 50 mA per channel When asked why the PIC32MZ processor was the chosen for the OpenScope MZ, Digilent’s Lead Engineer, Keith Vogel, • Other Features said, “The PIC32MZ has a rich peripheral set to offload ADC • Two external triggers acquisition, logic analyzer acquisition, function generation and • micro USB connector for power and programming DC power sources into the hardware, freeing the CPU to service over FTDI the USB and Wi-Fi network stack, SD™ card and Waveforms • microSD™ slot for external storage Live communications. With its six high-speed 12-bit ADCs, • Four user LEDs for programming and reset buttons (continued on page 17) 16 Getting Started The OpenScope MZ costs just $89 and can be ordered from Design Corner microchipDIRECT or directly from Digilent. While you are waiting for your OpenScope MZ to arrive, you can go to We recommend that you use our online Getting Started Guide www.waveformslive.com and test out the user interface in or check out the Digilent GitHub for more information on the demo mode. design of the OpenScope MZ. Once your OpenScope MZ arrives, you can get it up and running The OpenScope MZ is an impressive piece of hardware, with just a few simple steps: firmware and software that takes full advantage of the capable • Download and install the Digilent Agent PIC32MZ processor. Whether you need portable instrumenta- • Head over to www.waveformslive.com and connect your tion for a project, want to use it in your own field-deployable IoT OpenScope MZ device, or just want to try out something new and innovative, • Start taking measurements we think you’ll find that the OpenScope MZ is a great addition to your workbench.

17 On the Cutting Design Corner Edge of Learning

LoRaWAN Academy Offering University-Level Curriculum is Launched by Leading IoT Solutions Providers

oRaWAN™ is an open specification derived from The mission of the LoRaWAN Academy is to: Semtech’s LoRa® devices and wireless radio frequency technology (LoRa Technology) that has quickly become • Equip universities with out-of-the-box, state-of-the-art L LoRaWAN networks the leading Low-Power Wide-Area Network (LPWAN) technol- ogy for use in wireless Internet of Things (IoT) networks around • Educate the next generation of hardware and software the globe. Companies are implementing LoRa Technology and engineers and computer scientists to imagine, develop and the LoRaWAN protocol in their IoT applications to take advan- operate real-world IoT applications tage of a number of significant benefits that include long-range • Advance LoRaWAN standard-based IoT research and connectivity, low cost of implementation, global interoperability involve top university scholars in real-world problem solving and low power consumption for battery-powered devices. using cutting-edge technology

As the IoT continues to boom, a new generation of engineers Universities can easily implement LoRaWAN Academy will need to be trained on the technologies that will enable the curriculum into existing engineering and computer science development of smart solutions to solve some of the world’s courses, giving students valuable lessons and training for the real toughest challenges. That’s why several leading IoT technology world. Appropriate for beginner to intermediate-level engineer- companies recently launched the LoRaWAN Academy, an ing students, the 10-week program is self-paced and offered on all-encompassing, hands-on curriculum that enables university a rolling basis, with no formal program start dates. Each week’s students to learn about the LoRaWAN specification and the curriculum includes 4-8 hours of video lectures, supplemental ecosystem that is rapidly developing around it. The LoRaWAN reading and materials, as well as problem sets, assignments Academy program provides an online course library, as well as and quizzes to benchmark learning. The program culminates LoRaWAN network packages and an IoT network infrastructure with a hands-on applied research project for students to build for hands-on training and design. real-world IoT applications.

The sponsoring organizations of the LoRaWAN Academy include Kerlink, LoRa Alliance™, Microchip Technology, myDevices, Semtech Corporation and The Things Network. These companies, with the support of the LoRa Alliance, have successfully deployed LoRaWAN solutions to enable

(continued on page 19) 18 cutting-edge IoT applications and will collaboratively contribute to curriculum development, hardware and software, IoT network Design Corner infrastructure, expert training and ongoing support for the LoRaWAN Academy. plans for other regions. Engineering professors or department chairs who are interested in adding the LoRaWAN Academy to their existing engineering courses or wireless IoT programs should visit the Apply Now page on the website to review the criteria for admission and submit an online application.

Students who participate in the LoRaWAN Academy will have the opportunity to learn fundamental skills that they can carry with them into the workforce. They may well be on the forefront of developing innovative solutions for the IoT and other smart applications that have yet to be imagined. To learn more about this exciting program, visit www.LoRaWANacademy.com.

LoRa is a registered trademark or service mark, and LoRaWAN is a The LoRaWAN Academy is currently supporting universities trademark or service mark, of Semtech Corporation or its affiliates. located in the USA, Europe and India, but has aggressive roll-out

19 Maker Space Get Launched Hits the Road!

Inspiring Innovation from Midtown Manhattan to the Shore of Lake Michigan

his fall, Microchip brought its exciting “Get Launched” free of charge. Attendees could then take this hardware—and events to New York City and Chicago. This new program the knowledge they had gained—home with them to begin Tfor aspiring inventors and early-stage start-up companies developing their own projects. provides them with a number of helpful resources, valuable net- In October, “Get Launched” working opportunities and essential information they need to was held at mHUB Chicago, a help bring their products from prototype to reality. A distinctive world-class incubator space that of the “Get Launched” program is that it leverages Microchip’s offers a state-of-the-art hardware cross-industry partnerships to enable attendees to meet with prototyping floor. This event fea- local Microchip Design Partners and representatives from tured several partner companies, other companies. These companies offer a range of busi- including Sigfox and Arrow, who ness resources like product review, design for manufacturing, were able to meet with makers low-volume contract manufacturing and even connections to and entrepreneurs from the potential investors. greater Chicago area. It also Attendees of “Get Launched” events can also attend informative included a hands-on workshop workshops on a variety of topics. In September, the New York titled, “Build a Smarter Security City program featured a “Prototyping with Sensors” workshop IoT System Complete with User that showed how easy it is to develop an embedded sensor Portal in Two Hours,” where node prototype using the cloud-based MPLAB® Xpress IDE. A attendees were able to work with “Hands-on with PlatformIO” class focused on using the popular our IoT Ethernet Monitoring Kit Arduino® platform powered by Medium One. for development In 2017, our highly successful “Get Launched” series of events and debugging. The started out in sunny Santa Barbara and ended in metropolitan hardware that was Chicago. We currently have events in Silicon Valley, Boston, used in the hands- Berlin and Marseille on our roadmap for 2018. We hope to on workshops was meet many of you during our upcoming travels. Visit our Get offered to attendees Launched website or email us at GetLaunched@microchip. at a steep discount, com for the latest information on future events that may be or in some instances coming to your area. it was even provided

20 Coloring Page Boost Your IoT Security Zero Touch Provisioning for AWS IoT

Securing data comes with challenges, but the main challenge is providing a secure authentication and securely handling private keys in a production environment. This has led cloud providers to push towards hardware-based security, obtain strong device identity to avoid spoofing and protect against unauthorized firmware updates and proliferation.

Microchip’s pre-configured ATECC508MAHAW meets these challenges by leveraging AWS IoT Just-In-Time Registration (JITR). JITR combined with the mutual authentication handshake enables bulk certificate uploading once a system is deployed.

Key Features Zero Touch Secure Provisioning Kit (AT88CKECC-AWS-XSTK-B) • Eliminate private keys manipulation from software, users and manufacturers • Provide secure mutual authentication and unique trusted identity • Leverage AWS IoT and JITR for bulk certificate uploading www.microchip.com/AWSECC508

The Microchip name and logo and the Microchip logo are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. All other trademarks are the property of their registered owners. © 2017 Microchip Technology Inc. All rights reserved. 11/17 DS00002581A