JAN/FEB 2018 A MICROCHIP TECHNOLOGY INC. PUBLICATION
Just in Accelerate Your On the Cutting Time Touch Design Edge of 6 10 18 Learning A MICROCHIP TECHNOLOGY INC. PUBLICATION JAN/FEB 2018
COVER STORY EVENTS 4 Heightened Security 9 Get Ready for Las Vegas! Protect IP and Deploy Secure Connected Systems with New ATECC608A CryptoAuthentication™ Device DESIGN CORNER NEW PRODUCTS 10 Accelerate Your Touch Design 6 Just In Time New 8-bit PIC18 K83 Family Improves Response Time 12 Securing the Edge to Critical System Events on CAN Network 15 Debugging on the IoT Simple Connection 7 On the Cutting Edge of Learning Latest Single-Wire Serial EEPROM Enables Remote 18 Identification and Authentication MAKER SPACE 20 Get Launched Hits the Road contents
The Microchip name and logo, the Microchip logo, AnyRate, AVR, AVR logo, AVR Freaks, BeaconThings, BitCloud, CryptoMemory, CryptoRF, dsPIC, FlashFlex, flexPWR, Heldo, JukeBlox, KEELOQ, KEELOQ logo, Kleer, LANCheck, LINK MD, maXStylus, maXTouch, MediaLB, megaAVR, MOST, MOST logo, MPLAB, OptoLyzer, PIC, picoPower, PICSTART, PIC32 logo, Prochip Designer, QTouch, RightTouch, SAM-BA, SpyNIC, SST, SST Logo, SuperFlash, tinyAVR, UNI/O, and XMEGA are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. ClockWorks, The Embedded Control Solutions Company, EtherSynch, Hyper Speed Control, HyperLight Load, IntelliMOS, mTouch, Precision Edge, and Quiet-Wire are registered trademarks of Microchip Technology Incorporated in the U.S.A. Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any Capacitor, AnyIn, AnyOut, BodyCom, chipKIT, chipKIT logo, CodeGuard, CryptoAuthentication, CryptoCompanion, CryptoController, dsPICDEM, dsPICDEM. net, Dynamic Average Matching, DAM, ECAN, EtherGREEN, In-Circuit Serial Programming, ICSP, Inter-Chip Connectivity, JitterBlocker, KleerNet, KleerNet logo, Mindi, MiWi, motorBench, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, PureSilicon, QMatrix, RightTouch logo, REAL ICE, Ripple Blocker, SAM-ICE, Serial Quad I/O, SMART-I.S., SQI, SuperSwitcher, SuperSwitcher II, Total Endurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA are trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. SQTP is a service mark of Microchip Technology Incorporated in the U.S.A. Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries. GestIC and ULPP are registered trademarks of Microchip Technology Germany II GmbH & Co. & KG, a subsidiary of Microchip Technology Inc., in other countries. The LoRa name and associated logo are registered trademarks of Semtech Corporation or its subsidiaries. USB Type-C™ is a trademark of USB Implementers Forum. ARM and Cortex are registered trademarks of ARM Ltd. in the EU and other countries. All other trademarks mentioned herein are property of their respective companies. © 2017, Microchip Technology Incorporated, All Rights Reserved.M
2 EDITOR’S NOTE
Reflections on 2017 JAN/FEB 2018 s a new year unfolds, it is common to look back over the previous 12 months to A MICROCHIP TECHNOLOGY INC. PUBLICATION identify significant milestones and major accomplishments. Here at Microchip, 2017 offered us many occasions to celebrate. We launched the year witha Asuccessful integration of our business systems following the acquisition of Atmel. Our product portfolios expanded as we introduced a number of new devices throughout the year. We also launched the Microchip 2.0 initiative, which combines the company’s product, technology, system and employee strengths to allow us to provide multiple solutions for the circuit boards that drive our customers’ end applications.
Microchip was also honored by a number of award programs. The company was named a top place to work in the California Bay Area, New York and Austin, Texas, and was also listed as one of Arizona’s Most Admired Companies for 2017 by both Just in Ready for a On the Cutting AZ Big Media as well as BestCompaniesAZ. It was also included as a finalist in the Time Head Start? Edge of Learning GSA Most Respected Public Semiconductor Company Awards. 6 10 18
Some other highlights include the AWS-ECC508 security device and MPLAB® Don’t Miss the Next Issue of Xpress IDE being selected as finalists in the ECN Impact Awards. The AWS-ECC508 MicroSolutions was also selected as an honoree in the 2017 CES Innovations awards and was Published six times a year, named a finalist in the Design News Golden Mousetrap Awards and Embedded MicroSolutions is a valuable resource Computing Design’s 2017 Most Innovative Products awards program. for product and technology news about Microchip’s innovative The most exciting news of all, however, was that Microchip achieved its first quarter solutions. Subscribe today to receive of over one billion dollars in net sales as reported in the results for the quarter ending email notifications when each new on September 30, 2017. We are energized by this achievement, thankful to all our issue of MicroSolutions is ready. Use customers who made it possible, and looking forward to many more opportunities the link below: to serve you in 2018. We wish you much success with your designs in the New Year! CLICK TO SUBSCRIBE
As always, we would be happy to get your feedback on MicroSolutions. Feel free to email us at [email protected].
Find Us on These Social Channels
Microchip Technology Inc. 2355 W. Chandler Blvd. | Chandler, AZ 85224 | www.microchip.com
3 COVER STORY
HEIGHTENED SECURITY
Protect IP and Deploy Secure Connected Systems with New ATECC608A CryptoAuthentication™ Device
Take Advantage of Microchip’s New Security Design Partner Program to Ease the Development of Secure Designs
rom remote cyberattacks to the creation of counterfeit products, widespread security Fthreats are affecting industries around the globe. When carried out, these threats can lead to substantial losses in service revenue, escalating recovery costs and, perhaps most significantly, irreparable damage to brand equity. Now more than ever, it is critical to implement robust security into new and existing designs to protect Intellectual Property (IP) and enable trusted authentication of connected devices.
(continued on page 5)
4 COVER STORY
after deployment. These techniques allow the system to preserve a secured and trusted identity.
Trusted in-manufacturing provisioning: Companies can use Microchip’s secured manufacturing facilities to safely provi- sion their keys and certificates, eliminating the risk of exposure The ATECC608A allows you to add hardware-based security to your designs. during manufacturing. Experienced and Capable To meet this growing challenge to today’s connected applications—especially for those spanning from hard- Security Partners ware to the cloud—Microchip has created the ATECC608A When you select one of our hardware security solutions, you CryptoAuthentication device, a secure element that allows you also have access to our Security Partners within our Design to add hardware-based security to your designs. We have also Partner Program. These industry-leading companies, includ- established a Security Design Partner Program to connect you ing Amazon Web Services (AWS) and Google Cloud Platform, with third-party partners that can enhance and expedite the provide complementary cloud-driven security models and development of secure designs. infrastructure. Other partners are well versed in implementing Microchip’s security devices and libraries. Whether you are The foundation of secured communication is the ability to create, looking to secure an Internet of Things (IoT) application or add protect and authenticate a device’s unique and trusted identity. authentication capabilities for consumables, such as cartridges By keeping a device’s private keys isolated from the system in or accessories, the expertise of our Security Design Partners can a secured area, coupled with its industry-leading cryptography reduce both your development cost and your time to market. practices, the ATECC608A provides a high level of security that can be used in nearly any type of design. The primary features “The work done on the ATECC608A chip through our of the ATECC608A include: collaboration with Microchip enables Google IoT customers to get a new offering that provides high levels of security with Best-in-class key generation: The Federal Information Processing a seamless onboarding experience,” said Antony Passemard, Standard (FIPS)-compliant Random Number Generator (RNG) Product Management Lead for Google Cloud IoT. generates unique keys that comply with the latest requirements from the National Institute of Standards and Technology (NIST), providing an easier path to a whole-system FIPS certification. Development Tools Boot validation capabilities for small systems: New commands To assist you with the rapid prototyping of your secure solution, facilitate the signature validation and digest computation of the the new CryptoAuth Xplained Pro Evaluation and Devel- host microcontroller (MCU) firmware for systems with small opment Kit (ATCryptoAuth-XPRO-B) is an add-on board that MCUs, such as an ARM® Cortex®-M0+ based device, as well as is compatible with any Microchip Xplained or Xplained Pro for more robust embedded systems. evaluation board.
Trusted authentication for LoRa® nodes: The AES-128 engine If you are looking for a way to heighten the security in your next also makes security deployments for LoRa infrastructures possi- design, the ATECC608A can be ordered from microchipDIRECT ble by enabling authentication of trusted nodes within a network. or from Microchip’s worldwide distribution network.
Fast cryptography processing: The hardware-based integrated Elliptical Curve Cryptography (ECC) algorithms create smaller keys and establish a certificate-based root of trust more quickly and securely than other implementation approaches that rely on Want More Information? legacy methods. Visit the website at: Tamper-resistant protections: Anti-tampering techniques www.microchip.com/CryptoAuthentication protect keys from physical attacks and attempted intrusions
5 Just In Time New Products New 8-bit PIC18 K83 Family Improves Response Time to Critical System Events on CAN Network
Core Independent Peripherals Make CAN-Based Designs Simpler and More Cost Effective
f you are developing an application that includes a Controller these MCUs with just a few clicks will save considerable time Area Network (CAN) system, you know that software devel- in developing CAN-based applications for the medical, industri- Iopment can slow you down. You can now change the way al and automotive markets, such as motorized surgical tables, you design with CAN using our new PIC18 K83 family of micro- asset tracking, ultrasound machines, automated conveyors and controllers (MCUs). These two new devices combine a CAN automotive accessories. bus with an extensive array of Core Independent Peripherals The PIC18 K83 devices contain 15 time-saving CIPs. These (CIPs). You can use these CIPs to increase your system’s capa- include Cyclic Redundancy Check (CRC) with memory bilities and simplify the creation of your CAN-based applications scan for ensuring the integrity of nonvolatile memory; Direct while avoiding the complexity of added software. Memory Access (DMA) for enabling data transfers between A key advantage of using a PIC18 K83 MCU in your CAN-based memory and peripherals without CPU involvement; Windowed system is that the CIPs provide deterministic response to real- Watchdog Timer (WWDT) for triggering system resets; 12-bit time events, shorten design time and can be easily configured Analog-to-Digital Converter with Computation (ADC2) for auto- through MPLAB® Code Configurator (MCC), a free software mating analog signal analysis for real-time system response; plug-in for MPLAB X Integrated Development Environment and Complementary Waveform Generator (CWG) for enabling (IDE) and the cloud-based MPLAB Xpress IDE. It is signifi- high-efficiency synchronous switching for motor control. cantly easier to configure a hardware-based peripheral to accomplish a task instead of writing and validating an entire software routine. The ability to use MCC to configure one of Development Support The PIC18 K83 family of MCUs is supported by the Curiosity High Pin Count (HPC) Development Board (DM164136).
The PIC18F25K83 comes with 32 KB of Flash memory and the PIC18F26K83 offers 64 KB of Flash memory Both devices are available in 28-pin SPDIP, SOIC, SSOP, UQFN and QFN pack- ages. They can be ordered today from microchipDIRECT or from Microchip’s worldwide distribution network.
Want More Information?
Visit the website at:
The PIC18 K83 devices contain 15 time-saving CIPs, including www.microchip.com/K83 CRC, DMA, WWDT, ADC2 and CWG.
6 Simple New Products Connection Latest Single-Wire Serial EEPROM Enables Remote Identification and Authentication
AT21CS11 Offers Extended Voltage Range to Accommodate Lithium-Ion Battery Applications
ecause of their unique combination of capabilities, serial space for electronic components is limited. With its operational Electrically Erasable Programmable Read-Only Memory voltage range of 2.7V to 4.5V, it is also well suited for use in B(EEPROM) devices are used to add critical memory storage lithium-ion battery-powered devices such as disposable to a wide range of advanced electronic systems and applications. medical devices and e-cigarettes. Their features include byte-write alterability, nonvolatile data storage, one million cycles of write endurance, very low power supply voltage operation, 100-year data retention, extremely low The AT21CS11 is active and standby currents and low cost. Microchip’s AT21CS family of single-wire, two-pin serial EEPROMs are tiny—but well-suited for use in mighty—devices that incorporate an innovative memory archi- tecture, best-in-class power consumption and value-added lithium-ion battery- features for use in applications such as consumables, cables, batteries, wearables and Internet of Things applications. powered applications. As the second member of this family of single-wire serial EEPROMs, the AT21CS11 is ideal for identifying and authenti- Each AT21CS11 contains both a preprogrammed unique cating remote items, such as printer cartridges or cables, where serial number and five EEPROM memory sections. Any or all of the memory sections can be permanently locked by the end-equipment manufacturer to allow tracking of products and identifying attachments to assist with counterfeit prevention. If you need to warranty your product or prevent counterfeits and ensure proper continued operation of your goods through autho- rized replacements, this serial EEPROM is an excellent option.
The AT21CS11 connects to a system through a Single Input/ Output (SI/O) wire that enables both communication and a supply of power to the device. The need for only one wire and a ground allows makers of Fiber to the Home (FTTH) cable ends to add critical cable characteristic parameters to different cable The AT21CS11 connects to a system through a Single Input/ types. The SI/O wire also allows you to use a simple two-point Output wire that enables both communication and a supply of mechanical snap-in or twist-on connector for disposable devices power to the device.
(continued on page 8)
7 where larger three-, five- or eight-wire solutions are impractical. This single-wire option allows you to add EEPROM intelligence New Products to remote devices over the simplest connection possible.
When the EEPROM is located in a detachable cable or cartridge, from Microchip’s worldwide distribution network. An manufacturers can create attachments that can be easily identi- easy-to-use and interactive kit, the AT21CS01/AT21CS11 fied or authenticated. The device has 1 Kbit of EEPROM memory Single-Wire Evaluation Kit (DM160232), will also be available (four sectors of 256 bits each), a unique, factory-programmed soon to help you get started with using this new serial EEPROM 64-bit serial number and 128 bits for extra user-programmable in your next project. tracking memory. The extra memory allows you to add unique identification and operating parameters, such as consumption and usage information, in locations that can be remote from the Want More Information? main electronics. Visit the website at: The AT21CS11 is available in a variety of space-saving package www.microchip.com/AT21CS11 options and can be ordered today from microchipDIRECT or
8 Get Ready for EVENTS Las Vegas!
Meet with Microchip Experts and Learn About Our Latest Innovations at CES® 2018
icrochip invites you to join us at CES 2018 to see our latest product and technology demonstrations and meet with our product experts to discuss your design challenges. You will find us in Booth MP26070 at the Las Vegas Convention Center MSouth Hall 2, where we will feature the following technology zones: Security Find out how we make “difficult” easy with our advanced solutions for implementing hardware-based security in cloud-connected embedded systems. See demonstrations of how our CryptoAuthentication™ devices combine with solutions from AWS IoT, Google IoT Core, Microsoft® Azure and Afero to protect and isolate private keys, support secure boot and protect IP. Automotive Solutions Power and Connectivity Solutions We will be showcasing a broad spectrum of solutions for Discover our latest innovations in the area of power and applications such as ADAS, cybersecurity, HMI, connected car, connectivity solutions, including USB Type-C™ and USB Power infotainment and networking. Products areas will include USB Delivery, robust Ethernet connectivity, and wireless charging connectivity and charging, automotive touch (buttons, sliders, including support for the 15 Qi standard and a proprietary 200W touch screens and gesturing), MOST® technology, Ethernet, reference design. We will also demonstrate the technology needed security ICs and LED lighting. to drive an induction cooktop, and our Energy Estimation Engine demonstrations will display the power/energy consumption of Touch and Gesture Windows® 10 software programs and Linux® operating systems. We will show you how to simplify and speed up your development of attractive and intuitive user interfaces using Health and Fitness touch and gesture control. Our solutions include water-tolerant We can show you how to cost-effectively utilize our technologies touch and the latest technologies for implementing touch so that you have the flexibility to design the health and fitness screens, 3D gestures and force sensing with haptic feedback in solutions necessary for the digital health revolution. Stop by to automotive applications. see demonstrations of connected solutions for wearable remote patient monitoring, drug delivery and fitness.
It’s easy to schedule an appointment for a product demonstration at our booth using our online CES reservation system. We also invite you to be our guest at CES by registering for a complimentary attendee pass. We look forward to seeing you in Las Vegas!
9 Design Corner
Accelerate Your Touch Design
Microchip’s Code Configurators Speed the Development of Touch User Interfaces
rom your customer’s perspective, the user interface is the To help you get a head start with product. In today’s competitive environment, providing your development, Microchip offers Fmodern, attractive and intuitive user interfaces is essen- two free, graphical programming tial for product differentiation. A well-designed, touch-enabled environments that support almost user interface can be one of the keys to success when it comes every MCU in our extensive port- to launching a new product into the market. Incorporating a folios. If you select an 8-, 16- or capacitive touch interface in your design also eliminates the 32-bit PIC MCU, MPLAB® Code need to use mechanical buttons and springs, which simplifies Configurator (MCC) is integrated your layout and reduces costs. In the race to get to market into the cloud-based MPLAB Xpress Integrated Development quickly and cost effectively, you need to get up to speed rapidly Environment (IDE) or it is also available as a free plug-in for with the latest touch technologies. MPLAB X IDE. If you are using an AVR or SAM MCU in your design, then you can use the easily accessible Atmel START. Even though developing capacitive touch applications may sound challenging, it doesn’t have to be hard. When you choose After a recent upgrade in features, Atmel START now supports our PIC®, AVR® or SAM microcontrollers (MCUs), we provide more MCU families including the following devices that feature a a complete set of tools and touch libraries that enable touch PTC, making them well suited for use in touch-enabled designs: sensing in your design. Our “MCUs with touch” are devices • All tinyAVR® and megaAVR® MCUs that feature dedicated Core Independent Peripherals (CIPs) to implement touch applications with minimal intervention from • SAM D10/D11 MCUs the CPU. Look for MCUs that include these features: • SAM D20/D21 MCUs • SAM DA1 MCUs • A Hardware Capacitive Voltage Divider (HCVD) module • SAM D51/E51/E53/E54 • An Analog-to Digital Converter with Computation (ADC2) with HCVD module Both code configurators make it easy to select and configure • A Peripheral Touch Controller (PTC) peripherals and functions specific to your application and gen- erate production-ready code. You always have access to the These on-chip touch modules can be used to enable the latest libraries. MCC and Atmel START offer capabilities that go highest sensitivity, the lowest power consumption, superior way beyond the basic setup of clocks and GPIO configuration. noise immunity and water tolerance in your design.
(continued on page 11) 10 In addition to their many features, they also support capacitive touch sensing, making them the best tools to successfully Design Corner develop your touch-based projects with minimal effort and in the shortest amount of time. hopping to provide robust touch sensing that surpasses more It is simple to add buttons, sliders, wheels or proximity detection than 10V conducted immunity. to any application. These code configurator tools generate lean code that is tailored to meet the requirements of your touch Once you have completed your AVR or SAM MCU-based design and to use the MCU’s resources as efficiently as possi- project configuration within Atmel START, you can continue ble. They also provide easy access to the Microchip mTouch® finalizing your development using Atmel Studio 7 or IAR as Library for PIC MCUs and the QTouch® Library for AVR and your IDE of choice. To tune and complete your design, use the SAM MCUs, which are optimized for touch performance and Data Visualizer, a powerful tool that allows you to process and code size. In addition to offering slider and wheel decoding visualize all relevant touch data. A step-by-step guide, com- right out of the box, these libraries make it easy to implement plete user guide, sample projects and more are available from water-tolerant touch for designs that are exposed to rain or Microchip’s Developer Help website. other sources of moisture. They will help you develop low-pow- Ready to get started? Visit our Touch and Gesture Design er wake-on-touch applications that consume less than 5 µA. Center to learn more about how we can help you drive your They also offer noise avoidance technologies like frequency next user interface design into the winner’s circle.
11 Design Corner
Securing the Edge
A Design Imperative for the Era of the Internet of Things Contributed by Sequitur Labs
any large enterprises are focusing their IT investments data generated by IoT devices, allowing new insights from, as on developing, deploying and maintaining cloud well as control of, remotely deployed assets. services. Developers are now being trained in the M Cloud-connected devices however present a different challenge latest cloud-related technologies and services. As practices than traditional PC platforms have in the past. Developing code have matured, developers have created new ways of writing to run on embedded devices requires knowledge of both hard- applications to make use of the cloud. ware and software. The resource limitations of many of these Over the past few years, microservices—functions that operate devices further compounds the difficulties. Embedded devices independently to complete a single task—have become popular are often required to run with very limited power budgets, have among cloud developers. One of their key benefits is their ability CPU cores with limited compute capability and are typically to be changed and updated independently from other services optimized for specific workloads. This means that developers that are running concurrently on the platform. This model fits in must develop and maintain separate code for resource-limited well with the continuous delivery practices adopted by many devices and for the cloud. Given the vast investment companies cloud developers. Another growing trend is the use of contain- are making in cloud technologies, the ability to deploy contain- ers, which enable the delivery of services along with the exact ers and microservices to these edge devices holds tremendous environment they require for deployment on servers or in virtual appeal and value. machines (VMs). Docker pioneered the use of containers and Addressing the need to bring the power of cloud intelligence to continues to set standards and lead the market in practices mobile and IoT devices, Microsoft® has implemented an intel- related to their use. ligent edge initiative called Azure IoT Edge. It enables Docker IoT Challenges for Cloud Developers containers and microservices to be deployed on IoT edge The Internet of Things, or IoT, has been in the news for both gateways and other devices. This greatly simplifies the devel- the dramatic transformation it promises and for the perils and oper’s task, as code can be created once for the cloud and implementation challenges associated with it. The IoT compris- then be easily pushed to remote edge gateways. It increases es a network of connected devices that includes sensors, inter- design agility while reducing the time to market and the costs mediate devices known as edge gateways (or simply gateways) associated with maintaining two different code bases. However, and a slew of cloud services. The cloud ingests and analyzes this capability also introduces the essential need for security at the edge.
(continued on page 13) 12 Securing the Edge How should a device maker go about securing edge devices Design Corner such as gateways? Gateways function as access points between sensors and cloud services. As such, they perform achieved with a system that combines Azure IoT Edge, the IoT the vital function of connecting to and aggregating data from Security Suite by Sequitur Labs and the SAMA5D2 MPU. Click sensors and transmitting that data to cloud services for analysis on the video screenshot below to see a demonstration of Docker and further operations. Gateways may also act as device man- containers and microservices running on a SAMA5D2 MPU- agement nodes performing a variety of command and control based gateway that is connected to a SAM E54 microcontroller- functions over associated sensors. All these operations must be based leaf node. The system controls a simple door lock that performed securely. Sensors associated with the gateway must opens and shuts upon receiving a command from the gateway. be authenticated, data received from it must be encrypted and the gateway must authenticate itself to a cloud service prior to transmitting any data. Additionally, software applications on the gateway and the device’s firmware itself must be periodically updated. These functions, if not properly secured, are vulnerable to malware or denial of service and man-in-the-middle attacks.
The standard requirements for securing these devices are:
• Secure boot: The device must implement a secure boot process all the way up from the hardware to the OS. • Isolation of critical processes: Security-critical processes, data and functions should be isolated and unreachable without proper credentials. This demonstration illustrates: • Immutable ID: A unique device ID that cannot be corrupted is essential in many operations that take place during a • Secure container provisioning to a SAMA5D2 MPU-based device’s lifecycle. gateway • Secure storage: This is not limited to data coming out of • Edge node attestation sensors. It also includes sensitive material such as keys and • Container integrity checking and remediation certificates, which should be isolated and stored separately. • Hardware crypto operations Encrypting data is not just good practice. It is essential. • Certificate and key management in secured key store • Secure peripherals: Sometimes peripherals perform security- critical functions (e.g. biometric readers). These peripherals The IoT Security Suite is preconfigured to establish the secure should only be configured to run, or be accessible to an enclave and make use of the SAMA5D2 MPU’s hardware- application, in a secure state. based security components. The secure domain implements • Secure update: Certificates and keys should be used to Sequitur’s trusted execution environment, CoreTEE™, on the execute firmware and application updates to assure trust- gateway. CoreTEE provides a programmable, isolated envi- worthiness throughout the device’s lifecycle. ronment for executing security-critical functions and storing sensitive data such as keys and certificates. The solution also The right combination of hardware and software is required to includes Sequitur’s CoreLockr™, a software middleware layer implement these security measures. First, it is critical to choose comprising easy-to-use APIs for developers to access services the appropriate hardware platform. Device makers typically and peripherals isolated by CoreTEE. select a hardware platform that meets their design’s functional and power consumption requirements. However, security should The demonstration uses the SAMA5D2 MPU’s Integrity Check be a primary criterion as well. The SAMA5D2 ARM® Cortex®-A5 Monitor (ICM) to monitor the integrity of the OS hosting the based microprocessor (MPU) from Microchip provides several Docker container by responding to and remediating a mali- innovative security features including tamper resistance, secure cious code injection into the kernel. In this scenario, the mali- RAM, secure fuses, True Random Number Generator (TRNG) cious code injection invokes the ICM, causing an interrupt and support for a variety of cryptographic algorithms. in the secure enclave that is detected by CoreTEE. CoreTEE solves the security breach by rolling the kernel back to a known To ensure that implementing security is as seamless as possible, and trusted image. A second scenario demonstrates how to it is important to make these features easy to use. This can be use hardware security to authenticate the leaf node using an (continued on page 14) 13 ARM TrustZone®-based secure enclave on the SAMA5D2 MPU and the hardware crypto engine on the SAM E54 microcontroller. Design Corner
Given the magnitude of the risks and challenges, it is clear that the practice of layering on security used during the PC era will these technologies in their new designs. Microchip and Sequitur not be adequate to address the security requirements of the IoT Labs are committed to advancing new security solutions for use era. The key to securing the IoT is a combination of a hardware in IoT and other embedded devices. For more information, visit device with advanced security technologies and trusted soft- www.microchip.com/SAMA5D2. ware that is designed make it easy for developers to implement
Cryptography Code Protection Physical Attacks Protection Secure Key Store
• Hardware acceleration for • ARM® TrustZone® and MMU • Battery backed-up secure area • Battery backed-up secure 3DES/AES • On-the-fly DDR/QSPI • Tamper pins – dynamic and SRAM with erasure upon • Software library for RSA, encryption – AES128 static security event Elliptic Curves (ACSL) • Scrambling of internal and • Voltage, frequency and • Battery backed-up secure • High-quality True Random external memories temperature monitors register for master key Number Generator (TRNG) • Integrity check monitor • Die shield • 544 fuses for customer use • Hashing up to SHA512 • Secure debug modes • JTAG monitoring • ARM TrustZone protected storage • Protection against side • Secure bootloader (public • Secure packaging channels and private key)
Table 1: SAMA5D2 Hardware Security Capabilities
S T