Securing IoT products starts with recognizing that security failures occur at multiple points directly affecting a company’s brand image or worse—loss of revenue and value. Typically, security lapses are noticed when devices are deployed and operational. However, problems such as IP theft and device cloning occur at the time of manufacturing. Further, devices are also at risk of compromise when undergoing firmware updates or connecting to IoT cloud infrastructure. Therefore, ensuring security requires considering the entire device lifecycle. The IoT Security Suite implements measures to ensure device integrity from design to decommissioning.
Secure IoT - By Design
The SAMA5D2 series is a high-performance, ultra-low-power Arm Cortex-A5 processor-based MPU. It includes several advanced security features including tamper detection, secure fuses, secure RAM and Arm® TrustZone® based hardware isolation (secure enclave). The SAMA5D2 powers a number of products where power consumption and security are paramount including payment terminals, biometric readers, industrial gateways and building control systems.
EmSPARKTM Security Suite gives your device a unique ID tied to the hardware root of trust. This ID cannot be spoofed and therefore facilitates a number of secure processes such as authentication.
Encrypted Boot Chain:
Extends secure boot capabilities of the hardware platform. It secures the boot process from initial ROM boot to deploying a trusted, authenticated Linux OS and your firmware. This process ensures the fidelity of your firmware, preventing theft or compromise by malware.
Key and Certificate Management:
From mutual authentication to securely connecting to IoT cloud, public-private key combinations offer a proven mechanism to execute a variety of functions securely. The Suite include robust key and certificates management in a TrustZone-isolated keystore.
Firmware Authentication & Secure Firmware Update:
Complementing the trusted boot architecture, the secure firmware update provides assurance for device’s lifecycle.
Hardened Security. Simplified.
The IoT Security Suite for the Microchip SAMA5D2 enables device OEMs to implement critical security aspects that are foundational to trustworthy IoT devices. These include implementing hardware-based isolation, access to hardware cryptography, implementing a hardware root-of-trust, and essential key and certificate management tools. It simplifies the task of implementing these capabilities because the suite:
Is pre-configured to support available hardware security components and isolation
Provides simple APIs that reduce learning curve for implementing security
Software abstraction shields developers from underlying complexity of hardware security
Enables faster time to market at a lower cost
IoT Security Suite Capabilities
The Suite includes a number of components that help streamline deployment and enable secure functions. Components include:
Sequitur’s Trusted Execution Environment (Secure OS) which is required to utilize ARM® TrustZone® and TrustZone secured resources.
Hardware Crypto Engines
TrustZone integrated crypto engine and OpenSSL plugin are accessible in Linux.
Easy to Use APIs
Easily implements security functions. Allows developers to focus on their application and not on the intricacies of hardware or TrustZone security.
Step by step tool that simplifies firmware development and IP protection, abstracting the complexity of secure boot and TrustZone.
In-system Provisioning Procedure and Toolset
Includes anti-replay measures and IP protection.
How It Works
EmSPARKTM Security Suite makes it easy to implement a basic security framework on your target board. This could be an evaluation board such as the Microchip Xplained Rev C board or your production board. The process for both is largely the same with a few exceptions (see Device Provisioning below). It provides a systematic process for creating a firmware package that can be flashed to the board. The Packaging tool includes scripts and applets so all you have to do is run the script to:
Initiate the encrypted boot process
Establish the secure enclave and initialize CoreTEE (Trusted Execution Environment)
Decrypt and install an authenticated version of Linux
The Suite implements APIs for developers to access a variety of secure services. APIs are included for:
Secure firmware update
Secure payload verification
The APIs allow developers to focus on developing their application without having to learn the intricacies of hardware security.
EmSPARKTM Security Suite enables secure manufacturing via a secure device provisioning process. The process prevents the unauthorized manufacturing of devices by contract manufacturers and thereby protects OEM revenues and intellectual property. Device provisioning refers to the initial injection of keys and certificates during time of manufacture that essentially assert the claim of the manufacturer over the device. The keys are a source of authentication of the device throughout its lifecycle so it is important to understand how the Suite handles this process. Note that the Suite, as part of the Packaging tool, supplies the method to inject keys as part of building the firmware package. It supports in-system or high volume production provisioning. The choice belongs to the OEM.
Getting Started With the Right Kit
Sequitur provides two types of software kits to help customers learn about and quickly implement EmSPARKTM Security Suite in their products.
CoreTEE allows device makers to create trustworthy devices by addressing key aspects of security such as:
Secure Boot Processes:
Critical boot processes can be secured and initiated from within CoreTEE to detect and prevent boot tampering.
Cryptography and Key Management:
CoreTEE supports SoC specific cryptographic technologies and provides robust key management processes for root key implantation and subsequent management.
Secure peripheral driver framework which includes drivers for display, I2C, PIO and PMC.
Trusted Firmware-based Applications:
Encrypted, signed and part of the base firmware.
Trusted and Validated Rich OS-based Applications:
Encrypted and stored in the rich OS file system, these applications are validated and executed at runtime by CoreTEE. Applications can also be dynamically installed via secure Over-The-Air (OTA) processes.
Secure Displays and Trusted Input:
CoreTEE supports applications requiring a Trusted User Interface for secure input of information such as PIN capture.
All of the above capabilities are delivered in a standards compliant manner ensuring interoperability.
Pre-configured for Advanced Hardware Security from Microchip
The IoT Security Suite currently supports advanced hardware security components and capabilities available in the Microchip SAMA5D2 MPU. The Suite is pre-configured to support the following advanced hardware security capabilities of the SAMA5D2 MPU:
The SAMA5D2 series is a high-performance, ultra-low-power ARM Cortex-A5 processor-based MPU. The Cortex A5 processor runs up to 500MHz and features the ARM NEON SIMD engine, a 128kB L2 cache and a floating point unit. It supports multiple memories including latest-generation technologies, such as DDR3, LPDDR3, and QSPI Flash. It integrates powerful peripherals for connectivity (EMAC, USB, dual CAN, up to 10 UARTs, etc.) and user interface applications (TFT LCD controller, touch controller, class D amplifier, audio PLL, CMOS sensor interface, etc.). The devices offer advanced security functions to protect customer code and secure external data transfers. These include ARM TrustZone, tamper detection, secure data storage, hardware encryption engines including private keys, on-the-fly decryption of code stored in external DDR or QSPI memory and a secure boot loader.
CoreTEE enables the development of trusted IoT devices such as home and industrial gateways where data protection and security are important requirements.
Devices with high security requirements such as payment terminals and medical devices that have compliance and certification requirements can better comply with such regulations.
Secure Continuous Execution:
Devices in the industrial automation space require critical processes to keep running even if the rich OS fails so as not to cause catastrophic events. CoreTEE enables the uninterrupted execution of critical applications in the TEE even if the rich OS hangs or reboots.
CoreTEE’s implementation depends upon the microprocessor architecture and involves a high level of customization. Sequitur provides services for product integration, working with chip makers and assessing needs for specific features.
EmSPARK™ Security Suite: Security Through the Device Lifecycle