Loading...

EmSPARK™ Security Suite for Microchip SAMA5D2 and SAMA5D27-SOM1

The EmSPARKTM Security Suite is a software solution that makes it easy for IoT device OEMs to develop secure and trustworthy products.

GET STARTED

More Information

BUY ATSAMA5D27-SOM1

Secure IoT - By Design

The SAMA5D2 series is a high-performance, ultra-low-power Arm Cortex-A5 processor-based MPU. It includes several advanced security features including tamper detection, secure fuses, secure RAM and Arm® TrustZone® based hardware isolation (secure enclave). The SAMA5D2 powers a number of products where power consumption and security are paramount including payment terminals, biometric readers, industrial gateways and building control systems.

The SAMA5D2-SOM1 is a small single-sided System-On-Module (SOM) based on the high-performance 32-bit Arm® Cortex®-A5 processor-based MPU SAMA5D27 running up to 500 MHz. The SAMA5D27 SOM1 is built on a common set of proven Microchip components to reduce time to market by simplifying hardware design and software development.  The SOM also simplifies design rules of the main application board, reducing overall PCB complexity and cost.

Trusted ID:

EmSPARKTM Security Suite gives your device a unique ID tied to the hardware root-of-trust. This ID cannot be spoofed and therefore facilitates a number of secure processes such as authentication.

Encrypted Boot Chain:

Extends secure boot capabilities of the hardware platform. It secures the boot process from initial ROM boot to deploying a trusted, authenticated Linux OS and your firmware. This process ensures the fidelity of your firmware, preventing theft or compromise by malware.

Key and Certificate Management:

From mutual authentication to securely connecting to IoT cloud, public-private key combinations offer a proven mechanism to execute a variety of functions securely. The Suite include robust key and certificates management in a TrustZone-isolated keystore.

Firmware Authentication & Secure Firmware Update:

Complementing the trusted boot architecture, the secure firmware update provides assurance for device’s lifecycle.

IoT Security Suite Secure Enclave Description Diagram

Suite Components

IoT Security Suite Components Graphic

The Suite includes a number of components that help streamline deployment and enable secure functions. Components include:

1

CoreTEETM

SecEdge’s Trusted Execution Environment (Secure OS) which is required to utilize ARM® TrustZone® and TrustZone secured resources.

2

Hardware Crypto Engines

TrustZone integrated crypto engine and OpenSSL plugin are accessible in Linux.

3

Easy to Use APIs

Easily implements security functions. Allows developers to focus on their application and not on the intricacies of hardware or TrustZone security.

4

Packaging Tool

Step by step tool that simplifies firmware development and IP protection, abstracting the complexity of secure boot and TrustZone.

5

In-system Provisioning Procedure and Toolset

Includes anti-replay measures and IP protection.

How It Works

1

Initial Setup:

EmSPARKTM Security Suite makes it easy to implement a basic security framework on your target board. This could be an evaluation board such as the Microchip Xplained Rev C board or your production board. The process for both is largely the same with a few exceptions (see Device Provisioning below). It provides a systematic process for creating a firmware package that can be flashed to the board. The Packaging tool includes scripts and applets so all you have to do is run the script to:

  • Initiate the encrypted boot process
  • Establish the secure enclave and initialize CoreTEE (Trusted Execution Environment)
  • Decrypt and install an authenticated version of Linux
2

Application Development:

The Suite implements APIs for developers to access a variety of secure services. APIs are included for:

  • Certificate management
  • Secure storage
  • Secure firmware update
  • Secure payload verification

The APIs allow developers to focus on developing their application without having to learn the intricacies of hardware security.

3

Device Provisioning:

EmSPARKTM Security Suite enables secure manufacturing via a secure device provisioning process. The process prevents the unauthorized manufacturing of devices by contract manufacturers and thereby protects OEM revenues and intellectual property. Device provisioning refers to the initial injection of keys and certificates during time of manufacture that essentially assert the claim of the manufacturer over the device. The keys are a source of authentication of the device throughout its lifecycle so it is important to understand how the Suite handles this process. Note that the Suite, as part of the Packaging tool, supplies the method to inject keys as part of building the firmware package. It supports in-system or high volume production provisioning. The choice belongs to the OEM.

Getting Started

SecEdge provides evaluation software kits and supporting documentation to help customers learn about and quickly implement EmSPARKTM Security Suite in their products.

Development Kit

For early product development

Evaluation Kit

For pre-purchase evaluation of the EmSPARKTM Security Suite

Documentation

Supporting documents for EmSPARKTM Security Suite

Installation Demo

How to implement the EmSPARKTM Security Suite for Microchip

HIDDEN 10/28/21 - Hide Kit descriptions until updated.

Getting Started With the Right Kit

SecEdge provides two types of software kits to help customers learn about and quickly implement EmSPARKTM Security Suite in their products.

Development Kit

For early product development

Evaluation Kit

For pre-purchase evaluation of the EmSPARKTM Security Suite

Production Kit

For final product development and commercial production

Installation Demo

How to implement the EmSPARKTM Security Suite

Capabilities of the Microchip SAMA5D2 MPU

Hardware security features of the Microchip SAMA5D2 MPU and SAMA5D27-SOM1 System on Module that not currently supported by the Suite can be implemented on the custom basis by SecEdge Professional Services.

Cryptography

  • HW acceleration for 3DES/AES
  • SW library for RSA Elliptic Curves (ASCL)
  • High quality random TRNG
  • Hashing up to SHA512
  • Protection against side channels

Physical Protection Attack

  • Battery backed-up secure area
  • Tamper pins dynamic and static
  • Voltage, frequency and temperature monitors
  • Die shield
  • Jtag monitoring
  • Secure packaging

Code Protection

  • TrustZone and MMU
  • On-the-fly DDR/QSPI encryption - AES128
  • Scrambling of internal and external memories
  • Integrity check monitor on internal and external memories with independent SHA256
  • Secure debug modes
  • Secure boot loader (public and private key)

Secure Key Storage

  • Battery backed-up secure SRAM with erasure upon security event
  • Battery backed-up secure register for master key
  • 544 fuses for customer usage
  • TrustZone protected storage

Microchip Premier Third Party Partner

SecEdge specializes in designing with Microchip products. Visit the Microchip Technology website for more information by clicking the logo.

GET STARTED

Download the FREE EmSPARKTM Security Suite Software Evaluation Kit to get started on implementing advanced security for your IoT device. Download the kit by registering.

Access SW Kit

EmSPARKTM SECURITY SUITE PRODUCT BROCHURE

Download a PDF of the EmSPARKTM Security Suite Brochure.

Download

HAVE QUESTIONS?

Visit the EmSPARKTM Security Suite Frequently Asked Questions.

FAQ
© by SecEdge Inc. All Rights Reserved.
Loading...