Click on a topic to view questions and answers about SecEdge's EmSPARKTM Security Suite, EmPOWERTM Lifecycle Management Platform, and supported platforms.
SecEdge's EmSPARKTM Security Suite is state-of-the-art security software that simplifies the use of advanced hardware security and reduces time to market for building more trustworthy products using our partners' processors. EmSPARKTM simplifies implementation of the most common tasks related to securing an IoT or embedded device including:
Devices secured by the EmSPARKTM Security Suite help customers reduce the risk and liability associated with IoT deployments. The Suite covers security requirements relevant at various stages of a product’s lifecycle.
We believe that a product must be secured from the time it is manufactured to the time it is decommissioned. This ensures that a company’s intellectual property (IP) is not stolen, the device operates without compromise at any point in its life, and that customer data is protected at all times. Additionally, it ensures that connections with remote systems, such as IoT cloud servers, are secure and tamper-proof.
For example, the EmSPARKTM Security Suite enables implementing a root of trust, which supports a variety of secure processes such as trusted boot. It creates a dual operating environment because our partner’s processors can switch between secure and non-secure states. This allows isolating and separating critical material and data in a hardware secured area, dramatically improving device security. Developers can easily build applications that use secure resources without having to become experts in cryptography and complex hardware security technologies.
The Suite delivers a host of capabilities, including the integration of OpenSSL with functions secured by TrustZone and preconfigured to use cryptographic functions available in our partner’s processors. The EmSPARKTM Security Suite also includes key management functions that form the basis of several secure processes such as trusted boot, storage and authentication with IoT clouds.
This allows you as the developer to focus on building the application and the device rather than spend time reading through data sheets to configure various hardware components. Result—get your products to market faster.
The EmSPARKTM Security Suite comprises the following components:
TrustZone® is a robust, proven hardware solution for security. It is an on-chip security enclave providing hardware isolation and protection for sensitive material such as cryptographic keys, intellectual property and data. TrustZone-enabled SoCs are found in over a billion devices such as payment terminals, set-top boxes and mobile phones. TrustZone is fast becoming a standard way for IoT device makers to implement security. With TrustZone, security is designed into the product and secure functions propagated throughout the product. This results in a more secure device. It is important to note, that not all SoCs implement TrustZone the same way. This can impact your design.
For more details on the TrustZone®, please visit Arm’s website at http://www.arm.com/products/processors/technologies/trustzone.
TEE stands for Trusted Execution Environment. On top of the hardware foundation of the Arm® TrustZone® technology, the TEE adds a functional runtime environment with standards compliant APIs, strong application separation through the security focused microkernel, and strong protection of sensitive assets through access control and cryptography.
While TrustZone establishes “Normal” (non-secure) and Secure worlds, the TEE facilitates communications across these domains. Applications and functions in the Normal domain can invoke secure functions resident in the TEE through the Secure Monitor, which manages the state change from Non-secure to Secure.
The Trustzone/TEE combination enables handling sensitive data without the risking exposure. In addition, due to the integrity in the boot process, the functions provided by the TEE are less likely to be compromised by malicious code.
The TEE is also used to secure access to peripherals by implementing peripheral drivers in the TEE. This protects access to peripherals such as persistent storage, memory and displays.
Trusted Applications (TAs) are code and functions that execute only when the device is in secure state. The suite includes pre-built TAs as described above but does not allow writing custom TAs. To write custom TAs, you must obtain a license to use SecEdge's Trusted Execution Environment—CoreTEE. A full license to CoreTEE enables greater flexibility than allowed by the security suite. To discuss this option, please Email SecEdge.
There is a negligible performance impact when switching between secure and non-secure states. Switching overhead is similar to or less than that which results from a thread context switch in an operating system such as Linux.
Yes! The Suite includes procedures to load keys and certificates that enable your device to be authenticated by AWS IoT Cloud. The Evaluation Kit includes a step-by-step guide and example application to establish a TLS connection with AWS IoT (to be used with the MQTT protocol). The Suite facilitates the creation of a unique device certificate to be used for TLS mutual authentication. The Suite is cloud provider agnostic. We do not recommend any particular cloud service provider.
EmPOWER™ is a SaaS solution that provides the lifecycle management platform needed to secure, provision and update intelligent edge devices.
Together with the EmSPARK™ Security suite, EmPOWER™ enables OEM’s to actively protect their devices, business, and customers.
With EmPOWERTM, you can register devices with mutual authentication (chip and cloud), update devices securely, Gain insights into device behavior, and detect and respond to threats.
EmPOWERTM can provide registration and update services for devices that provide secure credentials like smart MCU’s, MCUs with secure elements or trusted platform modules, and smart flash. Contact us for more information.
We provide three different options for you to license the EmSPARKTM Security Suite. They are outlined in the table below:
SW Evaluation Kit | Production Kit | |
---|---|---|
Description | Evaluation (non-secure) version of EmSPARKTM Security Suite. Write trial applications for:
|
Final production-ready, fully functional software kit with all the features of the EmSPARKTM Security Suite. |
What You Get | Zip file containing all the required files to flash the development boards. Documentation, examples in source code, and software in a downloadable package.
|
Same as Evaluation Kit PLUS:
|
What You Need | Choose your evaluation platform | Contact Us |
Price | FREE | Contact Us |
Licensing | Click-through agreement | Contact Us |
Support | Pre-sales support and consultation | Email support included, telephone hotline support available for purchase. |
Where To Get It | www.secedge.com/emspark/free-eval-kit | Call your Microchip sales person or FAE, or Email SecEdge. |
Read and sign the EmSPARKTM Security Suite Software Evaluation Kit License Agreement to get started on implementing advanced security for your IoT device.
Contact us and we will get back to you as soon as possible.
SUBSCRIBE TO OUR NEWSLETTER