Microchip Technology Inc


The World’s Most Secure MPU

Microchip is a long-term provider of secure MCUs and MPUs. Our MPUs leverage this strong expertise for to address the security requirements for other markets such as Internet of Things (IoT) nodes and gateways, smart meters, connected consumer appliances and industrial control panels. We address security at the embedded system level with a comprehensive set of security features that have earned the SAMA5D2 the highest level of certification by the payment card industry (PCI 4.1b).

  • ARM® TrustZone® technology (ensures code authentication and confidentiality)
  • On-the-fly encryption/decryption of external memories (DRAM and QSPI)
  • Environmental monitors (voltage, speed and temperature)
  • Hardware cryptography: AES, DES, 3DES, SHA, etc. and software libraries (RSA, ECC, PKCL, etc.)
  • Integrity check monitor (SHA hashing using zero CPU overhead)
  • Secure boot capability, secure programming and debug tools
  • Anti-tamper pins
chained-up chip
  • Die shielding
  • Random number generators (TRNG, PRNG)
  • Secure key and certificate Storage (nonvolatile fuses plus battery backed-up registers and SRAM)

IoT Security Suite - Making the Complex Simple

Hardened Security Simplified

The IoT holds tremendous economic promise for businesses of all types. IoT networks consisting of sensors and gateways enable businesses to gather and analyze data to optimize operations, reduce costs and increase profitability. Connecting this infrastructure to the Internet brings with it some significant risks. Minimizing these risks requires securing these products from the ground up. Such a foundational approach to security requires the use of hardware security components and associated software. The IoT Security Suite by Sequitur Labs enables rapid and easy use of advanced hardware security technologies, such as ARM TrustZone and cryptography, without developers having to undergo a long learning curve. The suite covers the most common security requirements facing IoT device manufacturers in a single, easy-to-use package.


  • Trusted Boot – Root of trust verified initial startup code, Linux® and other embedded software
  • Firmware Protection – Encryption of embedded firmware and execution of authenticated firmware
  • Trusted Device ID – Unique device certificate tied to root of trust for strong identity authentication
  • Secure Storage – TrustZone-secured cryptography, storage of keys, certificates and in-system data
  • Secure Communications – Authenticated device pairing and IoT cloud communications (OpenSSL, TLS)
  • Secure Firmware Update – Remotely upgrade MPU firmware safely and securely



The IoT Security Suite provides the necessary underpinnings to execute critical processes such as storing, encrypting, decrypting and exchanging keys between devices and applications. It is pre-configured to use available cryptographic resources and provides easy-to-use APIs for application developers thereby, saving time and labor associated with making use of hardware security.


  • Isolates and protects critical data and functions
  • Pre-configured to support SAMA5D2 hardware security features: ARM TrustZone, hardware crypto engines, TRNG, secure fuses, secure SRAM
  • Reduce learning curve and implementation with simple APIs
  • Reduce cost and time to market for secure products

Software Evaluation Kit and Licenses

Sequitur Labs provides three types of kits to help to get you started with IoT Security Suite:

  1. Software Evaluation Kit
  2. Development Kit
  3. Production Kit

The software evaluation kit is available directly from the Sequitur Labs website.

    Evaluation Kit Development Kit Production Kit
Setup Program the SAMA5D2 Xplained Board  
Program on custom SAMA5D2-based board  
Use Linux® kernel of choice  
Burn fuses of the SAMA5D2    
Capabilities Use APIs
Use demo applications
Use TLS mutual authentication with AWS IoT Cloud
Use TLS mutual authentication with the IoT cloud (server) of choice  
Application Development Develop applications in Linux
Use OpenSSL with TrustZone®-based cryptographic functions
Use hardware-based cryptographic functions
Keys and Certificates Preprogrammed (fixed) keys and certificates    
Inject and use OEM Root Certificate  
Use unique Device Certificate created and signed at programming  
Inject four additional symmetric/asymmetric keys    
Lifecycle Management Securely upgrade firmware