Microchip Technology Inc
 
Menu

SAMA5D2
The World's Most Secure MPU

Microchip is a long-term provider of secure MCUs and MPUs. Our MPUs leverage this strong expertise for to address the security requirements for other markets such as Internet of Things (IoT) nodes and gateways, smart meters, connected consumer appliances and industrial control panels. We address security at the embedded system level with a comprehensive set of security features that have earned the SAMA5D2 the highest level of certification by the payment card industry (PCI 4.1b).

  • ARM® TrustZone® technology (ensures code authentication and confidentiality)
  • On-the-fly encryption/decryption of external memories (DRAM and QSPI)
  • Integrity check monitor (SHA hashing using zero CPU overhead)
  • Secure boot capability, secure programming and debug tools
  • Anti-tamper pins
Chained chip
  • Environmental monitors (voltage, speed and temperature)
  • Hardware cryptography: AES, DES, 3DES, SHA, etc. and software libraries (RSA, ECC, PKCL, etc.)
  • Die shielding
  • Random number generators (TRNG, PRNG)
  • Secure key and certificate Storage (nonvolatile fuses plus battery backed-up registers and SRAM)

IoT Security Suite - Making the Complex Simple

Hardened Security Simplified

The IoT holds tremendous economic promise for businesses of all types. IoT networks consisting of sensors and gateways enable businesses to gather and analyze data to optimize operations, reduce costs and increase profitability. Connecting this infrastructure to the Internet brings with it some significant risks. Minimizing these risks requires securing these products from the ground up. Such a foundational approach to security requires the use of hardware security components and associated software. The IoT Security Suite by Sequitur Labs enables the rapid and easy use of advanced hardware security technologies, such as ARM TrustZone and cryptography, without developers having to undergo a long learning curve. The suite covers the most common security requirements facing IoT device manufacturers in a single, easy-to-use package.

Features:

  • Trusted Boot – Root of trust verified initial startup code, Linux® and other embedded software
  • Firmware Protection – Encryption of embedded firmware and execution of authenticated firmware
  • Trusted Device ID – Unique device certificate tied to root of trust for strong identity authentication
  • Secure Storage – TrustZone-secured cryptography, storage of keys, certificates and in-system data
  • Secure Communications – Authenticated device pairing and IoT cloud communications (OpenSSL, TLS)
  • Secure Firmware Update – Remotely upgrade MPU firmware safely and securely
MCU with key

The IoT Security Suite provides the necessary underpinnings to execute critical processes such as storing, encrypting, decrypting and exchanging keys between devices and applications. It is pre-configured to use available cryptographic resources and provides easy-to-use APIs for application developers thereby, saving time and labor associated with making use of hardware security.

Benefits

  • Isolates and protects critical data and functions
  • Pre-configured to support SAMA5D2 hardware security features: ARM TrustZone, hardware crypto engines, TRNG, secure fuses, secure SRAM
  • Reduce learning curve and implementation with simple APIs
  • Reduce cost and time to market for secure products

Software Evaluation Kit and Licenses

Sequitur Labs provides three types of kits to help to get you started with IoT Security Suite:

  1. Software Evaluation Kit
  2. Development Kit
  3. Production Kit

The software evaluation kit is available directly from the Sequitur Labs website.

  Evaluation KitDevelopment KitProduction Kit
SetupProgram the SAMA5D2 Xplained Board 
Program on custom SAMA5D2-based board 
Use Linux® kernel of choice 
Burn fuses of the SAMA5D2  
     
CapabilitiesUse APIs
Use demo applications
Use TLS mutual authentication with AWS IoT Cloud
Use TLS mutual authentication with the IoT cloud (server) of choice 
     
Application DevelopmentDevelop applications in Linux
Use OpenSSL with TrustZone®-based cryptographic functions
Use hardware-based cryptographic functions
     
Keys and CertificatesPreprogrammed (fixed) keys and certificates  
Inject and use OEM Root Certificate 
Use unique Device Certificate created and signed at programming 
Inject four additional symmetric/asymmetric keys  
     
Lifecycle ManagementSecurely upgrade firmware