NXP Semiconductors is pushing the embedded security requirements of IoT edge devices and cloud to edge connections with two new multi-core microcontrollers based around the Arm Cortex M33 core.
NXP is emphasising its multi-layered, hardware-enabled protection scheme that protects embedded systems with secure boot for hardware-based immutable root-of-trust, certificate-based secure debug authentication and encrypted on-chip firmware storage with real-time, latency-free decryption.
These are used alongside Arm TrustZone for Armv8-M and Memory Protection Unit (MPU) to ensure physical and runtime protection with hardware-based, memory mapped isolation for privilege-based access to resources and data.
“The promise of the connected world through the Internet-of-Things is extraordinary,” said Geoff Lees, senior vice president and general manager of microcontrollers at NXP. “Through NXP’s in-depth security and processing expertise, software ecosystem and breadth of portfolio, we are uniquely positioned to bring innovative and accessible advancements in IoT security to all developers.”
The key to this is a ROM-based secure boot process that uses device-unique keys to create an immutable hardware ‘root-of-trust’. The keys can now be locally generated on-demand by an SRAM-based Physically Unclonable Function (PUF) that uses natural variations intrinsic to the SRAM bitcells. This permits closed loop transactions between the end-user and the original equipment manufacturer (OEM), thus allowing the elimination of third-party key handling in potentially insecure environments. Optionally, keys can be injected through a traditional fuse-based methodology.
The security environment improves the symmetric and asymmetric cryptography for edge-to-edge, and cloud-to-edge communication by generating device-unique secret keys through innovative usage of the SRAM PUF. The security for public key infrastructure (PKI) or asymmetric encryption is enhanced through the Device Identity Composition Engine (DICE) security standard as defined by the Trusted Computing Group (TCG). SRAM PUF ensures confidentiality of the Unique Device Secret (UDS) as required by DICE. The newly announced solutions support acceleration for asymmetric cryptography (RSA 1024 to 4096-bit lengths, ECC), plus up to 256-bit symmetric encryption and hashing (AES-256 and SHA2-256) with mbedTLS optimized library.
“Maintaining the explosive growth of connected devices requires increased user trust in those devices,” said John Ronco, vice president and general manager, Embedded & Automotive Line of Business, Arm. “NXP’s commitment to securing connected devices is evident in its new Cortex-M33 based products built on the proven secure foundation of TrustZone technology, while incorporating design principles from Arm’s Platform Security Architecture (PSA) and pushing the boundaries of Cortex-M performance efficiency.”
NXP strategically chose the Cortex-M33 core for its first full-feature implementation of the Armv8-M architecture to provide security platform benefits and substantial performance improvements compared to existing Cortex-M3/M0 MCUs (over 15 to 65 percent improvement, respectively). One of the key features of the Cortex-M33 is the dedicated co-processor interface that extends the processing capability of the CPU by allowing efficient integration of tightly-coupled co-processors while maintaining full ecosystem and toolchain compatibility.
The key to this is a ROM-based secure boot process that uses device-unique keys to create an immutable hardware ‘root-of-trust’. The keys can now be locally generated on-demand by an SRAM-based Physically Unclonable Function (PUF) that uses natural variations intrinsic to the SRAM bitcells. This permits closed loop transactions between the end-user and the original equipment manufacturer (OEM), thus allowing the elimination of third-party key handling in potentially insecure environments. Optionally, keys can be injected through a traditional fuse-based methodology.
NXP is also working with Dover Microsystems to introduce Dover’s CoreGuard technology in future platforms. This is a hardware-based active defense security IP that instantly blocks instructions that violate pre-established security rules, enabling embedded processors to defend themselves against software vulnerabilities and network-based attacks.
“Maintaining the explosive growth of connected devices requires increased user trust in those devices,” said John Ronco, vice president and general manager, Embedded & Automotive Line of Business, Arm. “NXP’s commitment to securing connected devices is evident in its new Cortex-M33 based products built on the proven secure foundation of TrustZone technology, while incorporating design principles from Arm’s Platform Security Architecture (PSA) and pushing the boundaries of Cortex-M performance efficiency.”
NXP strategically chose the Cortex-M33 core for its first full-feature implementation of the Armv8-M architecture to provide security platform benefits and substantial performance improvements compared to existing Cortex-M3/M0 MCUs (over 15 to 65 percent improvement, respectively). One of the key features of the Cortex-M33 is the dedicated co-processor interface that extends the processing capability of the CPU by allowing efficient integration of tightly-coupled co-processors while maintaining full ecosystem and toolchain compatibility.
NXP has used this capability to implement a co-processor for accelerating key ML and DSP functions, such as, convolution, correlation, matrix operations, transfer functions, and filtering; enhancing performance by as much as 10x compared to executing on Cortex-M33. The co-processor further leverages the popular CMSIS-DSP library calls (API) to simplify customer code portability.
The LPC5500 devices provide single and dual core Cortex-M33 in a 40nm process with integrated DC-DC that delivers industry-leading performance at a fraction of power budget, up to 90 CoreMarks/mA. The high density of on-chip memory, up to 640KB flash and 320KB SRAM, enables efficient execution of complex edge applications. Further, NXP’s autonomous, programmable logic unit for offloading and execution of user-defined tasks delivers enhanced real-time parallelism.
The LPC5500 devices provide single and dual core Cortex-M33 in a 40nm process with integrated DC-DC that delivers industry-leading performance at a fraction of power budget, up to 90 CoreMarks/mA. The high density of on-chip memory, up to 640KB flash and 320KB SRAM, enables efficient execution of complex edge applications. Further, NXP’s autonomous, programmable logic unit for offloading and execution of user-defined tasks delivers enhanced real-time parallelism.
The i.MX RT600 crossover Platform is aimed at real time machine learning and artificial intelligence by adding a 600MHz Cadence Tensilica HiFi 4 DSP and shared on-chip SRAM of up to 4.5MB to a 300MHz M33 with a wide operating voltage. The ML performance is further enhanced in the DSP with 4x 32-bit MACs, vector FPU, 256-bit wide access bus, and DSP extensions for special Activation Functions (e.g., Sigmoid transfer function).
Related stories:
No comments:
Post a Comment