STMicroelectronics and NXP launch ARM Cortex-M33 based chips in bid to secure the IoT
LONDON — Security is suddenly a hot topic. It’s unsurprising, given all the talk about connecting devices and implementing Internet of Things (IoT) devices, coupled with more awareness of the potential threats from cyber-attacks. Recognizing this, STMicroelectronics and NXP Semiconductors have both launched microcontrollers utilizing the Arm Cortex-M33 integrating TrustZone to enable greater IoT security.
STMicroelectronics this week launched the STM32L5 microcontroller, which builds on the Cortex-M33 hardware-based security with its own enhancements such as flexible software isolation, secure boot, key storage and hardware cryptographic accelerators. It is aimed at power conscious connected devices, utilizing the company’s expertise in low-power techniques such as adaptive voltage scaling, real-time acceleration, power gating and multiple reduced-power operating modes proven in previous STM32L series. This enables it to provide long run-times powered by coin cells or energy harvesting, consuming as little as 33nA in shutdown mode and achieving 402 ULPMark-CP in the EEMBC ULPBench.
Meanwhile, NXP launched its LPC5500 series single and dual-core 100MHz Arm Cortex-M33 microcontrollers in 40nm flash technology for a range of industrial and IoT edge applications. The company says it combines hardened security subsystems and software into a secure execution environment (SEE). Its' LPC55S69 devices achieve 32uA/MHz efficiency at up to 100 MHz core clock frequency, dual-core Cortex-M33 capability with additional tightly coupled accelerators for signal processing and cryptography, and up to 640KB Flash and 320KB on-chip SRAM for advanced edge applications.
Matt Short, senior director for IoT at IHS Markit, said it was good to see security coming to the top of the agenda. He said all the chip vendors are talking to the same customers who are all expressing concern about security.
The STM32L5 architecture. (Source: STMicroelectronics)
“With IoT, security has now become a must have," Short said. "It’s good to see security and trust being a topic of conversation, even down at the microcontroller level. A hardware root of trust is essential. STMicro stayed in a 90nm process and optimized for power consumption, using a more mature process and using some circuit design techniques to significantly reduce battery power. Maybe there’s a cost advantage for 90nm, too. On the other hand, NXP opted for performance in a 40nm process.”
In general, Short said, it's a good move for ST to optimize for battery power over processor performance. But he said the real differentiation for ST, NXP and other companies comes in the the ecosystems they build around the microcontroller.
"The conversation is gradually shifting from hardware and software to partnerships and ecosystems,” Short said.
ST launched its STM32L5 with a demo in Silicon Valley this week at Arm TechCon, created in collaboration with Arm and security software specialist Prove & Run.
“IoT devices are increasing in intelligence and functionality, and security needs to be built in from the ground up," said John Ronco, vice president and general manager for embedded and automotive at Arm. "The STM32L5 series makes it easier for developers to build trusted devices on the Platform Security Architecture (PSA) framework with the Cortex-M33 processor, TrustZone technology and enhanced SoC security features.”
Dominique Bolignano, president and founder of Prove & Run, provider of the ProvenCore-M secure RTOS, said working with ST to prepare the demonstration showed the company how to leverage STM32L5 hardware features to increase the protection needed for connected devices to handle the latest cyber threats.
Bertrand Denis, ST's product manager for 32-bit MCUs, told EETimes in a telephone briefing that ST was seeing more requests from customers to create isolation and protect against logical and board-level attacks. Logical attacks include malicious code injection, malware replacing genuine programs and "man-in-the middle" attacks. Board-level attacks include cloning attacks, fault injection, and side channel attacks.
The TrustZone IP integrated in STM32L5 series MCUs implements trusted computing principles for authenticating devices connected to a network. The implementation of TrustZone in the STM32L5 provides high granularity isolation, meaning that STM32L5 series users have options to include or exclude each I/O, peripheral, or area of flash or SRAM from TrustZone protection, allowing sensitive workloads to be fully isolated for maximum security.
Denis added that in addition to trusted and un-trusted zones, further separation is possible with privileged and unprivileged zones –— enabling strong granularity to define each part of memory or each peripheral and DMA channel as privileged or unprivileged. So, for example, secured boot and secured keys sit in the trusted and privileged area, while the RF stack can be in the untrusted and unprivileged area.
ST engineered TrustZone to support secure boot, special read-out and write protection for integrated SRAM and flash, and cryptographic acceleration including AES 128/256-bit key hardware acceleration, private key acceleration (PKA), and AES-128 On-The-Fly Decryption (OTFDEC) to protect external code or data. Active tamper detection and support for secure firmware install are also included.
In addition to security, Denis said further differentiators for the STM32L5 series over other MCUs in its ultra-low power STM32L family are its large 512Kbyte flash memory, 256Kbyte RAM, plus USB Type-C with power delivery controller and CAN FD connectivity.
The 512 Kbyte dual-bank flash allows read-while-write operation to aid device management and ensures a high level of safety by supporting error correction code (ECC) with diagnostics. The 256Kbyte-SRAM and features to support high-speed external memory including single, dual, quad, or octal SPI and Hyperbus Flash or SRAM, and an interface for SRAM, PSRAM, NOR, NAND or FRAM.
The STM32L5 series’ USB Full Speed with dedicated supply allows customers to keep USB communication even when the system is powered at 1.8V, and a UCPD controller compliant with USB Type-C Rev. 1.2 and USB Power Delivery Rev. 3.0 specifications. The USB is targeted at mainly connected devices in consumer wearables, while the CAN FD is more for industrial applications. “We see a lot of demand for this in e-bikes,” said Denis.
In addition to the flexible power-saving operating modes and ST’s ultra-low-power technologies, the STM32L5 series also features a highly efficient switched-mode step-down regulator that improves low-power performance when the VDD voltage is high enough and can be powered up or down on-the-fly. Leveraging high core performance, including support for DSP instructions and floating-point arithmetic, STM32L5 series MCUs achieve up to 165 DMIPS/427 CoreMark using the ST ART Accelerator at 110 MHz. As a novel enhancement in STM32L5 MCUs, the ST ART Accelerator now supports both internal flash and external memory with an 8KByte instruction cache for greater efficiency in case the software runs out of external memory.
The STM32L5 series is available in standard temperature grade for consumer and commercial applications, or high-temperature grade specified from -40°C to 125°C for challenging environments.
NXP says its new LPC5500 microcontrollers deliver on the vision to secure IoT edge devices and cloud to edge connections. The MCUs provide secure boot for hardware-based immutable root-of-trust, certificate-based secure debug authentication, and encrypted on-chip firmware storage with real-time, latency-free decryption.
“Maintaining the explosive growth of connected devices requires increased user trust in those devices," said Arm's Ronco. "NXP’s commitment to securing connected devices is evident in its new Cortex-M33 based products built on the proven secure foundation of TrustZone technology, while incorporating design principles from Arm’s PSA and pushing the boundaries of Cortex-M performance efficiency.”
In order to establish device trustworthiness, NXP’s ROM-based secure boot process utilizes device-unique keys to create an immutable hardware root-of-trust. The keys can then be locally generated on-demand by an SRAM-based Physically Unclonable Function (PUF) that uses natural variations intrinsic to the SRAM bitcells. This permits closed loop transactions between the end-user and the original equipment manufacturer (OEM), thus allowing the elimination of third-party key handling in potentially insecure environments. Optionally, keys can be injected through a traditional fuse-based methodology.
The company’s SEE (secure execution environment) generates device-unique secret keys through innovative usage of the SRAM PUF. The security for public key infrastructure (PKI) or asymmetric encryption is enhanced through the Device Identity Composition Engine (DICE) security standard as defined by the Trusted Computing Group (TCG). SRAM PUF ensures confidentiality of the Unique Device Secret (UDS) as required by DICE. The new NXP MCU supports acceleration for asymmetric cryptography (RSA 1024 to 4096-bit lengths, ECC), plus up to 256-bit symmetric encryption and hashing (AES-256 and SHA2-256) with mbedTLS optimized library.
NXP strategically selected Cortex-M33 to leverage the first full-feature implementation of Arm v8-M architecture to provide security platform benefits and substantial performance improvements compared to existing Cortex-M3/M0 MCUs (more than 15% to 65% improvement, respectively).
One of the key features of the Cortex-M33 is the dedicated coprocessor interface that extends the processing capability of the CPU by allowing efficient integration of tightly-coupled co-processors while maintaining full ecosystem and toolchain compatibility.
NXP has utilized this capability to implement a co-processor for accelerating key ML and DSP functions, such as, convolution, correlation, matrix operations, transfer functions, and filtering; enhancing performance by as much as 10x compared to executing on Cortex-M33. The coprocessor further leverages the popular CMSIS-DSP library calls (API) to simplify customer code portability.
The LPC5500 platform offers single or dual-core Cortex-M33 with integrated DC-DC to deliver high performance: up to 90 CoreMarks/mA. The high density of on-chip memory, up to 640KB flash and 320KB SRAM, enables efficient execution of complex edge applications.
NXP partnered with Dover Microsystems to introduce Dover’s CoreGuard technology in future platforms. CoreGuard is a hardware-based active defense security IP that instantly blocks instructions that violate pre-established security rules, enabling embedded processors to defend themselves against software vulnerabilities and network-based attacks.
The lead device family is enabled with LPC55S69-EVK, an evaluation board supported by NXP's MCUXpresso Integrated Development Environment and comprehensive software development kit, which includes peripheral drivers, security and connectivity middleware, Amazon FreeRTOS based demos, and Arm TrustZone based security examples. Additional security tools include, host-side tool to create and sign a secure flash image, flash programming with SRAM PUF key provisioning and secure debug certificate generator. Partner tools from Arm Keil MDK, IAR Embedded Workbench, Segger and others have been enabled to support LPC55S69-EVK.
NXP is sampling LPC55S69 development boards and 100-pin LQFP packages, with associated MCUXpresso based software development kit. Volume production commences in Q1-2019 with devices within the LPC55S6x family are starting at a per unit price of $1.99 MSRP USD for 256KB Flash and $2.49 MSRP USD for 640KB Flash, in 10,000-unit quantities.