arm Cortex-M23 and On-Chip-Security for IoT applications

Typical applications using SAM L11

Figure 2 shows four typical applications for the SAM L11, the upper left part of which assumes that malware is imported into the application via the wireless connection. After this is detected, for example, by attempting to access secure storage areas, a secure boot can be performed in the partition protected with TrustZone, i.e. the application is deleted together with the malware and a copy stored in the secure area is copied into the application memory.

In the example at the bottom right, the entry of a PIN via a touch keyboard together with a key stored in the secure memory on the chip is encrypted and the result is transferred to the unsecure area of the application, which then transmits it in encrypted form via the wireless interface. It is important here that at no time unencrypted data is visible outside the memory protected by TrustZone.

On the software side, Microchip has entered into a partnership with Trustronic, which has developed the secure operating system "Kinibi-M". Via 7 modules, which can be selected via a GUI, the user can select properties such as secure booting, authentication, encryption, IP protection or tamper detection (Fig. 3).

Microchip calls the OS "Software Development Kit" because it is believed to simplify the development of secure applications. Even if this is the case, I personally find the mixture between the operating system and the development kit questionable.

Besides "Kinibi-M" Microchip has also entered into a partnership with the company "SecureThingz" (no typing error!). Secure Thingz was recently purchased by IAR Systems and has developed the so-called Secure Deploy architecture, an integrated solution for the provision of the "Supply Chain of Trust". The Secure Deploy architecture is designed to improve and simplify security implementations throughout the lifecycle of product creation, manufacture and management, ultimately protecting intellectual property throughout the product lifecycle. The architecture integrates with Tier 1 programming and manufacturing systems and eliminates overproduction and counterfeiting.

Matchmaker+ Anbieter zum Thema

zu Matchmaker+

Microchip's capacitive peripheral touch controller (PTC) stands out particularly in terms of tolerance to water. Resistance to dew, sweat, rain and even running water makes it suitable for use in IP68 products, while advanced filter functions further reduce noise and response time. Supports up to 100 buttons, sliders, wheels and surfaces up to 8x8 cm in size, whereby even several buttons can be processed in parallel. Noise from motors, power lines 50/60 Hz, transceivers, fluorescent light or power supplies is suppressed so well that the noise immunity test IEC/EN 61000-4-6 is passed at 10 Vrms.

Microchip provides the tools QTouch Modular Library, 2D Touch Surface Library and QTouch Configurator for implementing the touch function.

ULPMark power consumption benchmark sets new record

The data sheet contains the following power consumption values: less than 25 µA/MHz in active mode, less than 10 μA/MHz in idle mode with a wake-up time of 1.5 µs, less than 600 nA in standby mode with complete RAM storage and wake-up times of 5.3 µs and less than 100 nA in stop mode. The EEMBC-certified benchmark score for ULPMark in the core profile is 400 at 1.8 V supply voltage and 282 at 3.0 V (405 or 281 for the SAM L10). According to our own measurements, this is a new record value when the startup AmbiqMicro is left out, so far the STM32L433 from ST Microelectronics with a score of 325.78 at 1.8 V was at the top of the field. However, it is driven by a Cortex-M4 CPU, while the Cortex-M23 with its identical 2-stage pipeline is virtually the "safe successor" of the Cortex-M0+.

If you want to follow Microchip's marketing slides and are restricted to Cortex M0+ MCUs only, the SAML21 was the leader in Revision A with an ULPMark score of 240.11 at 1.8 V and 147.08 at 3.0 V. This means that at 1.8 V the SAML11 reaches a value 66.6 % higher than the SAML21 and at 3.0 V a value 91.7 % higher.  On the EEBC website you can find an even higher score of 185.80 for the SAML21 at 3.0 V (there is no score published at 1.8 V). In this case, the SAML11 score at 3.0 V is 52 % higher than the SAML21.

Values for the ULPMark peripheral profile, which takes into account not only the CPU and memory implementation but also the timer, real-time clock and A/D converter, were not specified.

With a power debugger and a data analysis tool, power consumption can be analyzed in real time and adjusted as needed during operation.

Conclusion

Microchip's new SAML11 offers a lot of security and low power consumption, an ideal combination for IoT applications such as medical devices, wearables, home automation, fitness trackers etc.

What is missing for some of these applications, however, is an integrated radio module, such as the STM32WB from ST, the SimpleLink from TI or the Kinetis K32W0x from NXP. Microchip is stuck with multi-chip solutions for wireless data transmission, but there is no comparable MCU with similar hardware security as the SAML11 with its Cortex-M23.

STM32WBx, SimpleLink and K32W0 are all based on arms Cortex-M4, which does not implement TrustZone technology, together with a Cortex-M0/M0+ for the wireless stack. In terms of power consumption in active mode, all three chips are then at least twice as high as the SAML11, in the case of NXP even three times as high.

Due to the omission of TrustZone, the SAM L10 is, of course, also clearly behind in terms of security level, but it is likely to be significantly cheaper than the L11, although it is the same silicon that is only switched off for some functions.

Thanks to its outstanding energy efficiency and unrivalled security features in its market segment, the SAML11 in particular should undoubtedly find its buyers even without an on-chip transceiver.

For developers there are evaluation kits Xplained Pro for the SAM-L10 (DM320204) and SAM- L11 (DM320205) for $58 each. The SAM-L10/L11 MCUs are supported by the integrated development environment (IDE) Atmel Studio 7, the IAR Embedded Workbench, arm Keil MDK and Atmel START, a free online tool that allows peripherals and software to be configured for secure applications using TrustZone technology.

The temperature range is -40°C to 85°C, also variants according to AEC-Q100 REVH with -40ºC to +125ºC are planned, as well as a Class-B safety library according to IEC 60730.

SAM-L10 and SAM-L11 chips are now available in various pin numbers (24 and 32) and package types in large quantities. All further details can be found in the attached 1226 page data sheet.

1. arm Cortex-M23 and On-Chip-Security for IoT applications
2. Typical applications using SAM L11