“Very few processors today can be booted securely and therefore are untrusted, and yet threats have never been greater, especially as the industry embeds processors into increasingly critical applications, such as driver assist in automotive, process control and automation for manufacturing, as well as our hyper-connected world in the emerging Internet-of-Things,” said Tim Morin, director of marketing at Microsemi.
The key management and secure boot technology has been ported to the SmartFusion2 FPGA that includes an ARM Cortex-M3 core to provide a secure boot for other ARM-based application processors. The M3 core could also be used as a controller in more cost sensitive applications, says Morin.
“From a micocontroller perspective there is no doubt there is a cost of adding smartfusion2 is not going to be a solution unless it has the microcontroller and solves the same problem for a slightly higher cost,” he said. “A microcontroller is little bit more secure than a processor than a microprocessor because it is all self contained. Smartfusion2 is probably the most secure CortexM3 outside of a smartcard chip which you can’t use for industrial applications as it only has four pins.”
The reference design is aimed at processors in applications such as routers and gateways that are being used in M2M and IoT networks. “The microprocessors out there running operating systems is where we add value and the bill of materials isn’t $50, it’s $150 or $200 there’s tremendous more risk associated with these devices,” said Morin
The reference design makes use of security features in the SmartFusion2 device includes on-chip oscillators, accelerators for cryptographic services, secure key storage, a true random number generator, on-chip boot code storage in secure embedded flash memory (eNVM) and at-speed serial peripheral interface (SPI) flash memory emulation to enable a secure boot of an external processor at speed. It also uses secure techniques such as generating random numbers from the noise of the internal SRAM and differential power analysis (DPA) resistant anti-tamper measures using technology licensed from Cryptography Research Incorporated (CRI).
The reference design implements a “chain of trust” process. At each stage of the boot-process through to the top application layer, each subsequent boot phase is validated by the previously trusted code before further code execution is allowed. The reference design also provides a public instance of Microsemi’s WhiteboxCRYPTO security product that is supplied to defense customers, which enables transport of a symmetric encryption key in a plain text environment through complex algebraic decomposition of the crypto key and strong obfuscation. A graphical user interface (GUI) device allows users to encrypt their application code for subsequent programing into an SPI flash and decryption in the host processor for execution. In addition, a complete user’s guide assists developers with implementing secure boot capabilities in their embedded systems.
Microsemi also plans to offer reference designs for the secure booting of application processors from manufacturers including ARM, Intel and Freescale. “At the end of Q1 we will target a Cortex-A5 core in another processor running full blown Linux, and every quarter we will be target new processors and customers will be able to target their own processors,” said Morin. “This is a reference design that can be ported to an embedded processor and we will target specific processors.”