You may already know the Arm Musca-A, the first Platform Security Architecture (PSA) development platform with an Arm Cortex-M33 based subsystem, Arm TrustZone and reference architecture for Arm TrustZone-based systems. The board is a great tool to evaluate the IP and develop more secure software , so it’s no surprise that has been very popular amongst developers, with many design partners across the whole ecosystem using it as a reference to develop secure IoT chip designs.
We’re pleased to introduce our new board for the development of PSA ready IoT subsystems for Cortex-M, Musca-B1. Along with the elements of Musca-A, Musca-B1 has added Arm CryptoIsland and eFlash features for increased security assurance when it is needed. Security improvements are being driven by the risk of damaged reputations and the potential costs of any critical failure. Embedded systems increasingly have to manage sensitive data and applications such as payment services. With hacking on the increase, the natural concern is to address security as a system level concern.
Another important aspect of IoT is the need to assemble systems that contain diverse elements, not only digital blocks, but also mixed-signal IP. This integration work requires preliminary architecture studies and hardware integration. Arm has worked with partners to demonstrate the integration of essential and complementary blocks like eFlash, PLL, PMU or popular interfaces, and even improve some of the IP as a result. This collaboration is key to bringing even more value to Arm IP users, who will be able to benefit from the learnings, take the architecture as a reference and reuse IP that has been optimized as a result. This partnership helps reduce further time-to-market and time-to-security.
The Musca-B1 test chip implements the recommendations of PSA, thanks to the use of the Arm SSE-200 subsystem and additional hardware elements. It also supported by Trusted Firmware-M (TF-M), an open-source initiative that provides a foundation for security. TF-M provides PSA APIs that designers can integrate to help them implementing security into their IoT software. The Musca-B1 version of TF-M is available now from trustedfirmware.org.
Creating and maintaining trust with CryptoIsland
CryptoIsland is a highly integrated security enclave, which provides local and remote entities access to a rich set of cryptographic functions, covering all major symmetric and asymmetric ciphers, hash functions, and a true random number generation. The cryptography interface is based on publicly available MbedTLS APIs, and the use of MbedTLS allows developers to smoothly switch between software-based implementation to a hardware-accelerated implementation.
CryptoIsland can be physically connected (SoC architecture wise) to more than one bus fabric, thus creating a physical distinction between service requestors, which is easy to use. That physical distinction can be used to form simple and robust isolation.
It can also mitigate attempts to compromise assets through the induction of faults, or through more invasive techniques, including tampering with the IC package. An option to include mitigation of threats aimed at exploiting vulnerabilities related to the physical implementation of the silicon is also available.
The CryptoIsland security enclave and other entities run code in the system. This is supported by strong cryptography, while the efficiency and flexibility of the process. Code confidentiality and freshness are also addressed. CryptoIsland can also be used to authenticate entities attempting to debug a design, verifying the debug rights that were granted at a fine granularity of control. Debug resources can be associated with different stored credentials, enabling the protection of assets between entities in the value chain.
The Kigen family of products (OS and remote provisioning server) runs on CryptoIsland to provide a secure identity to the device and enable integrated SIM-like functionalities.
eFlash and safe OTA
The eFlash increases security by supplying optimized hardware memory protection that can prevent observation and unauthorized modifications to Flash memory content. Power management features supported by the subsystem and the built-in Flash Controller, alongside the Flash Cache, have the potential to significantly reduce the power consumption of systems using these IP, to ensure IoT devices can run for a long time on small batteries.
IoT devices should use eFlash (or similar non-volatile memory technology) to enable remote updates, also called over-the-air (OTA). This is an essential feature for security and is supported by the test chip hardware, in conjunction with the corresponding feature implemented in software. The Musca B1 secure enclave will ensure that the OTA capability is provided without compromising security.
The result of a partnership
As highlighted earlier, we have partnered with several leading companies to develop the Musca-B1 test chip:
Silicon Creations provided a low-power PLL for Musca-B1, to generate the required clocks from a low-frequency 32kHz crystal. Using a low-frequency input is important to save energy consumed at the periphery of the chip. This IP is optimized for low consumption and is able to reach frequencies above 200 MHz, that you might need to accelerate processing in some IoT. | ||
Dolphin Integration brought one of their PMU (a.k.a VREG) solutions to the test chip, in order to bring an energy efficient conversion of incoming battery voltage. Arm selected this partner for their structured design approach to generate safely an optimized power management unit from the specific requirement of any chip. This capability is key for Arm partners wanting to develop integrated IoT systems and will help them get optimized SoCs faster and without risks. | ||
Cadence supplied peripheral interfaces (SD, I2C, I2S…) to allow connection to a range of devices. Thanks to their large peripheral IP portfolio, they can address many different needs. Arm has also used Cadence tools for the implementation of Musca-B1. | ||
As an Arm approved design house, Sondrel has worked on the Musca project, and gained an in-depth knowledge and hands-on expertise of how to use the SSE-200 subsystem for their customer projects. |
Combining third party IP with Arm elements is not just a demonstration of how IP can be connected. It also provides a reference design that improves the interoperability of the different parts in a system context and helps to optimize a solution. This experience can then be transferred to Arm partners to further reduce the time and cost of development of their own devices that would require similar features.
Any questions? We’d love to hear from you! Contact Arm if you have any questions or feedback.
Leave a Reply