NuMicro M2351 Series€¦ · Armv8-M CPU (TrustZone enabled), 96KB SRAM, SPI Quad mode, USB OTG...
Transcript of NuMicro M2351 Series€¦ · Armv8-M CPU (TrustZone enabled), 96KB SRAM, SPI Quad mode, USB OTG...
NuMicro® M2351 SeriesSecure your innovation
Current Issues with traditional MCUs in IoT
Life Cycle
Attacks
Software
Attacks
Physical
Attacks
1
Communication
Attacks
• Man in The Middle
• Weak cryptography
• Code vulnerabilities
• Buffer overflows
• Interrupts
• Malware
• Code downgrade
• Excess manufacturing
• Integrity vulnerabilities
• Fault injection: clock or power glitch, laser beam
• Side-channel analysis
• Probing, FIB
A New Solution for IoT Security
2
NuMicro® M2351
Support Arm®
PSA and TBSA-M
TrustZone for
Armv8-M
XOM
Anti-Tampering
for system level
Cryptographic
HardwareAccelerators
Secure
Bootloader
Key-Protection ROM
Flash Memory Lock
TRNG
What FEATUREs make M2351 competitive
• With Complete Security Features
3
• Data Protection
• Firmware/ Software
Protection
• Peripheral Operation Protection
• TRNG (True Random
Number Generator)
• SHA-384
• DES /3DES
• AES-256
• ECC (Support Prime
and Binary field)
• Secure Boot Loader
(Secure Boot ROM)
• CRC
• Flash Lock either to secure region or all flash region
• Secure Debug
• Up to Six Tamper-pins
for board level security
Armv8-M TrustZone Cryptographic H/W
Accelerators Root of Trust & Basic Security Anti-Tampering
M2351 Official Launch
Flash
4
4096 KB
256 KB
1024 KB
2048 KB
General Purpose S/W SFI with W77 in SiP
Key features:
Armv8-M CPU (TrustZone
enabled), 96KB SRAM, SPI
Quad mode, USB OTG 1.1,
Crypto, XOM
Possible 512KB, 2MB, 4MB
Winbond’s W77 series Secure
Flash (Exiting M2351 Die
Stacked)
*MP in 2018 3Q **Test SiP 2018 4Q, Mass
Production by Request
512 KB *M2351
• Selling Points of M2351 Series
- TrustZone® for Armv8-M empowered
- Nuvoton Security Functions Strengthened
- Low-power technology for IoT Innovation
- Nuvoton Secure Microcontroller Platform (NuSMP)
� Accept MCU Mass Erase disabled order for embedded Flash memory
� M2351 (Can clear all Flash content) v.s. M2352 (Can’t clear all Flash content)
Key features:
Armv8-M CPU (TrustZone
enabled), 96KB SRAM, SPI
Quad mode, USB OTG 1.1,
Crypto, XOM
**M2353
5
M2351 Series Product Specification
M2351 Series Top 14 Key Features
6
M2351
NuSMP 1.0*
Dual-Bank Flash – Firmware
Upgrade Safe
XOM – Execute Only Memory
for Firmware Protection
Cryptographic Hardware
Accelerators
Flash Lock – Two-Level-Lock
for Secure and All Flash
Support Crystal-less USB
TrustZone for Cortex-M23 CPU
with MPU, IDAU, SAU
Keil MDK, GCC Tool – Free-to-use
Secure Debug – Secure and Non-
Secure zones
KPROM – Key Storage for Secure
System Setting
VAI – Voltage Adjustable
Interface pins
TrustZone Template Generator
Extra OTP Memory – For
Product Lifecycle Management
SEGGER emWin Lib. – Free-to-use
*NuSMP 1.0 coverage: Trusted Boot, Secure OTA F/W
Update, Power Management APIs, PC side crypto tools
M2351 for TEE Metering Example
7
M2351
EBI
Wireless
Module: BT,
WiFi, LoRA….
Keypad, LED
GPIO
SPI
Sensor
SPI / I2C
LCD panel
Non-secure World: User interface,
visual logo, customer applications
Secure World: Key store,
certificate storage, trusted
applications, TEE OS
M2351 for City Waste Bin Control Example
8
M2351
UART
Trash level
sensor
1-axis BaroI2C
3-axis Gyro
I2C
I2C
3-axis ACC
I2C
LTE/LTM, NB-IoT,
LoRA
SPI
GPS Module
Non-secure World: User
interaction interface, visual logo,
RTOS
Secure World: Certificate storage,
key storage, wireless
communication stack, sensors,
TEE OS
To ensure every type of communication stack is well tested and managed for upper layer applications
Elastic for vary standards of wireless connectivity
• So many radio communication standards in IoT era
9
Physical Layer
DataLink Layer
Network Layer
IEE
E
80
2.1
5.4
IEE
E
80
2.1
5.4
Blu
eto
oth
LoR
A
3G
PP
/ N
B-I
oT
Wi-SUN
6LoWPAN
Customer
Application
Comms Buffer
TrustZone / XOM
XOM
Comms Stack
Drivers
RF Interrupts
Non-secure World
Secure World
Hardware
XOM XOM can reside in both Worlds
M2351 for Fingerprint Module Example
10
M2351
EBI
Motor Control
Keypad, LED
GPIO
GPIO
Fingerprint sensor
or module
SPI/ UART
Color LCD panel
Non-secure World: User
interaction interface, visual logo,
customer applications
Secure World: Sensitive data
storage, fingerprint algorithm,
cryptographic algorithms
M2351 Smart Lock demo set
M2351SPI1
UART2
I2C
GPIO
SWD
GPIO
SPI2
UART5
GPIO
LCD
Display
LED
Bluetooth
DRV8830
Motor DriverKEY
Finger
Buzzer
Debug PortICE Debug
Interface
M2351 for Mini POS Example
12
Non-secure World: User interface,
visual logo, customer applications
Secure World: TEE OS, key store,
certificate storage, cryptographic
for data communication
BatteryUSB
Host
Bluetooth
Module
4x GPIOSPISPI
USBUSBADCADC
4x GPIO
SPISPI
16x GPIO
EBIEBI
PWMPWM GPIOGPIO
Printer Keypad
ISO-7816ISO-7816M2351
PSAM
SPI/UART /SDIO
/USB Host
WiFi, LoRA
ZigBee , BLE, NB-IoT
MEMS
SensorsAnalog Sensors
UART/I2C/SPI
I2C /SPIADC
Supersonic, IR Sensor
Timer Capture
Other Sensors
8080/SPI
LCM
EBI /SPI
Secure World:
Algorithms for sensors
Non-secure World:
mbed OS
Mbed IoT Device Example
M2351
13
?
14
Portable security devices for Personal Security
15
Leading Market Position
Security Levels for Different MCUs
C-M0
C-M0+, CM4
MPU
Armv8-M Cortex-M23
MPU + TrustZone
SC000 / SC300
MalwareReadout
Eavesdrop
Cloning / reverse
engineering
Physical attack,
Side channel attack
Authenticity and IntegrityCode/Data Privacy Intellectual Property Physical SecurityProtect
Target
Attack
Type
Required
FunctionsSecure boot, TRNG,
Crypto. IP
Flash Lock Bits
Secure SRAM
TrustZone
XOM
Tamper pins + analog
sensors,Noise generation IP
Flash Re-programingStorage Replacement
Temp./Power/Freq. analysisCircuit probing
Over/Under voltage
Attack
Method
MPU provides critical memory protection
ARMv8-M TrustZone provides secure execution environment
software-based debug
and test
Backdoor attack
inter-chip signal probing
Secure Boot
16
NuMicro® Family
Thanks for Your [email protected]