Trust Shield protects against evolving security threats, says Microchip
Designers cannot assume the equipment they are using is trustworthy and must look to new technology to secure systems, warned Microchip Technology. It has released the configurable microcontroller-based CEC1736 Trust Shield family goes beyond NIST 800-193 Platform Firmware Resiliency guidelines, with runtime firmware protection that anchors the secure boot process while establishing an entire chain of trust for the system platform.
The CEC1736 configurable real-time platform root of trust enables runtime firmware protection in the SPI flash and I2C/SMBus filtering against run time attacks.
The attestation feature provides trustworthy evidence to ensure that critical devices in the platform are authentic. Lifecycle management and ownership transfer features protect secrets throughout the end product lifecycle and during the transfer of product ownership, allowing different operators to use the system platform securely without compromising information.
“The presumption of equipment trustworthiness is no longer acceptable, and it is imperative to both expect and guard against unauthorised firmware components while also distrusting peripheral components until proven trustworthy,” said Ian Harris, vice president of Microchip’s Computing Product business unit. “Our CEC1736 Trust Shield family . . . . provides a complete solution to these challenges that simplifies development and provisioning of keys and other secrets while speeding time to market and providing the flexibility to stay ahead of threats,” he added.
The CEC1736 Trust Shield family’s hardware crypto cipher suite is equipped with AES-256, SHA-512, RSA-4096, ECC with key size up to 571 bits and Elliptic Curve Digital Signature Algorithm (ECDSA) with a 384-bit key length.
The 384-bit hardware physically unclonable function (PUF) enables a unique root key and symmetric secret and private key generation and protection. The root of trust and security meets the NIST 800-193 and OCP (Open Compute Project) security guidelines to allow for a quick adoption of the latest security advances and standards, Microchip added.
Microchip’s CEC1736 Trust Shield family consists of silicon, software, tools, a development board and provisioning capabilities for firmware protection.
Microchip’s development tools for the CEC1736 Trust Shield family are the Trust Platform Design Suite (TPDS) and a graphical user interface (GUI) configurator for exploring capabilities, defining the security configuration and provisioning secrets for prototyping and production. Microchip’s MPLAB Harmony is an integrated embedded software development framework, designed to simplify device set up, library selection and application development. There is also the CEC1736 development board and Microchip’s Soteria-G3 firmware.