【FAQ】Microchip Live: GoodLock Project using SAM L11 and TrustFLEX ATECC608 security devices
[Copy link]
Live Topic: GoodLock Project Using SAM L11 and TrustFLEX ATECC608 Security Devices | Microchip Security Solutions Series Seminar 14
Content introduction: Future Electronics has designed a unique trusted development board, GoodLock, to help designers develop and test hardware security solutions for their embedded designs. This cost-effective general-purpose development board has a variety of advanced features and a built-in on-board debugger/programmer, making it an ideal development platform for adding security to products.
Live lecturer: Barry Xu | Senior Application Engineer at Microchip
FAQ details:
1. Our design uses Microchip's ATECC508A, which has the same asymmetric encryption function as ATECC608A. Currently, security can be guaranteed by verifying signatures and challenges. But the biggest concern is that the MCU itself will be cracked and the security verification code will be forced to increase? Do you have any good suggestions for optimization?
A: It is the security MCU such as SAML11 introduced today to improve system security, and use secure boot to ensure that the code will not be tampered with and prevent the system from being cracked by brute force.
2. I hope Microchip will come up with a document that combines MCU security features, such as trustzone, with encryption chips. Currently, development needs it.
A: You can visit the device page of the L11 device on the official website for details. There is a lot of content in this regard. http://www.microchip.com.cn/newcommunity/index.php?m=Knowledge&a=index&id=172&type=newest&orderby=title&order=asc
3. It is best not to limit the specific MCU model and give a general solution.
A: You can refer to this Demo to implement a security door lock. Of course, you can use other models. You need to add the ECC608 security chip.
4. Is GoodLock's integrated security solution convenient and fast?
A: Yes, it is convenient for customers to use and easy to develop security products.
5. What algorithm is the SAM L11 and TrustFLEX ATECC608 security devices based on for encryption?
A: L11 supports symmetric AES encryption and decryption, SHA256,608 supports ECCP256's sign and verify for identity authentication, and supports AES128 and SHA256
6. Is the ATSHA204A series chip still in production? The price has risen to more than 100 now, and the 8-pad UDFN is out of stock.
A: It is still in production. You can contact our sales or agents to join the priority supply plan
7. Can it be used for Bluetooth communication encryption?
A: Yes, it is suitable for security authentication and communication encryption of wireless IOT node devices such as Bluetooth
8. What peripherals does SAM L11 support
A: L11 integrates commonly used functional peripherals, including I2C, SPI, UART, ADC and PWM, Touch Key, etc., and can connect various peripherals
9. Is the battery always in power supply state
A: No, but if it is SAM L11 and trust SRAM is used, it needs to be powered on
10. Does L11 contain DA and AD? A
: DAC is 10-bit, supports 14-bit Dithering, ADC is 12-bit
11. What transmission methods are supported?
A: I2C/SWI
12. What is the key level ?
A: JIL High
13. How is the heat dissipation designed? Is additional heat dissipation required?
A: No need to consider heat dissipation. The power consumption of MCU and 608 itself is very low
14. Does it support software upgrade?
A: Yes, it can be supported and realized through Bootloader
15. How is the anti-interference ability?
A: All the products we provide are in line with industry standards. Anti-interference design needs to be considered from the system level
16. Can ATECC608 support symmetric encryption or asymmetric encryption?
A: Both are supported
17. Can TRUST provide customization at present?
A: Fully customized ones are Trust Customer
18. Here is the link to the low power note
: https://www.microchip.com/content/dam/mchp/documents/OTH/ProductDocuments/LegacyCollaterals/Low-Power-Features-SAML-00002709A.pdf
19. Is there an internal RTC?
A: L11 has an internal RTC
20. How many upgrade options are there?
A: It can be pushed locally or remotely
21. Can the development environment use KEIL?
A: The examples are all source code and support Keil
22. Is the development platform an open source platform?
A: Yes
23. What are the characteristics and highlights of this ideal development platform?
A: Convenient and easy to use, providing high physical protection level and rapid development of security solutions, including the implementation of secure boot, etc.
24. How does GoodLock perform identity authentication?
A: As mentioned above, identity authentication is achieved through ECC608
25. What interface is there for communicating with MCU? ?
A: ATECC608 only supports I2C/SWI
26. How to encrypt MICRO?
A: L11 has physically divided the code space, data space including peripherals into secure and non-secure areas. The content in the secure area cannot be used in the non-secure area and can only be accessed through SG, which has provided sufficient security
27. Can the security code be accessed?
A: The code can be accessed, but the key cannot be accessed
28. How to improve the encryption effect?
A: It can be considered from three aspects: identity authentication, data integrity, and data encryption
29. Is encryption performed through an independent MCU?
A: The MCU has a built-in encryption engine, and we also have a security authentication chip that independently implements encryption and authentication functions
30. Can the content in the flash be decrypted externally? Is there a corresponding tool?
A: The data in the external flash can be processed using AES128 and an encryption program
31. Can it be used in combination with AUTOSAR
A: We have a car-grade security chip that supports AUTOSAR, the TA100 series
32. What are the main innovations of Microchip's security solution?
A: Based on our security chip, we have integrated the needs of various application cases and provided corresponding code use cases to provide safe and easy-to-use solutions.
33. Can multiple MCU chips be used for one encryption chip?
A: The security chip is only a slave. If there are multiple masters, the software needs to consider more anti-collision designs.
34. How can I get code examples?
A: Please contact Microchip's local sales and technical support team.
35. How does the security solution prevent the key from being read?
A: 1. Use security chips such as ATECC608/SHA204 to store your keys. 2. Use security chips such as SAML11, which have a mechanism for secure key storage inside.
36. How to apply low power consumption?
A: You can set it to enter different low power consumption working modes in the software. We have low power consumption application notes. If you need to know more, you can download it from the website of the corresponding chip.
37. Is it necessary to plug in? How to communicate with MCU
A: ECC608 and MCU are connected through the I2C interface
38. What communication interfaces are there and what communication speeds are supported?
A: I2C, maximum 1MHz, SWI single bus 22K
39. How many security zones can be set at most?
A: 6 falsh, 2 data flash, 2 sram
40. What kernel is used?
A: L11 uses the M23 kernel
41. What does the compilation environment support?
A: Currently GCC is available, and other compilers can also be selected
42. Supply voltage range, how much is the low power static current?
A: Less than 150nA
43. Does the chip need to be burned with code when using microchip's security chip?
A: The security element needs to burn the configuration and user data, but does not need to burn the program code.
44. Will microchip provide the configuration for burning? Thank you
A: Yes
45. The old product used ATMEL's security encryption chip, which communicated with the microcontroller through IIC. Does microchip have IIC communication now?
A: Yes, we have I2C and SWI single bus interfaces
46. Can it be used in automobiles? Does it have automotive grade certification?
A: AEC-Q100Grade1 -40~125, also supports Class-B safety library
47. What are the advantages of microchip's security solution?
A: With more than 20 years of development experience in the security field, it has always been a leader in the security field.
48. What is the chip's main frequency?
A: L11 32Mhz
49. Is TrustFLEX ATECC608 security implemented by hardware or software?
A: The security algorithm of ECC608 is implemented in hardware, and the chip also uses hardware protection layer protection technology to protect data security.
50. How does Microchip security solution deal with physical brute force cracking?
A: Our security chip has a hardware physical active protection layer, and the core area of L11 has hardware protection.
51. Can the security code be burned twice with the main program?
A: The security code of L11 and the ordinary application code can be burned twice separately.
52. Does the security solution need to pay attention to anti-static interference in industrial applications? What is the supported anti-static voltage level ?
A: The security chip can reach 6KV
. 53. Is this security physical or software?
A: Physical protection and hardware architecture protect memory space and peripheral space.
54. Now generally need to protect the chip independently.
A: The chip has its own independent protection.
55. Does L11 have DAC? How many channels, what is the resolution?
A: 10bit DAC 350ksps
56. How many ADC channels are there?
A: 10 ADC channels, 1 ADC, supports up to 10 channels input57
. What low power modes does SAM L11 support, and how much power does it consume?
A: ative <25uA/MHz, Idle <10uA/Mhz, standby 0.5uA, Off mode <100nA
58. What development environment does L11 currently use?
A: Atmelstudio7, MPLABX, IAR, Keil are all
OK59. Where can I see the L11 development board information ?
A: https://www.microchip.com/content/dam/mchp/documents/OTH/ProductDocuments/BoardDesignFiles/SAML11-Xplained-Pro_Design-Documentation_feb19.zip
60. What development boards does L11 officially have?
A: https://www.microchip.com/en-us/development-tool/DM320205
61. What are the differences between L21 and L11?
A: L21 is M0+ core, L11 is M23 core, application-wise, L21 is low-power application, L11 is security application62.
What packages are available for ATECC608?
A: UFDN, SOIC63
. Does L11 support segment LCD display?
A: It does not support segment LCD, but can use external LCD controller, controlled through SPI or I2C interface64
. How are encrypted keys generated and managed?
A: Symmetric keys need to be set and strictly protected by yourself, asymmetric private keys are generated inside the chip and cannot be read, only public keys can be read65
. Is the current shipment of L11 stable?
A: It can be shipped stably, please contact our sales for
details66. What models are there in the L series?
A: Currently, the M23 cores are L10 and L1167
. How big is the FLASH of L11?
A: The current maximum is 64K68.
How high is the main frequency of L11?
A: The current maximum is 32MHz, and a 48MHz model will be released later.
69. Is the previous Atmel Studio development environment no longer maintained?
A: It is now Microchip Studio
. 70. What packages does L11 have?
A: VQFN24, VQFN32, TQFP32, SSOP24 and WLCSP32 packages
. 71. What encryption algorithms are available?
A: Supports SHA256, AES128 and ECC256, etc.
72. What are the main application areas of Microchip security solutions?
A: Internet of Things, accessories or consumables authentication, automotive network security, etc.
73. Does Microchip security solution have application solutions for industrial enterprises to produce data security?
A: We have many applications for data or network security, not just industrial enterprises
74. Does Microchip security solution achieve data security based on the cloud?
A: We have cloud-based data security solutions
75. For how many orders can Microchip customize certificates for customers
A: The minimum order quantity for customized certificates is 2K
76. Can you introduce the successful application cases of SAML11?
A: There are many, such as FPGA IP protection of autonomous driving roadbed equipment, goodlock mentioned today
77. If SAML11 is used, there is no need to plug in STECC608, right?
A: The two have different focuses and can be used together to improve the security level.
78. Is the communication between MCU and security device encrypted in an unordered manner?
A: It can be encrypted or non-encrypted, depending on the usage scenario.
79. Are all the communication methods of security ICs single-wire?
A: We have I2C and SWI single bus interfaces80
. Does the Googlock project provide source code or firmware?
A: It is provided to customers in the form of source code81
. Does the power supply of the security chip need to be kept powered by a lithium battery?
A: It does not need to be powered all the time. The key of the authentication chip is based on eeprom82
. What is the operating temperature range of SAM L11? How is its stability in an industrial environment? Thank youA
: Industrial-grade temperature support and support from -40C to +125C83
. Do SAM L11 and TrustFLEX ATECC608 security devices support soft encryption and hard encryption?
A: L11 has a hardware encryption and decryption accelerator, but it is not a complete encryption and decryption module. It requires software assistance. This part of the software is fixed to the chip. 608 is hardware encryption and decryption84
. Does the GoodLock project support mobile terminals and PCs to communicate with each other?
A: Yes, it can be supported. It needs to be considered from the system level85
. When designing the cooling system for MCU and its peripherals, do you need to design a separate air cooling system for the MCU?
A: The power consumption of MCU and ECC608 is very low, and no heat sink is needed.
86. Does this solution support remote online upgrade program?
A: Yes
. 87. Does MCU support 16-bit ADC high-precision sampling?
A: ADC supports 12 bits
. 88. Are all source codes open ?
A: Currently open, you can apply for it
. 89. What technical means are used in terms of security?
A: Physical anti-tampering detection, active shielding layer protection, power supply and temperature anti-bypass attack, etc.
90. Does the MCU have a built-in crystal oscillator? What is the starting frequency?
A: There is an internal 16M oscillator, and the starting frequency is 4M after frequency division.
91. Which model is burned in
? A: TRUST&GO
92. What are the main technical features of Trust Shield? What are the advantages?
A: Trust platform is convenient for customizing certificates, and can provide small order burning services.
93. Will future upgrades be automatic upgrades?
A: It can be upgraded manually or automatically through push
. 94. How is the reliability of security?
A: JIL is the highest level - high
. 95. How to prevent the foundry from over-burning and causing losses?
A: It can be achieved through the monotonic counter of the chip. Each time a unit is produced, it will be reduced by 1. If it is reduced to 0, it cannot be produced anymore.
96. What algorithm is used for flash data encryption?
A: AES128
97. Can L11 be used with chips from other manufacturers?
A: L11 can also be used as a security coprocessor to connect to other MCUs
. 98. How to re-write the security zone code?
A: L11 has a key that can be entered to re-flash the security zone code. The key is set by the customer.
99. Can it prevent re-burning?
A: After the MCU is locked, the whole chip can be erased. After the ECC608 is locked, there is no way to unlock and re-burn it.
100. What development tools can be used?
A: Microchip studio, ICE and Xplain evaluation board, etc.
101. What physical anti-attack measures are adopted?
A: microprobe, Radiation attack, extreme operation attack means
102. Do you need to apply for a certification certificate or make it yourself?
A: You can use the Microchip certificate chain or the customer's own certificate chain
103. Can the internal code of the MCU not be encrypted?
A: It can be encrypted
104. Can googlock be applied for free?
A: Please contact the local sales and technical support team
105. Which parts of the program can be upgraded by remote upgrade
? A: Generally, the application code in the non-secure area is upgraded
106. Can the built-in AES engine be upgraded?
A: This is fixed
107. What are the packages of the chip?
A: QFP, QFN, SSOP, WLCSP
108. What is the minimum power consumption?
A: 25uA/Mhz in operating mode
109. What are the physical attacks?
A: Commonly used open cover micro probes, timing and power consumption analysis, etc.
110. What encryption algorithm is used in key transmission
? A: AES128 or ECDH can be used to negotiate the key.
111. Can the external flash be used as a safe area?
A: The external flash can encrypt the data, which is also safe.
112. Can the impact be completely prevented in a humid working environment by sealing with glue, etc.?
A: This is a problem that needs to be considered in the production process.
113. Is there an MCU with integrated encryption function?
A: There are also MCUs with integrated encryption and decryption modules, such as E5X
114. What is the power consumption?
A: Active: <25uA/MHz: Idle mode < 10uA/Mhz with 1.5us wake-up time; standby 0.5uA; Off mode <100nA
115. Does the high power require an external heat sink?
A: No, the power consumption of the security chip and MCU is very small.
116. What are the requirements for wiring?
A: They are all low-speed devices, so there are no special requirements.
117. What scenarios can it be applied to?
A: It is applicable to a variety of application scenarios, such as IOT devices, secondary development, secure startup, and algorithm protection. Secure cloud connection, certification of accessories or consumables, etc.
118. What is the level of security certification?
A: The highest security certification level in the JIL certification series - JIL HIGH
119. What are the key areas of work when using Microchip security solutions?
A: SAML11 focuses on code space and peripheral space protection, and ECC608 focuses on identity authentication.
120. What are the main structures of Microchip's security solution?
A: Security MCU/MPU series + security element + security FPGA
121. Is the running speed affected after encryption?
A: After the code of the security MCU is encrypted, it takes some extra time to do authentication at startup, but there is no impact during operation.
122. How to achieve real-time monitoring and early warning?
A: The security chip has built-in physical attacks such as side channel attacks, temperature, voltage, etc. The MCU also has built-in real-time intrusion detection pins.
123. What supporting development and maintenance tools are provided?
A: We provide encryption library functions to simplify your design and facilitate integration into your system. At the same time, we also provide development kits based on multiple MCU development boards to facilitate your testing and verification.
124. What is the overall cost of Microchip's security solution?
A: We provide a variety of solutions to meet the different cost requirements of customers.
125. Is the software solution available for trial?
A: We have open source samples for free reference.
126. What are the advantages of Microchip's security solution?
A: The product range is complete, including authentication chips, secure MCUs, secure MPUs, and secure boot chips. They are highly integrated, easy to use, and have rich examples to reduce development difficulties.
|
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
