FAQ: Microchip Security Seminar | Trust Your Firmware: Secure Boot Application Processors
[Copy link]
Live Topic: Trust Your Firmware: Secure Boot Application Processors | Microchip Security Solutions Seminar Series 6
Content Description: Secure boot prevents rootkit and bootkit attacks on the pre-boot firmware environment. This webinar explores how to protect systems booted from external SPI flash to extend the root of trust.
Live lecturer: Barry Xu
1. Are we only discussing the security issues of firmware this time?
A: We are mainly talking about the secure boot of firmware.
2. What security issues does Microchip's security solution mainly want to solve?
A: We have a variety of security solutions, from secure boot of firmware to authentication of accessories, IP protection, and secure links of IOT, but this time we are mainly talking about secure boot of firmware.
3. What encryption methods are generally used for firmware?
A: From an algorithmic point of view, there are symmetric and asymmetric methods, or both.
4. Which is the most core and critical part of a hardware system?
A: In terms of security, you must ensure the rationality of the algorithm you use and the security of the key, especially the security of the key, which cannot be copied or forged.
5. What are the outstanding advantages or characteristics of Microchip's security solution compared with other manufacturers' solutions?
A: We have nearly 30 years of experience in security solutions, and we have a good reputation in the industry. We have close cooperation with many large domestic and foreign manufacturers. In addition, we target different applications.
6. Is the general firmware stored in ROM or can it be stored in an MCU with ROM?
A: Both are possible
. 7. What are the types of security solutions? A
: Including identity authentication, information integrity and information security.
8. What factors should be considered for firmware security?
A: Integrity and legitimacy of identity
. 9. What are the advantages of this encryption ?
A: The hardware root of trust ensures the reliability of secure boot and is efficient.
10. All those involving encryption are the original ATMEL business, right?
A: No, we also have a variety of technical solutions, such as what we talked about today
. 11. Each ink has a difference device public key and private key, how to manage these keys?
A: use certificate and trust chain to manage these keys.
12. How can the XcodeGhost incident be completely avoided?
A: XCodeGhost uses implanted malicious code to attack. If your code is well protected and ensures that the code has been security checked before running.
, then this kind of attack will be greatly reduced13
. How to overcome the low efficiency of one machine and one secret in mass production?
A: We can provide mass production services14
. How about security level?
A: Different solution has different level
15. Does Microchip's chip support AES256 encryption?
A: Yes, ATECC608 can support it, and MCU with security features also supports
it16. What are the encryption methods for firmware?
A: AES, ECC, SHA, RSA
17. What are the limitations of current security technology?
A: Based on software protection, the security of the corresponding key cannot be guaranteed. At the same time, the speed is much lower than the encryption and decryption of the hardware engine18.
What are the requirements for encryption chips?
A: First of all, the security level, followed by the security algorithm, and then the security level of the key, the level of random numbers, etc.19
. How is the secret key issued?
A: The key can be generated by itself or written by the user20
. Is the secret key required when leaving the factory? How many levels of secret keys are there?
A: You need to set a private key. If there are several levels, it depends on the customer's requirements21
. What are the differences between the security methods of IOT devices and ordinary devices? What parts do IoT devices need to consider extra?
A: IoT needs to consider the secure handshake connection with the cloud server and mutual identity authentication.
22. Why is it a trend to add security functions to chips today?
A: Information security is becoming more and more important and requires comprehensive protection, from the underlying hardware to the upper-level applications. The fundamental purpose is to protect the core interests of customers and users.
23. Does the encryption level meet the requirements of China's national encryption?
A: MICROCHIP's security products do not support national encryption standards for the time being
. 24. Are there many patents that you are afraid of not being able to use?
A: We use international mainstream algorithms, and you don't need to pay additional patent fees for related algorithms when using chips. You only need to meet the regulations of EAR99.
25. How to simplify the application of various security mechanisms is a problem?
A: We provide a complete integration tool that can simplify the process of security deployment.
26. What encryption algorithms are supported?
A: AES256, ECC256, SHA204, and RSA are also supported.
27. At present, which method of data encryption is more reliable in the industrial field of security solutions?
A: This depends on the object you want to protect. Generally speaking, the longer the key length, the more secure it is, but it also requires higher computing power for the system. This is a trade-off.
28. Why is it a new technical feature to add security functions, especially in personal computers and chip design?
A: In this seminar, you have seen that the impact of security incidents from the Internet is getting bigger and bigger and more frequent.
29. In terms of security, which one is safer, WiFi or Bluetooth, or better for developing encryption and verification?
A: It is not possible to say which is safer. The application scenarios are different. Compared with BT, WiFi has more tools to do this kind of work.
30. How is the encryption performance compared with similar products from other manufacturers?
A: Our product range is richer and more secure.
31. How to prevent attacks on the ecosystem?
A: It is achieved through three aspects: identity authentication, integrity protection and data encryption.
32. Can I apply for a development board?
A: You can contact Microchip's local sales or FAE.
33. What are the secure boot modes of firmware? Which one is commonly used?
A: In terms of cryptographic algorithms, there are several symmetric, asymmetric or both. Generally, we often use both. For example, we will pass the image file through hash
After the symmetric summary is made, the asymmetric ECC or RSA algorithm is used to sign the summary. The above two methods are used to ensure the integrity and non-tamperability of the image file.
34. How should the Bluetooth chip enhance its security performance?
A: Microchip also has a solution for Bluetooth chips. You can check Secure AVR BLE IoT on the official website.
35. Which encryption method is safer ?
A: A complete security system needs to consider factors such as identity authentication, integrity and privacy. The most important thing is to have a hardware security root of trust to protect private keys and passwords.
36. What special software is needed for firmware encryption? Does microchip have corresponding software processing?
A: It is not to encrypt the firmware, but to verify the authenticity and integrity of the firmware to prevent counterfeiting.
37. What are the application features of boot security processor technology tracking
? A: 1. Hardware immutable root of trust. 2. Secure credit chain boot
38. Is it hardware encryption or software encryption?
A: Hardware
39. What interface form does the encryption chip use?
A: I2C, Single-Wire interface
40. What are the advantages of MICROCHIP in preventing system attacks?
A: Prevent multiple physical attacks, efficient and secure hardware engine, and reliable key storage technology.
41. Can other MCUs be used in conjunction with this chip?
A: Yes.
42. Did Microchip inherit the hardware encryption chip after acquiring Atmel, or was it originally there? Thank you.
A: It was mainly inherited from Atmel, and later the original product line was integrated and new solutions were launched.
43. If someone directly copies the entire flash content when using external SPI flash to store code, how can this be solved?
A: You can add random challenges to the code and interact with the external security chip. Only after verification can the program run normally. This can prevent copying.
44. What are the advantages of hardware encryption over software encryption?
A: Faster speed and safer key storage.
45. What is the use of hardware encryption?
A: It is safe, and the calculation efficiency is higher and faster.
46. Can hard encryption be used in car anti-theft? Can hard encryption be used in car anti-theft?
A: Car anti-theft mainly detects whether the key exists. Of course, the security chip can also be used to detect the legitimacy of the key identity.
47. Do we still need to modify the boot code of the MCU on our board?
A: No need to modify it. The integrity and identity are completed by the external CEC1702.
48. Does the key chip need to be burned first?
A: You need to configure and write the security chip first.
49. What are the main types of chip packaging?
A: This introduction mainly focuses on BGA packaging
. 50. Is CEC1702 a 32-bit MCU?
A: 32-bit, CORTEX M4 core.
51. What equipment is required for hard encryption?
A: There are supporting software and hardware development tools.
52. How is the virus resistance performance?
A: The so-called virus is also a piece of implanted malicious code. The safe boot we are talking about is to eliminate the malicious implantation of the virus at the beginning.
53. How to avoid chip startup and surge interference to damage the chip?
A: This is a hardware-related issue. Add EMC/ESD protection circuit
. 54. How to identify malware attacks during hardware work?
A: You can add safe boot. When powering on, first verify the identity and integrity of the application software. Only when the verification passes can it run normally.
55. What is the power consumption of CEC1702?
A: working on 48MHz, about 16mA, please check the datasheet on Page 379 of 1702.
56. Does it support hardware encryption?
A: Support hardware encryption engine: AES, SHA, ECC, etc.
57. What is the trust chain mainly?
A: It can be understood as a certificate, just like the ID card in our daily life is issued to everyone by an authority to prove everyone's identity
58. How long does it take to start the security?
A: It depends on your algorithm and the content of the check. We have an example in this seminar to illustrate this
59. What encryption protocols are supported
A: AES, ECC, SHA, RSA
60. Is the FPU of CEC1702 a hardware FPU?
A: It is a hardware single-precision FPU
61. Is the risk of private key theft greater than that of public key theft?
A: The public key itself can be made public. The private key must be safely saved and stored, and cannot be read or written to prevent leakage
62. What specific applications
A: The CEC1702 IoT Development Kit supports DICE, which is a Microsoft-certified Azure IoT starter kit that can easily integrate security functions into the design.
63. Can the flash content of SPI support remote modification or upgrade?
A: It supports remote upgrades and can ensure the security of OTA upgrades.
64. Will this hardware encryption method report an error once the hardware device changes?
A: Yes, with the hardware Tamper detection, an error can be reported when the cover is opened.
65. Does today's boot processor integrate processors and security technologies?
A: It can complete some of the work of the processor, but it is mainly for secure booting
. 66. Does CEC1702 have IO input and output?
A: In addition to full startup, CEC1702 is also an MCU that can run independently, with a rich peripheral interface, including IO port operations.
67. Is the hardware root of trust pre-burned?
A: It needs to be pre-configured and burned at the factory
. 68. Will the data of the external encryption IC be intercepted and decrypted?
A: The external security chip can negotiate the session key with the host MCU. Each time data is transmitted, this key can be negotiated and replaced. This can ensure the security of transmitted data.
69.
What is the industrial operating temperature range of Microchip's chips?
A: -40 to 85
70. Will malware not attack the key code in the SPL flash memory?
A: It is possible, but the malware must be able to run first, but the purpose of secure boot is to prevent the operation of malware.
71. How to ensure the security of data transmitted on the transmission bus?
A: When the system is initialized, the MCU can negotiate an IO key with the security chip to encrypt the data transmitted on the bus.
72. For which occasions is chip encryption and firmware encryption particularly important?
A: Now, for example, IoT and accessory authentication.
73. Is it recommended to use the iic or spi interface?
A: CEC1702 mainly uses the SPI or eSPI interface
. 74. What is the principle of hardware encryption? Can software be used?
A: The encryption algorithm has been solidified into the security chip and does not need to call the code.
75. Is the development of CEC1702 peripheral circuit complex?
A: You can refer to the CEC1702 development board
. 76. What is the package of CEC1702 and how big is it?
A:84 Pin WFBGA RoHS Compliant package
77、Write the key chip in advance. Does the software engineer program the code himself?
A:The engineer does not need to write the code. The process is similar to the programmer writing the key configuration information
78、The boot ROM space of CEC1702 is so large. Can it be accessed by the application during operation?
A:Can other protection functions be added to the boot ROM to interact with the main processor ?
79、Once it is attacked by hackers, will there be an alarm or log record?
A:This is done by your processor. The purpose of CEC is to ensure that the software running on the processor cannot be changed
80、Will firmware damage lead to the failure of secure boot?
A:Yes
81、What communication methods does CEC1702 support?
A:CEC has multiple communication interfaces. For external FLASH, SPI or eSPI can be used. In addition, there are I2C and UART.
82、What does (CEC 1702) OTP stand for?
A:store the immutable key and certify
83、Does it need to cooperate with Microchip's software to achieve encryption?
A: We have our own and third-party software to support
84. How many bits of RSA do we support? 1024 or 2048?
A: 2048, some algorithms up to 3072
85. How flexible is the hardware encryption?
A: CEC's hardware module supports a variety of security cryptographic algorithms, which is quite flexible
86. Are there any related solutions? Are there any successful cases or projects that are already running?
A: There are many successful cases in the server
87. Is the secret key generated randomly
A: The key is generated by the security chip itself
88. Microchip only provides chips, but does not provide peripheral circuits, including PCBA?
A: You can refer to Microchip's development board
89. Is the encryption on the transmission bus symmetric encryption? One-time one-key?
A: Both symmetric and asymmetric are OK, including random challenge
90. Is there a solution for ultra-small size?
A: The specific package needs to determine the specific security device model first. You can consult MICROCHIP local technical support personnel for more specific information about your application
91. Is CEC1702 a single-chip microcomputer or a memory chip?
A: It is an MCU with a hardware root of trust, which can be used to protect the firmware of the main processor.
92. How does the security processor extend the root of trust through the external SPl flash boot system?
A: First, ensure that the firmware in the flash is trustworthy. This is ensured by CEC1702
. 93. Under what circumstances will the boot area be damaged? Some of the chips we are using now cannot be booted for unknown reasons, and they need to be re-burned to recover.
Normal
A: This may be a malicious modification, or it may be due to accidental damage caused by some physical protection failure.
94. Is the encryption hard encryption? If it is returned to the factory, is there any good way to decrypt it?
A: The certificate can be reissued after returning to the
factory. 95. How does the user need to integrate this encryption component into his own system?
A: Yes
. 96. Does the speed of computing power affect the handshake time of encryption and decryption?
A: Yes, we use hardware to implement the algorithm, which is much faster than software and can guarantee the startup time.
97. The company originally planned to use the encryption chip of Microchip (Atmel), but the project was cancelled. The hardware solution was ready, but the complete software process was not experienced. The official website has relevant information.
Are there any application notes?
A: Yes.
98. Can the hardware confidentiality solution for CEC1702 further improve the power density?
A: This has nothing to do with power density
. 99. Has CEC1702 been mass-produced? How is the yield?
A: It is a mass-produced chip. MICROCHIP will definitely guarantee the yield.
100. Does the CEC1702 chip have relevant export certificates? Does it have a certification certificate?
A: Yes
. 101. Is the encryption algorithm fixed?
A: It can support multiple algorithms
. 102. If the private key cannot be read and written, can it be copied? How is it saved?
A: If it cannot be read, it cannot be copied. It is saved in the FLASH area of the chip, and this FLASH area cannot be accessed.
103. For mass production, how to handle the secret key to facilitate production?
A: The private key is generated inside the device and is generated by an external tool. MICROCHIP can also provide factory programming services.
104. Does the encryption algorithm support secondary development of software?
A: The hardware algorithm is fixed, and the algorithm can be called in the application layer as needed.
105. Will the secret key consume too many process resources?
A: No, this is done by hardware.
106. How to prevent the disassembly of genuine SPI flash chips and put them on counterfeit motherboards for pirated applications?
A: First of all, this possibility is relatively small, because you have to destroy a genuine machine to make a counterfeit machine. Secondly, we can achieve one machine and one secret key to ensure that after changing the machine
It also does not work properly. When using CEC1702 for secure booting, a certificate will be written to a section of the SPI Flash. This certificate must be verified by CEC1702, so that others
If the SPI Flash is read away, it cannot be copied.
107. Does the chip have short circuit and overload protection functions?
A: It needs to be solved by external circuits
. 108. Does the chip prevent malicious brute force cracking?
A: You can add a hardware Tamper to delete it by opening the cover
. 109. Is the key randomly generated by the security chip based on its own hardware characteristics? Or is it written in advance and protected by fuses to prevent tampering?
A: The key is automatically generated inside the chip, not manually input and written externally. After it is generated, it is protected by fuses to prevent tampering.
110. After the microcontroller is powered on, it first communicates with the key chip, and executes the program after the handshake is successful? Or initialize it first?
A: It is recommended to communicate and handshake with the external security chip first.
111. What are the anti-cracking algorithms or strategies for processing chips?
A: This can be achieved through some physical protection of the chip, such as anti-opening detection, and active shield, etc.
112. If both Tag0 and Tag1 are destroyed, what will the system do?
A: It can refuse to start
. 113. What are the boot security performance features of CEc1720?
A: Use hardware encryption cryptographic suites to shorten computing time, protect confidential information through encryption, and use public key encryption technology to verify whether the firmware is digitally signed and intact.
114. Can the size of the tag0 tag1 area be freely configured?
A: Yes .
115. If a remote online upgrade is performed, what is the mainstream procedure?
A: You need to sign a new certificate with the HASH of the new firmware. You can safely upgrade the new firmware and the new certificate by downloading them to the device.
116. Where can I buy this development board ?
A: MICROCHIP direct sales website, https://www.microchipdirect.com/
117. How is the power consumption?
A: It belongs to the low-power series, depending on the specific application.
118. Has the MCIROCHIP encryption chip been connected to a third-party platform, such as Alibaba Cloud?
A: Yes, ALI Cloud, AWS, GOOGLE, MICORSOFT Cloud are all available.
119. Can foreign cloud platforms be used? Our company is in Taiwan and does not use domestic cloud platforms.
A: MICROCHIP now supports AWS, GOOGLE, and MICROSOFT cloud services.
120. Is this encryption protection to prevent being cracked?
A: This seminar mainly discusses preventing the firmware from being counterfeited, upgraded, or replaced, not preventing the firmware from being cracked.
121. If you want to control the executable code from being leaked, is there a way? How to prevent the code from being leaked at all stages of the production staff?
A: The leakage of executable code cannot be prevented. However, a security chip can be used to prevent the code on the CLONE board from running normally.
122. Are there any related cases?
A: The CEC1702 IoT Development Kit (DM990013-BNDL) is a Microsoft-certified Azure IoT starter kit that can easily integrate security features.
into the design123
. Will the boot solution of the hardware root of trust fail? If so, what mechanism can be used to avoid it?
A: CEC1702 will also verify its own program. If this also fails, it means that the system has problems and will not continue124
. Examples of consumer productsA
: Yes, you can contact your local Microchip sales or FAE125
. Difficulty and method of debugging. Will the debugging process become much more complicated due to encryption?
A: No, the execution time of the hardware algorithm is very short126
. How to balance accuracy and efficiency in the new solutionA
: This seminar mainly discusses the integrity and identity legitimacy of the firmware127
. What are the main customer groups and application directions of this product?
A: Mainly when the processor is needed and the processor does not support the hardware security root of trust, currently it is mainly the server market128.
How to boot the firmware to the CPU when it is placed in CEC1702? Is there a detailed operation process?
A: The firmware of the main processor is usually placed in the external SPI Flash. CEC1702 will verify the integrity and identity of the firmware of the external SPI Flash. Only when the verification is successful will the main processor be allowed to boot.
129. Does it mean that the certificate may be tampered if the certificate is re-issued after returning to the factory? A
: No, the certificate is issued in a trusted environment.
130. What is the highest voltage supported?
A: 3.3V and 1.8V Operation
131. During remote upgrade, can we determine whether the upgraded module is a previous one, not a copy?
A: This requires the hardware identity to be determined. Today we mainly talk about the hardware authentication of firmware. If the hardware identity is determined, we can add a hardware identity authentication.
Certification process.
132. Tampering with the root certificate will lead to the insecurity of the entire system.
A: Yes, a hardware immutable trusted root is required.
133. What is the maximum frequency?
A: 48MHz
134. Where does the secret key come from? How to manage it during mass production?
A: The key pair is randomly generated by software tools, the private key is self-held, and the public key is burned into the OTP.
135. Are there any cases of trusted computing?
A: There are trusted root boot cases
. 136. If all the keys are stored in OTP, what should I do if I need to update them later? Because sometimes the public-private key pairs need to be updated at intervals.
A: The private key will not be used during secure boot. You only need to save the public key to verify the certificate of the new firmware. The private key is only used for device authentication, usually
This private key will not be updated, because updating the private key will involve a series of updates on the server side.
137. Another question, if the normal verification fails due to interference, what is a good solution?
A: Then we need to find the interference source and reduce the interference. In addition, we can add a retry mechanism.
138. Can we build our own CA to distribute keys?
A: Can we support our own CA
? 139. Does the algorithm not support national encryption?
A: MICROCHIP does not support national encryption yet
. 140. After encryption, will it affect efficiency?
A: CEC1702 usually only runs when the system is powered on. After the verification is completed, 1702 is basically not used, so the impact on efficiency can be basically ignored.
141. Can you provide the relevant circuits and software for debugging chips?
A: Yes.
142. How much can the overclocking reach ?
A: It is not recommended to use it beyond the specification range
. 143. What are the requirements for the system running the firmware?
A: There are no requirements. CEC1702 and the main processor are completely independent.
144. Are there any application cases of CEC1702 in IoT telemedicine?
A: There are IoT applications. For relevant cases, please contact our local FAE or sales.
145. Which algorithm is used in the example of 61.5ms?
A: 61.5ms is the entire boot process, involving multiple algorithms such as HASH, ECDSA, and AES.
146. What is the maximum image that cec1702 can decrypt
? A: There is no maximum, but the larger the image, the more time it takes.
147. How much does the security firmware cost?
A: Please contact MICROCHIP local sales staff for specific chip prices.
148. What is the frequency range ?
A: The maximum frequency is 48MHz.
149. What is the power consumption of the secure boot processor introduced today?
A: When working at 48MHz, it is about 12.5mA
. 150. Security algorithm development process: Your company provides security firmware. When we apply it, do we develop our own special algorithms based on the firmware?
A: When developing applications, customers only need to set their own parameters such as keys, and do not need to develop their own algorithms.
151. Can Microchip security solutions be applied to other processors?
A: Yes.
152. Will there be super user settings for security algorithms? Have absolute all permissions
A: No, it can only be a trust chain of one level at a time
153. What is the verification method for the damage criterion of tag0 and tag1?
A: Failed the verification
154. Will Microchip's security solution lead to a significant increase in costs?
A: No, please consult MICROCHIP local sales staff for specific prices
155. What support can be provided for security firmware?
A: Through the fast pre-boot authentication of the system firmware, ensure that the firmware is not affected and damaged. Protect the system from malware attacks or storage through authenticated firmware updates.
156. How to decrypt after encryption? A
: The security chip itself cannot be cracked. In the application of secure boot, it is mainly for authentication, identity and integrity authentication, without encryption and decryption process.
157. How fast is the decryption speed?
A: AES256 takes 11.9ms to decrypt a 300KB image.
158. How fast is the response speed?
A: Different algorithms have different speeds, as shown in the introduction of the courseware
. 159. What will be involved in secure boot?
A: MPU
160. How is the compatibility of Microchip's chips with other MCUs and peripheral components?
A: You can use MCUs of other brands, just transplant the encryption security library161
. Is there any special software for encryption download operation and decryption operationA
: We provide a security encryption software library that can support any brand of MCU. The security chip cannot be decrypted162
. What is the power supply voltage of the cec1702 chipA
: 3.3V and 1.8V Operation
163. What is the standby current of the CEC1702 chipA
: 5uA
164. What transmission methods are supportedA
: SPI
165. Is this aimed at local encryption methods? Not based on cloud algorithm encryption?
A: Yes, this course does not involve secure cloud connection, but discusses the secure upgrade guide of firmware166
. Which cloud service providers do you cooperate with?
A: ALI, AWS, GOOGLE, MICROSOFT
167. If there is a hacker attack, will it cause the chip to burn?
A: CEC1702 itself can automatically delete the key. Of course, if it cooperates with external hardware circuits, it can also be realized168
. What are the advantages and technical features of the CEC1720 chip in terms of function and speed?
A: Integrated memory protection unit to prevent code corruption Fast hardware public key engine to improve real-time performance Certified by Microsoft Azure for IoT
Devices supporting DICE (Device Identification Combination Engine) functionality 2.5 Kb of user-programmable OTP Other cryptographic functions including: SHA-224, SHA384, and SHA-512
RSA keys up to 4096 bits ECDSA, EC-KCDSA and ED25519
169. Does the boot reference processor have a multi-core processor?
A: It can support multi-core, and can actually be applied to any main processor
170. What is the maximum size of the image stored in the external flash that CEC1702 can decrypt
? A: This is not limited.
171. How much power does the encryption chip consume when working?
A: cec1702 15mA@48MB
172. What types of development boards does CEC1720 have? What are the guarantees for its after-sales service and technical support?
A: CEC1702 IoT Development Kit (DM990013-BNDL)
173. If the encryption chip is damaged, is the encryption product equivalent to scrapped?
A: You can replace a security chip and your product can still be used
174. Will the hardware IC encryption method take up too much space on the board?
A: The chip itself is BGA
175. How is the encryption performance compared with other manufacturers' products?
A: The supported algorithms are more diverse.
176. What is the model and price of CEC1702 development board?
A: https://www.microchip.com/DevelopmentTools/ProductDetails/PartNO/DM990013
177. How many partitions can be divided at most?
A: This can be based on your own requirements. We currently have customers who have achieved 4 partitions
. 178. When can it meet the national encryption standards?
A: In fact, for national encryption, except for SM1, many other algorithms also use international mainstream algorithms. This is just that some parameters are different. It can be done with existing hardware and software, but it is too late.
For certification, this will be more difficult. This is not a technical issue.
179. Does the encryption method of the chip also need to pass relevant standards? What are the main standards?
A: The encryption methods all use public encryption algorithms, such as AES, ECC, RSA, etc.
180. Are there any samples of encryption chips available?
A: Yes, please contact MICROCHIP's local sales staff
181. Is the certificate OTP after importing?
A: The certificate can be updated, so it is not OTP, but the private key is OTP
182. Are there any requirements for the image transmission format? What communication interface is used?
A: SPI
183. How long is the delivery time ?
A: This is a business issue. Please consult MICROCHIP's local sales staff for details.
184. What are the applications of the fan control interface on CEC1702?
A: It can control the cooling fan of the system, such as in the server.
185. What systems does the server support ?
A: It usually protects the BIOS of the server and has no requirements for the system.
186. What software is needed for hardware encryption ?
A: We have a related User guide https://www.microchip.com/DevelopmentTools/ProductDetails/PartNO/DM990013
187. Can the LED interface of CEC1702 directly drive the LED? Does it need transistor amplification? Does it implement the breathing light effect in hardware? Thank you
A: It can be implemented with PWM
. 188. What format of image files are supported ?
A: bin or hex
189. What are the advantages of the SDK encryption method currently used in encryption compared to other encryption methods?
A: CEC1702 has an on-chip ROM immutable hardware trusted root and OTP storage public key, which can form a highly secure credit chain. At the same time, how many on-chip integrations does CEC17X2 have?
A hardware high-speed security engine that can verify and encrypt and decrypt the processor's code image at high speed, and its software processing speed is orders of magnitude faster than other ordinary processors.
190. What are the different application scenarios of the various encryption methods, and how is the security guaranteed?
A: Symmetric and asymmetric encryption verification are used in closed environments and open environments respectively. The security foundation lies in the hardware physical protection of related keys.
191. How does secure boot prevent rootkits and bootkits from attacking the boot solid environment?
A: Secure boot is through the CEC17X2's on-chip ROM immutable hardware trusted root and OTP storage of public keys, which can form a highly secure credit chain and only run verified
Secure and trusted code to avoid rootkit and bootkit attacks.
192. Is CEC1720 not a distributed system technology based on functional circuits? Is it a system firmware based on functional IP?
A: No, CEC1702 has an on-chip ROM immutable hardware trusted root and OTP storage public key, which can form a highly secure credit chain. Through the hierarchical verification of the credit chain,
193. Will chip encryption affect the computing power or computing time of the processor? A
: No, the relevant verification is performed by CEC17X2 before startup. After the secure startup, the main control is handed over to the processor to process the corresponding code, and there will be no difference.
|
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
