feature article
Subscribe Now

Microchip TrustAnchor Holds the Keys

Tiny Add-on Chip Provides Security

“One of the keys to happiness is a bad memory.” – Rita Mae Brown

You’ve got a problem. You designed a nice microcontroller-based system a few years ago and it’s selling well, with thousands of units out in the field. That’s not the problem. The problem is, now your boss wants you to add security features to it. You know – just slap them on. No big deal, right? 

But to add secure boot, and crypto acceleration, and secure key storage to your design, you’d have to start all over with a new MCU that has these features. You really don’t want to do that. Manufacturing says they’ve already got thousands of units of the old MCU in stock because, well, because that’s what you designed in. You want we should throw ’em all away? 

But what choice do you have? The current MCU doesn’t have the boss’s favorite security features, and switching to a new MCU would mean evaluating, qualifying, and buying a whole new device. Plus, you’d probably have to tweak your code because something will have changed between the old chip and the new one. It always does. Looks like you’ve got a long several months ahead of you redesigning the thing you thought you’d finished last year. 

Or… you could just glue on the missing security features, like your boss said. 

Time to pull out your secret weapon, the TrustAnchor TA100 from Microchip. It’s a tiny $1.50 part that is a security vault, wrapped in a mystery, inside an enigma. You simply slap this baby alongside your existing MCU, find a spare I2C or SPI line to hook it to, and you’re on your way to providing the security features you missed the first time around. 

As the name suggests, the TrustAnchor is an anchor – no, wait, it’s a root of trust. That is, it stores secure keys (quite a lot of them, in fact), authenticates messages, validates certificates, makes firmware updates more trustable, cranks on crypto algorithms, protects content, and generally provides the basis, or root, of every other security-based feature you’d want. It does not, all by itself, magically transform your designs into hacker-proof vaults, but it does provide the necessary basis for everything that comes after. 

The chip itself is insanely hack-resistant. The top mask layer of silicon includes an unbroken mesh that prevents probing and shuts down the device if the protective cover is compromised. Internal memories are encrypted. Arithmetic functions are randomized (not the results, just the process) to avoid side-channel attacks. Voltage and temperature sensors detect environmental corner-case manipulation or clock glitching. All clocks are generated internally, instead of with an outside crystal or oscillator. And there’s no JTAG; not even internal test pads or probe points. Consequently, the chip is hard to test in production, but that’s Microchip’s problem, not yours. 

With all this internal security, the weak link would appear to be the external serial link to the host MCU. All the data is right there, out in the open and easy to probe. Doesn’t that compromise the entire foundation of the root of trust? 

Nope, says Microchip product engineer Todd Slack. It’s totally okay if bad guys monitor the traffic between the TrustAnchor and the MCU. There’s nothing valuable to be learned from it, and nothing they can do to inject bogus messages because it’s all authenticated. It’s like a bank vault. You can observe someone opening it all you want, but the vault opens only for the bank vice president with the keys. 

The TA100 was initially developed for automotive OEMs who want/need to protect their firmware and the increasingly advanced ADAS systems that go with them. The automotive industry is rapidly developing a set of standards and criteria that automakers and their suppliers will have to meet, and the TA100 was created with those standards in mind. That said, there’s no reason you can’t use the chip in other applications, too. If it’s good enough for BMW, Toyota, and Chrysler, it’s probably good enough for the rest of us. Problem solved.

Leave a Reply

featured blogs
Jan 27, 2021
Here at the Cadence Academic Network, it is always important to highlight the great work being done by professors, and academia as a whole. Now that AWR software solutions is a part of Cadence, we... [[ Click on the title to access the full blog on the Cadence Community site...
Jan 27, 2021
Super-size. Add-on. Extra. More. We see terms like these a lot, whether at the drive through or shopping online. There'€™s always something else you can add to your order or put in your cart '€“ and usually at an additional cost. Fairly certain at this point most of us kn...
Jan 27, 2021
Cloud computing security starts at hyperscale data centers; learn how embedded IDE modules protect data across interfaces including PCIe 5.0 and CXL 2.0. The post Keeping Hyperscale Data Centers Safe from Security Threats appeared first on From Silicon To Software....
Jan 25, 2021
In which we meet the Photomath calculator, which works with photos of your equations, and the MyScript calculator, which allows you to draw equations with your finger....

featured paper

Speeding Up Large-Scale EM Simulation of ICs Without Compromising Accuracy

Sponsored by Cadence Design Systems

With growing on-chip RF content, electromagnetic (EM) simulation of passives is critical — from selecting the right RF design candidates to detecting parasitic coupling. Being on-chip, accurate EM analysis requires a tie in to the process technology with process design kits (PDKs) and foundry-certified EM simulation technology. Anything short of that could compromise the RFIC’s functionality. Learn how to get the highest-in-class accuracy and 10X faster analysis.

Click here to download the whitepaper

Featured Chalk Talk

Nano Pulse Control Clears Issues in the Automotive and Industrial Markets

Sponsored by Mouser Electronics and ROHM Semiconductor

In EV and industrial applications, converting from high voltages on the power side to low voltages on the electronics side poses a big challenge. In order to convert big voltage drops efficiently, you need very narrow pulse widths. In this episode of Chalk Talk, Amelia Dalton chats with Satya Dixit from ROHM about new Nano Pulse Control technology that changes the game in DC to DC conversion.

More information about ROHM Semiconductor BD9V10xMUF Buck Converters