feature article
Subscribe Now

Microchip TrustAnchor Holds the Keys

Tiny Add-on Chip Provides Security

“One of the keys to happiness is a bad memory.” – Rita Mae Brown

You’ve got a problem. You designed a nice microcontroller-based system a few years ago and it’s selling well, with thousands of units out in the field. That’s not the problem. The problem is, now your boss wants you to add security features to it. You know – just slap them on. No big deal, right? 

But to add secure boot, and crypto acceleration, and secure key storage to your design, you’d have to start all over with a new MCU that has these features. You really don’t want to do that. Manufacturing says they’ve already got thousands of units of the old MCU in stock because, well, because that’s what you designed in. You want we should throw ’em all away? 

But what choice do you have? The current MCU doesn’t have the boss’s favorite security features, and switching to a new MCU would mean evaluating, qualifying, and buying a whole new device. Plus, you’d probably have to tweak your code because something will have changed between the old chip and the new one. It always does. Looks like you’ve got a long several months ahead of you redesigning the thing you thought you’d finished last year. 

Or… you could just glue on the missing security features, like your boss said. 

Time to pull out your secret weapon, the TrustAnchor TA100 from Microchip. It’s a tiny $1.50 part that is a security vault, wrapped in a mystery, inside an enigma. You simply slap this baby alongside your existing MCU, find a spare I2C or SPI line to hook it to, and you’re on your way to providing the security features you missed the first time around. 

As the name suggests, the TrustAnchor is an anchor – no, wait, it’s a root of trust. That is, it stores secure keys (quite a lot of them, in fact), authenticates messages, validates certificates, makes firmware updates more trustable, cranks on crypto algorithms, protects content, and generally provides the basis, or root, of every other security-based feature you’d want. It does not, all by itself, magically transform your designs into hacker-proof vaults, but it does provide the necessary basis for everything that comes after. 

The chip itself is insanely hack-resistant. The top mask layer of silicon includes an unbroken mesh that prevents probing and shuts down the device if the protective cover is compromised. Internal memories are encrypted. Arithmetic functions are randomized (not the results, just the process) to avoid side-channel attacks. Voltage and temperature sensors detect environmental corner-case manipulation or clock glitching. All clocks are generated internally, instead of with an outside crystal or oscillator. And there’s no JTAG; not even internal test pads or probe points. Consequently, the chip is hard to test in production, but that’s Microchip’s problem, not yours. 

With all this internal security, the weak link would appear to be the external serial link to the host MCU. All the data is right there, out in the open and easy to probe. Doesn’t that compromise the entire foundation of the root of trust? 

Nope, says Microchip product engineer Todd Slack. It’s totally okay if bad guys monitor the traffic between the TrustAnchor and the MCU. There’s nothing valuable to be learned from it, and nothing they can do to inject bogus messages because it’s all authenticated. It’s like a bank vault. You can observe someone opening it all you want, but the vault opens only for the bank vice president with the keys. 

The TA100 was initially developed for automotive OEMs who want/need to protect their firmware and the increasingly advanced ADAS systems that go with them. The automotive industry is rapidly developing a set of standards and criteria that automakers and their suppliers will have to meet, and the TA100 was created with those standards in mind. That said, there’s no reason you can’t use the chip in other applications, too. If it’s good enough for BMW, Toyota, and Chrysler, it’s probably good enough for the rest of us. Problem solved.

Leave a Reply

featured blogs
Mar 27, 2024
The current state of PCB design is in the middle of a trifecta; there's an evolution, a revolution, and an exodus. There are better tools and material changes, there's the addition of artificial intelligence and machine learning (AI/ML), but at the same time, people are leavi...
Mar 26, 2024
Learn how GPU acceleration impacts digital chip design implementation, expanding beyond chip simulation to fulfill compute demands of the RTL-to-GDSII process.The post Can GPUs Accelerate Digital Design Implementation? appeared first on Chip Design....
Mar 21, 2024
The awesome thing about these machines is that you are limited only by your imagination, and I've got a GREAT imagination....

featured video

We are Altera. We are for the innovators.

Sponsored by Intel

Today we embark on an exciting journey as we transition to Altera, an Intel Company. In a world of endless opportunities and challenges, we are here to provide the flexibility needed by our ecosystem of customers and partners to pioneer and accelerate innovation. As we leap into the future, we are committed to providing easy-to-design and deploy leadership programmable solutions to innovators to unlock extraordinary possibilities for everyone on the planet.

To learn more about Altera visit: http://intel.com/altera

featured chalk talk

Connectivity Solutions for Smart Trailers
Smart trailers can now be equipped with a wide variety of interconnection systems including wire-to-wire, wire-to-board, and high-speed data solutions. In this episode of Chalk Talk, Amelia Dalton and Blaine Dudley from TE Connectivity explore the evolution of smart trailer technology, the different applications within a trailer where connectivity would be valuable, and how TE Connectivity is encouraging innovation in the world of smart trailer technology.
Oct 6, 2023
22,615 views