feature article
Subscribe Now

Microchip TrustAnchor Holds the Keys

Tiny Add-on Chip Provides Security

“One of the keys to happiness is a bad memory.” – Rita Mae Brown

You’ve got a problem. You designed a nice microcontroller-based system a few years ago and it’s selling well, with thousands of units out in the field. That’s not the problem. The problem is, now your boss wants you to add security features to it. You know – just slap them on. No big deal, right? 

But to add secure boot, and crypto acceleration, and secure key storage to your design, you’d have to start all over with a new MCU that has these features. You really don’t want to do that. Manufacturing says they’ve already got thousands of units of the old MCU in stock because, well, because that’s what you designed in. You want we should throw ’em all away? 

But what choice do you have? The current MCU doesn’t have the boss’s favorite security features, and switching to a new MCU would mean evaluating, qualifying, and buying a whole new device. Plus, you’d probably have to tweak your code because something will have changed between the old chip and the new one. It always does. Looks like you’ve got a long several months ahead of you redesigning the thing you thought you’d finished last year. 

Or… you could just glue on the missing security features, like your boss said. 

Time to pull out your secret weapon, the TrustAnchor TA100 from Microchip. It’s a tiny $1.50 part that is a security vault, wrapped in a mystery, inside an enigma. You simply slap this baby alongside your existing MCU, find a spare I2C or SPI line to hook it to, and you’re on your way to providing the security features you missed the first time around. 

As the name suggests, the TrustAnchor is an anchor – no, wait, it’s a root of trust. That is, it stores secure keys (quite a lot of them, in fact), authenticates messages, validates certificates, makes firmware updates more trustable, cranks on crypto algorithms, protects content, and generally provides the basis, or root, of every other security-based feature you’d want. It does not, all by itself, magically transform your designs into hacker-proof vaults, but it does provide the necessary basis for everything that comes after. 

The chip itself is insanely hack-resistant. The top mask layer of silicon includes an unbroken mesh that prevents probing and shuts down the device if the protective cover is compromised. Internal memories are encrypted. Arithmetic functions are randomized (not the results, just the process) to avoid side-channel attacks. Voltage and temperature sensors detect environmental corner-case manipulation or clock glitching. All clocks are generated internally, instead of with an outside crystal or oscillator. And there’s no JTAG; not even internal test pads or probe points. Consequently, the chip is hard to test in production, but that’s Microchip’s problem, not yours. 

With all this internal security, the weak link would appear to be the external serial link to the host MCU. All the data is right there, out in the open and easy to probe. Doesn’t that compromise the entire foundation of the root of trust? 

Nope, says Microchip product engineer Todd Slack. It’s totally okay if bad guys monitor the traffic between the TrustAnchor and the MCU. There’s nothing valuable to be learned from it, and nothing they can do to inject bogus messages because it’s all authenticated. It’s like a bank vault. You can observe someone opening it all you want, but the vault opens only for the bank vice president with the keys. 

The TA100 was initially developed for automotive OEMs who want/need to protect their firmware and the increasingly advanced ADAS systems that go with them. The automotive industry is rapidly developing a set of standards and criteria that automakers and their suppliers will have to meet, and the TA100 was created with those standards in mind. That said, there’s no reason you can’t use the chip in other applications, too. If it’s good enough for BMW, Toyota, and Chrysler, it’s probably good enough for the rest of us. Problem solved.

Leave a Reply

featured blogs
May 19, 2022
The current challenge in custom/mixed-signal design is to have a fast and silicon-accurate methodology. In this blog series, we are exploring the Custom IC Design Flow and Methodology stages. This... ...
May 19, 2022
Learn about the AI chip design breakthroughs and case studies discussed at SNUG Silicon Valley 2022, including autonomous PPA optimization using DSO.ai. The post Key Highlights from SNUG 2022: AI Is Fast Forwarding Chip Design appeared first on From Silicon To Software....
May 12, 2022
By Shelly Stalnaker Every year, the editors of Elektronik in Germany compile a list of the most interesting and innovative… ...
Apr 29, 2022
What do you do if someone starts waving furiously at you, seemingly delighted to see you, but you fear they are being overenthusiastic?...

featured video

Building safer robots with computer vision & AI

Sponsored by Texas Instruments

Watch TI's demo to see how Jacinto™ 7 processors fuse deep learning and traditional computer vision to enable safer autonomous mobile robots.

Watch demo

featured paper

5 common Hall-effect sensor myths

Sponsored by Texas Instruments

Hall-effect sensors can be used in a variety of automotive and industrial systems. Higher system performance requirements created the need for improved accuracy and more integration – extending the use of Hall-effect sensors. Read this article to learn about common Hall-effect sensor misconceptions and see how these sensors can be used in real-world applications.

Click to read more

featured chalk talk

Expanding SiliconMAX SLM to In-Field

Sponsored by Synopsys

In order to keep up with the rigorous pace of today’s electronic designs, we must have visibility into each step of our IC design lifecycle including debug, bring up and in-field operation. In this episode of Chalk Talk, Amelia Dalton chats with Steve Pateras from Synopsys about in-field infrastructure for silicon lifecycle management, the role that edge analytics play when it comes to in-field optimization, and how cloud analytics, runtime agents and SiliconMAX sensor analytics can provide you more information than ever before for the lifecycle of your IC design.

Click here for more information about SiliconMAX Silicon Lifecycle Management