“Emerging requirements make security mandatory for the majority of IoT connected devices,” said Micrchip v-p Rod Drake, claiming: “The PIC32CK makes it cost effective to provide hardware-based security to mid-range microcontroller applications.”
That said, security does not come with every PIC32CK MCU – only those with PIC32CKxxxSG… part numbers get Arm’s TrustZone (ARMv8-M version) virtualisation with the Cortex-M33, plus a ‘shared nothing’ hardware root-of-trust block that Microchip first used in the Cortex-M7 based PIC32CZxxxCA… family last year – it is a ‘hardware security module’ under NIST’s definition, Microchip told Electronics Weekly.
Exactly what is in the security module is not clear as the data sheet chapter on it is trivial (in both PIC32CK SG and PIC32CZ CA cases) and includes the sentence: “Contact a local Microchip sales office for more information on this module available under a non-disclosure agreement.”
However, the PIC32CK SG data sheet does have a top-level list of root-of-trust components and functions, which include:
- Cortex-M0+ CPU with 128kbyte of local ram (user-programmable, with standard turn-key firmware)
- Secured boot, debug and non-volatile key storage
- True random number generator
- Real-time clock
- Tamper response module
- Crypto accelerators for
AES-128, AES-192 and AES-256 compliant to NIST FIPS 197
Triple DES support up to 168bit keys
ChaCha20-Poly1305 authenticated encryption
HASH/MAC for SHA-1, SHA-256, SHA-224, SHA-384, SHA-512 and SHA3
Key derivation (at least HKDF and KDF2)
RSA, DSA and ECC public key cryptography (RSA with or without CRT up to 4,096bit keys, and DSA up to 2,048bit keys)
The devices are “designed to support ISO 26262 functional safety and ISO/SAE 21434 cybersecurity standards”, said Microchip. “The PIC32CK family offers a range of options to tune the level of security, memory and connectivity bandwidth – up to 2Mbyte dual-panel flash and 512kbyte SRAM, with options like 10/100 Ethernet, CAN FD and USB.”
Features added to support functional safety include: flash memory ECC (error code correction) with fault injection, global memory built-in self-test, a memory protection unit, write protection on some peripherals, clock failure detection with what the company claims is a fail-safe internal RC oscillator, and loopback on communications interfaces.
EV33A17A is a development board for the secured PIC32CKxxxSG… microcontrollers
The company’s Trust Platform Design Suite is available for factory provisioning-as-a-service, for keys, certificates and IP.
Similar parts with neither TrustZone nor HSM are called PIC32CKxxxSG…
Find the PIC32CK family data sheet here