CryptoCell and CryptoIsland technologies explored the comprehensive security options that Arm provides. For a secure IoT coffee machine, the security that is provided by the CryptoCell-312 is adequate. Specifically, support from the CryptoCell-312 enables:
- The authentication of loaded firmware images before booting. This feature is based on a hardware root of trust.
- The authentication of firmware images before updating. This feature is based on a cryptographic signature with Public Key Infrastructure (PKI). Authentication failures are reported, and the firmware is rolled back to the last valid image.
- The authentication of remote servers. This feature is based on secure cryptographic and RNG support, which is used to support cryptographic protocols for communication.
- Integrity and confidentiality protection for exchanged assets. This feature is based on secure cryptographic and RNG support.
Software can handle the previous tasks. However, a CryptoCell increases the protection by hiding key assets and cryptographic processes from software.
In general, the CryptoCell-312 is a good match for an SoC based around a Cortex-M series processor. If physical attacks are a large concern for a secure IoT device, a CryptoIsland is the best choice.
This guide assumes that you will use the CryptoCell-312 to augment the security that is provided by TrustZone.
Note: The CryptoCell-312 is supplied with Arm Flexible Access.