Overview The goals of a secure IoT device Security - How can I secure my device? Security - Platform Security Architecture Security - Arm TrustZone technology Security - CryptoCell and CryptoIsland technologies Security - Mitigating against physical attacks Security - Implementing additional security IP - What IP do I need to make a secure IoT device? IP - The processor IP - The AMBA components IP - The CryptoCell IP - Power control, timers, Wi-Fi, and display Build - How does the IP fit together? Build - Starting to develop an example TBSA-M system Build - Select AMBA components to link the IP together Build - Connect to RAM, ROM, and eFlash memory Build - Connect the CryptoCell-312 Build - Add power control to the SoC Build - Add the timers as peripherals Build - Add a theoretical Wi-Fi and display component Build - Integrate the IP into the SoC Build - Add your own registers for the SoC Build - Arm subsystems SSE-123 - Exploring the SSE-123 Example Subsystem SSE-123 - SSE-123 features SSE-123 - Working with the SSE-123 SSE-123 - SSE-123 timers SSE-123 - SSE-123 registers SSE-123 - Debugging with the SSE-123 SSE-123 - The SSE-123 I/O port SSE-123 - Ideas for extending the SSE-123 Related information Next steps
CryptoCell and CryptoIsland technologies
CryptoCell and CryptoIsland technologies complement TrustZone and offer the following:
- Asymmetric and symmetric cryptography
- True random number generation
- Device lifecycle state management
- A hardware-enforced Root of Trust policy
- A Root of Trust model allowing multiple owners
- Secure boot technology with software image validation and decryption available at boot time
- Validation of software source updates
- Secure debugging
- Keys and assets provisioning, management, and isolation in persistent trusted storage
Note: CryptoCell technologies are engines that require a CPU and, sometimes, infrastructure on the SoC to perform the preceding functionality. CryptoIsland integrates a subsystem around a CryptoCell-312 and includes its own processor. This design means that a CryptoIsland can perform more of the preceding functionality on its own.
CryptoCell
There are two families of CryptoCell, the CryptoCell-300 family and the CryptoCell-700 family. The CryptoCell-700 family has a higher performance than the CryptoCell-300 family and is intended for content intensive applications, for example higher-end smartphones and set-top boxes.
The CryptoCell-312 is aimed at SoCs that are powered by either Cortex-M series or Cortex-R series processors. The CryptoCell-312 fits well in a design that is optimized for low-power usage and a low area.
CryptoIsland
CryptoIsland executes a full software stack inside itself, which allows you to isolate software from the host system. For example, if a SIM is kept inside the CryptoIsland, the SIM has as much protection as a detachable SIM card. In terms of functionality, the CryptoIsland includes a CryptoCell-312. CryptoIsland is also able to mitigate against physical attacks, which is explored further in Mitigating against physical attacks.