Security System Architecture

Integrated IoT Cybersecurity Platform

The Arm Cortex-M33 processor with TrustZone Armv8-M security extensions forms the basis of the security platform. The Arm CryptoCell-312 allows for end-to-end product security, with Secure Boot with Root of Trust, secure lifecycle management, secure key management, and application and data encryption using symmetric or asymmetric cryptography. Arm TrustZone enables secure software access control.

For more information about the Arm Cortex-M33 processor, see Introduction. For more information about the TrustZone CryptoCell-312 security IP integrated into RSL15, see Arm TrustZone CryptoCell-312 Security IP.

Secure Boot with Root of Trust

The secure boot ROM authenticates firmware in flash with a certificate-based mechanism using a private-public key scheme. This is the basis of the hardware Root of Trust. This same mechanism ensures continuity of the hardware Root of Trust after secure Firmware-Over-The-Air (FOTA) update.

Arm Lifecycle State Management

The term lifecycle states refers to the multiple states RSL15 goes through during its lifetime. The Arm lifecycle states are:

  1. Chip Manufacture (CM) Lifecycle State
  2. Device Manufacture (DM) Lifecycle State - used during device manufacturing
  3. Secure (SE) Lifecycle State - used during field deployment
  4. Return to Manufacturer (RMA) Lifecycle State - used during failure analysis of devices that are returned to the manufacturer.

Lifecycle state management ensures the authenticity, integrity and confidentiality of code and data belonging to different stakeholders at each lifecycle.

In addition to the Arm Lifecycle States, an Energy Harvesting (EH) Mode is available for applications that require fast cold startup (initial application of VBAT) — for example, when cold startup is applied on reset — but do not require Root of Trust. This mode is especially useful when RSL15 is used in energy harvesting systems.

Application and Data Cryptographic Services

User available cryptographic services allow for development of custom proprietary security solutions. Cryptographic services include:

  • Encryption and decryption schemes
  • Hash schemes
  • Message Authentication Coding
  • Key generation and exchange algorithms

These cryptographic services are supported by a True Random Number Generator (TRNG).

TrustZone Arm Cortex-M33 Peripherals

The secure attribution unit (SAU) and its associated secure faults are integrated with the Arm Cortex-M33 processor and its NVIC. These blocks enable secure software access control to protect critical software and hardware resources, and support secure execution of both secured and unsecured application elements in the same device. The SAU is completed by the implementation defined attribute unit (IDAU), a hardware unit external to the processor.