Microchip's new cryptographic microcontroller, custom firmware, and provisioning service are designed to enable platforms to detect and reject malicious firmware before execution.
The rapid growth of 5G, including new cellular infrastructure, along with the growth of sprawling networks and data centers for cloud computing, developers are looking for new ways to keep operating systems secure and unforgiving. Microchip Technology Inc. has announced a new cryptographically-enabled microcontroller, the CEC1712 with Soteria-G2 custom firmware, designed to reject malware such as rootkits and bootkits on systems that boot from external Serial Peripheral Interface (SPI) flash memory. Microchip's Soteria-G2 custom firmware embedded in its CEC1712 Arm® Cortex®-M4-based microcontroller offers secure boot with hardware root-of-trust protection in a preboot mode for operating systems that boot from external SPI flash memory . In addition, the CEC1712 provides lifetime key override and code deactivation protection, allowing for security upgrades in the field.
Compliant with NIST 1712-800 guidelines, the CEC193 protects, detects, and recovers from corruption for full firmware robustness on the system platform. Secure Boot with Hardware Root of Trust is essential to protect the system from threats before they can enter the system and only allows the system to boot using software trusted by the manufacturer. The Soteria-G2 firmware is designed for use with the CEC1712 to help designers accelerate the adoption and implementation of Secure Boot, simplifying code development and reducing risk. Soteria-G2 uses the secure and unalterable bootloader of the CEC1712 installed in ROM (Read-Only Memory) as root of trust for the system.
“An especially insidious form of malware is the rootkit because it loads before the operating system boots, can evade conventional antimalware software, and is quite difficult to detect,” says Ian Harris, vice president of Microchip's computer products group. “One defense against rootkits is Secure Boot. The CEC1712 and Soteria-G2 firmware are designed to protect against threats before they can load.” The CEC1712 Secure Bootloader is for loading, decrypting, and authenticating firmware running on the CEC1712 from an external SPI flash. The code validated by the CEC1712 then performs an authentication of the firmware stored in the SPI flash for the first application processor. Two application processors can be used with two flash components for each. Pre-provision of customer specific data is an option offered by Microchip or Arrow Electronics. Pre-supply is a secure manufacturing solution to help prevent overlap and counterfeiting. In addition to shortening development time by as much as several months, the solution dramatically simplifies supply logistics, making it easier for customers to secure and manage devices without the added cost of agency or third-party supply services. of certification.
“The secure supply of some of Microchip's flagship products is an important part of our offering, and the Soteria-G2 firmware and CEC1712 microcontroller aim to protect the systems,” said Aiden Mitchell, vice president of IoT at Arrow Electronics. “Customers will increasingly seek these types of products as we move closer to the 5G era and embrace more connected solutions and autonomous machines.” In addition to preventing malware during preboot in 5G and data center operating systems, the combination of Microchip's CEC1712 and Soteria-G2 increases security in connected autonomous vehicle operating systems, advanced driver assistance systems (ADAS) and other systems that boot from external SPI flash.
Development tools
Microchip's CEC1712 and Soteria-G2 offer various support options for software and hardware. Software support includes MPLAB® X IDE, MPLAB Xpress, and Microchip's MPLABXC32 compilers. Hardware support is built into programmers and debuggers such as the MPLAB ICD 4 programmer/debugger and PICkit™ 4.
Prices and availability
The CEC1712H-S2-I/SX is available in production for orders of 10.000 units with a starting price of $4,02 (includes Soteria-G2 firmware). For more information, contact a Microchip representative, authorized distributor, or visit the Microchip website. For supply prices, contact Arrow Electronics at secure.provisioning@arrow. com. To purchase the above silicon products, visit Microchip's purchasing portal at https://www.microchipdirect.com/
