The Internet of Things will undoubtedly become the next big thing in the technology industry, and the subsequent demand for chips has brought huge opportunities to the industry. According to a report released by Emergen Research, a market research and consulting firm, the global IoT chip market will reach US$11.37 billion in 2020 and is expected to reach US$34.74 billion by 2028, with a compound annual growth rate of 14.9% during the forecast period. Among these chips, in addition to wireless and sensing, MCU will become an important part that cannot be ignored in the Internet of Things era.
IC Insights said in its 2020 report that global MCU sales will see a modest recovery in 2021 after a sustained decline over the past two years, with sales rising 5% to $15.7 billion, followed by an 8% increase in 2022 , will grow 11% in 2023, when MCU revenue will hit a new high of $18.8 billion. Part of the driving force behind this comes from the Internet of Things.
As an important part of the Internet of Things system, MCU needs to face not only the increasing performance and functional requirements, but also security is an important part that cannot be ignored. Because this is a core aspect of data and application security. And the Nor flash with MCU will be the top priority.
In order to help create MCUs suitable for IoT security requirements, Winbond Electronics, a leading Nor Flash supplier, launched a high-security flash memory that focuses on firmware security protection – Winbond TrustME secure storage series products, and cooperated with security manufacturer Qinglian Cloud to provide new Tang Technology’s IoT MCU escorts.
According to Chen Hongwei, Director of Winbond Electronic Security Solutions Marketing Department, Winbond TrustME secure storage series products are based on the following four main principles in the design process:
The first is security authentication. Winbond secure flash memory products will be certified at different security levels according to the security requirements of different application scenarios. Winbond believes that, in fact, security requires certification to prove that the scheme can be trusted. At present, the security certifications carried out by Winbond are all internationally important security-related chip certifications. Customers can have full confidence in Winbond’s products, because the solutions provided by Winbond have passed the international and impartial third-party inspection.
The second is a wide range of applications. Winbond TrustME series products, in addition to the W77Q secure flash memory introduced today, also include other high security level products, providing different security levels to meet the needs of different application scenarios.
The third is the flexibility of design. Because at present, not all SOCs and MCUs have a certain security design, and most of the external flash memory used by SOCs and MCUs do not have any security functions. In fact, in many remote attack cases, hackers attack the firmware stored in flash memory. Winbond has focused its design on protecting the firmware stored in the flash memory, thus developing the TrustME security series. Of course, the design of some SOCs and MCUs has reached a relatively advanced process, and embedded flash memory cannot be used basically. To ensure the security of important data or firmware originally placed in the embedded flash memory, the security of the external flash memory must be relied on.
The last one is scalability. As we all know, the cost of embedded flash memory is relatively high. So, in most cases, the capacity of embedded flash memory is limited. Winbond uses external flash memory, that is, the NOR flash memory process used, so it is more flexible in capacity and provides different capacities to meet different applications.
It is worth mentioning that Winbond integrates platform resilience, including three factors: attack prevention, attack detection and recovery from attacks, into the product design of W77Q secure flash memory, which further improves its performance. safety.
In addition, compared with standard SPI NOR flash, Winbond W77Q secure flash memory adds some security functions that standard products do not have on the basis of pin-to-pin compatibility to strengthen the security of the flash itself. For example, system resilience, that is, protection, detection, recovery. Updatable while providing secure data storage. Winbond also brings secure OTA firmware updates to this mountain village, which is an important application of their complete solution in cooperation with Nuvoton and Qinglian Cloud. W77Q also provides a secure SPI interface to protect the content stored in flash memory and realize anti-cloning.
“Winbond W77Q has obtained multiple certifications, including CC EAL2, IEC62443, SESIP, Arm PSA, and related certifications for planning vehicle safety.” Chen Hongwei emphasized.
Based on Winbond’s flash memory, Nuvoton Technology is based on the company’s M2351SF IoT security microcontroller, using a multi-chip package to integrate the M2351 IoT security microcontroller and Winbond W77Q TrustME secure flash memory. Among them, Nuvoton M2351 microcontroller is based on Arm Cortex-M23 security processor and adopts TrustZone technology. Winbond’s W77Q secure flash memory is connected to the M2351 microcontroller through an encrypted SPI interface, which can avoid eavesdropping attacks and ensure the integrity and security of data transmission.
According to reports, in order to provide a Trusted Execution Environment (TEE) to ensure secure OTA firmware updates and cloud connectivity, Nuvoton has also partnered with Qinglian Cloud to use the latter’s TinyTEE security software stack to run within the TrustZone-protected M2351 . With Winbond W77Q secure flash memory providing 32Mb secure storage, this reference design provides secure/non-secure firmware and data storage, rollback protection mechanisms, and authenticated access management to ensure firmware and data integrity ;The TinyTEE software on the M2351 is connected to the secure cloud server of Qinglian Cloud, which can provide complete IoT device management functions, such as device authentication, secure storage, encryption engine, true random number generator, etc., and complies with international standards organizations GlobalPlatform’s TEE security assessment certification.
It is understood that when OTA firmware is updated, this solution can provide a secure chain of trust to ensure the security of data transmission from the cloud to the Winbond W77Q secure flash memory, and is not susceptible to remote attacks or leakage of private data.
Ling Limin, senior technical manager of Nuvoton Technology’s MCU development and application business group, said that in the smart world of the future, the security functions of IoT microcontrollers and microprocessors are the most important for product development and service innovation. New smart device applications will be empowered to collect and store vital data, while providing networking and more local computing power. The selection of microcontrollers and microprocessors focuses on how to quickly develop products and provide data security throughout the product life cycle while maintaining the cost advantage of the device. The best way to solve this problem is to set up a separate safe area.
“So, in addition to TrustZone, Nuvoton is also equipped with Winbond’s Secure Flash. Qinglian Cloud uses TrustZone’s architecture to transplant TEE OS, namely Trusted Execution Environment OS. Based on this environment, Qinglian Cloud can execute security More importantly, key data is stored in Winbond W77Q secure flash memory, which can better ensure data security.” Ling Limin added.
Wang Keyan, co-founder of Qinglian Cloud, also pointed out that using Arm’s TrustZone isolation technology, the MCU can be divided into a safe zone and a non-secure zone at the hardware layer. Qinglian Cloud’s TinyTEE can store sensitive information and business secret algorithms in the safe area, so that even if a hacker attacks the device hardware and gets the operation permission of the non-safe area, it can read the memory in the non-safe area and see the operating system’s Task switching and other behaviors, but due to hardware isolation, hackers cannot get the data in the safe area. In this way, sensitive information or secure data can be kept safe.
With the efforts of many parties, I believe that a more secure and reliable IoT world will soon enter our lives and bring us convenience.