The CEC1736 solution extends Microchip's offering for ensuring the cyber resiliency of end equipment in data center, telco, and networking applications.
As the market need for security evolves, platforms must also evolve quickly to defend against cyberattacks during start-up, real-time and system updates. With these new market threats, designers cannot assume the equipment they are using is trustworthy and they must start looking to new technology to secure their systems. Microchip Technology Inc. has launched its fully configurable microcontroller-based CEC1736 Trust Shield family that solves this challenge by going beyond NIST 800-193 Platform Firmware Resiliency guidelines with runtime firmware protection that anchors the secure boot process while establishing an entire chain of trust for the system platform.
The CEC1736 solution extends Microchip’s offering for ensuring the cyber resiliency of end equipment. It is a fully configurable real-time platform root of trust that enables runtime firmware protection in the SPI Flash and I2C/SMBus filtering against runtime attacks. The attestation feature provides trustworthy evidence to ensure that critical devices in the platform are authentic. Lifecycle management and ownership transfer features protect secrets throughout the end product lifecycle and during the transfer of product ownership, allowing different operators to use the system platform securely without compromising information.
“The presumption of equipment trustworthiness is no longer acceptable, and it is imperative to both expect and guard against unauthorized firmware components while also distrusting peripheral components until proven trustworthy,” said Ian Harris, vice president of Microchip’s Computing Product business unit. “Our CEC1736 Trust Shield family provides a complete solution to these challenges that simplifies development and provisioning of keys and other secrets while speeding time to market and providing the flexibility to stay ahead of threats.”
The CEC1736 Trust Shield family’s advanced hardware crypto cipher suite is equipped with AES-256, SHA-512, RSA-4096, ECC with key size up to 571 bits and Elliptic Curve Digital Signature Algorithm (ECDSA) with a 384-bit key length. The 384-bit hardware Physically Unclonable Function (PUF) enables a unique root key, symmetric secret, private key generation and protection. The advanced root of trust and security solution, which meets the NIST 800-193 and OCP security guidelines, allows for a quick adoption of the latest security advances and standards.
Microchip’s CEC1736 Trust Shield family spans silicon, software, tools, a development board and provisioning capabilities that drive the end-to-end platform firmware protection that customers need.
“Security is an issue of business continuity, consumer privacy and national security, so it’s everyone’s responsibility to ensure it’s protected,” said Frédéric Thomas, chief technology officer of Kudelski IoT, a leading IoT security expert. “Microchip has taken important measures to ensure the CEC1736 Trust Shield family is robust against advanced attack methods by working with us to have their hardware independently assessed in our advanced security labs. This should give Microchip customers peace of mind that they are working with a secure, state-of-the-art microcontroller that contributes to the overall security of the connected world.”
Microchip’s easy-to-use development tools for the CEC1736 Trust Shield family start with the Trust Platform Design Suite (TPDS), a Graphical User Interface (GUI) configurator for exploring capabilities, defining the security configuration and provisioning secrets for prototyping and production. Microchip’s MPLAB® Harmony, a fully integrated embedded software development framework, simplifies device setup, library selection and application development. Other support includes the CEC1736 Development Board.