By Gina Roos, editor-in-chief
Infineon Technologies AG, thanks to its acquisition of Cypress Semiconductor Corp., has claimed the first memory solution to combine advanced security features and functional safety in a NOR flash device, which is flexible enough for a variety of connected applications, including automotive, industrial, and communications. The new offering adds Semper Secure to its Semper NOR flash memory platform that delivers hardware root of trust, providing cryptographic functions and enabling secure boot, with end-to-end protection. The platform also provides a software development kit for faster time to market.
One of the primary targets of hackers is the flash memory device, which stores boot code, security keys, and other critical data. This is especially true in connected systems, ranging from connected cars to smart factories, to prevent accidents and to secure sensitive data.
The Semper NOR flash is changing the way embedded system designers should think about security in flash memory, particularly as flash memory devices are increasingly placed outside of the processor instead of embedded in the processor or system-on-chip (SoC). By using external flash memory, which stores boot code and calibration data for the processors, it opens up a variety of security threats.
Embedded system designers need to know that the processors they’re buying today, especially on the advanced nodes, now depend on security in the external flash, said Sandeep Krishnegowda, senior director marketing and applications, Memory Solutions, Infineon Technologies, LLC.
Krishnegowda said that security has to be done by design. “If you don’t start your development thinking safety and security, you cannot fit it later on in your product.”
What’s unique about the Semper NOR flash memory is the Arm Cortex M0 core inside the NOR flash subsystem, with hardware-accelerated crypto engine and advanced cryptography algorithms, that enables a variety of solutions. This includes cryptographic functionality with symmetric and asymmetric key provisioning and key management as well as the built-in hardware acceleration engine that enables authenticated and encrypted secure transactions. It also allows users to secure system secrets and code in secure memory regions.
The Semper Secure NOR flash also provides functional safety with compliance to ISO 26262 ASIL-B and is ready for use in systems up to ASIL-D. Other features include secure over-the-air updates and diagnostics with authenticated and encrypted transactions between the cloud server and the flash memory.
The immutable unclonable concept with unique device secret and the secure boot that’s defined in TCG DICE ensures that the identity of the device is never hacked, said Krishnegowda. In addition, nonvolatile counters and side-channel attack protection ensures that system secrets are not leaked when somebody tries to hack into it, he added.
“We do this by having a hardware crypto engine to accelerate some of the operations, and all the transactions that go through the memory interfaces are completely secure,” said Krishnegowda, adding that these come with safety features like diagnostics so devices can be constantly monitored for predictive maintenance. Providing those types of modifications and diagnostics makes a huge difference to a customer for predicting the health of the device and giving them intelligence and insights that may help them make decisions on what to do.
“One of the key value propositions is that, by adding safety and security that is automotive-grade and enabling real-time diagnostics and reporting, we are enabling our customers to make autonomous machines, whether it’s a car or robot, to be safe,” said Krishnegowda. The other value-add is how the platform simplifies innovation as technology gets more complex and reduces the total cost of ownership, he added.
That’s where the software development kit comes into play. It includes production-grade and MISRA-C–compliant host drivers, code examples, C-Model and wolfSSL Security Library, hardware abstraction layers, and a crypto algorithm validation module. It also offers starter kits and memory modules for easier evaluation.
“We’re making the barrier for innovation very low by enabling a software development kit that is compliant to standard security standards like TCG DICE and of FIBS 140-2,” said Krishnegowda. “We’re all talking the same security languages; it’s the same cryptographic modules, so that removes barriers for a customer.
“We have qualified some of these solutions with the broad chipset processor companies and our solution partners, whether they’re in the cloud or middleware or software, so by bringing these values of security, safety, and [ease of use], we have really built a solution,” he added.
Securing connected systems
SoCs got smarter with the addition of a security module inside the device, which also included the embedded flash, so you could argue that security in the flash wasn’t that critical because security was managed inside the SoC, said Krishnegowda.
But that is changing in embedded systems, he added. Now, connected devices need higher performance and lower power, so everybody is transitioning their SoCs to lower geometry nodes to 28 nm or below, so when that happens, there is no embedded flash in the SoC because it becomes cost-prohibitive.
In addition, the growing complexity requires more embedded flash and SRAM, he said. “So when you don’t have an embedded flash, it is absolutely critical to secure your flash with some security built into it to protect code, data, and system secrets.”
When you talk about embedded systems, especially as things get connected — smart buildings, connected cars, city infrastructure, or your health-care devices — anybody can hack these systems, and the consequences of hacking could be disastrous,” said Krishnegowda.
Thus, flash memory is becoming a greater security attack target. Krishnegowda cited an example of an autonomous car application that uses a lot of different sensors with a vision and sensor fusion SoC that needs flash memory to boot the processor (whether it’s a vision processor or a compute processor) or the 5G LTE modem for connectivity to the cloud. They all have flash devices that are usually used for storing the boot code and calibration data for powering these processors.
The same is true in industrial applications in which the flash devices are used to store the boot code and the data being collected.
Availability
The Semper Secure NOR flash family includes AEC-Q100 automotive-qualified devices with an extended temperature range of –40°C to 125 °C and supports 1.8-V and 3.0-V operating ranges. The devices are available in densities of 128 Mb, 256 Mb, and 512 Mb.
The devices are offered with Quad Serial Peripheral Interface (SPI), Octal SPI, and HyperBus interfaces. The Octal and HyperBus interface devices are compliant with the JEDEC eXpanded SPI (xSPI) standard for high-speed x8 serial NOR flash and offer a read bandwidth of up to 400 MB/s.
The 256-Mb Semper Secure NOR flash devices are sampling to lead customers now, with volume production expected in the second quarter of 2021.
Advertisement
Learn more about Electronic Products Magazine
