- Developed to prevent malicious from attacking operating systems that boot from external SPI flash memory
- Equipped with hardware root of trust
With the rapid growth of 5G cellular infrastructure, networks and data centres supporting the expansion of cloud computing are growing. This has prompted developers to seek new ways of ensuring that operating systems remain secure and uncompromised.
Hence, Microchip Technology has announced a new cryptography-enabled microcontroller (MCU), the CEC1712 MCU with Soteria-G2 custom firmware that is designed to stop malicious malware such as rootkit and bootkit for systems that boot from external Serial Peripheral Interface (SPI) flash memory.
Microchip’s Soteria-G2 custom firmware features CEC1712 Arm® Cortex®-M4-based microcontroller that provides secure boot with hardware root of trust protection in a pre-boot mode for. This is a great feature security-wise for operating systems that boot from external SPI flash memory.
Additionally, the CEC1712 provides key and code rollback protection during operation lifetime, therefore enabling in-field security updates. Complying with NIST 800-193 guidelines, the CEC1712 can protect, detect and recover from complete system firmware corruption. The secure boot with hardware root of trust is essential to protect the system against threats before they can load into the system. It only allows the system to boot using software trusted by the manufacturer.
The Soteria-G2 firmware in conjunction with the CEC1712, allows designers to quicken the adoption and implementation of a secure boot, by simplifying the code development and reducing risk. Soteria-G2 uses the CEC1712 immutable secure bootloader, implemented in Read-Only Memory (ROM), as the system root of trust.
“A particularly insidious form of malware is a rootkit because it loads before an operating system boot and can hide from ordinary anti-malware software and is notoriously difficult to detect,” said Ian Harris, vice president of Microchip’s computing products group. “One way to defend against root kits is with secure boot. The CEC1712 and Soteria-G2 firmware are designed to protect against threats before they can be loaded.”
The CEC1712 secure bootloader loads, decrypts and authenticates the firmware to run on the CEC1712 from the external SPI flash. The validated CEC1712 code subsequently authenticates the firmware stored in SPI flash for the first application processor. Up to two application processors are supported with two flash components supported for each.
Pre-provisioning of customer-specific data is optional but it provides a secure manufacturing solution to help prevent overbuilding and counterfeiting. In addition to saving up a lot of development time, the solution significantly simplifies provisioning logistics, making it easy for customers to secure and manage devices without the overhead cost of third-party provisioning services or certificate authorities.
“Secure provisioning for some of Microchip`s flagship products is an important part of our offering and the Soteria-G2 firmware and CEC1712 microcontroller are targeted to protect systems,” said Aiden Mitchell, vice president of IoT at Arrow Electronics. “Customers will increasingly seek such offerings as we approach the 5G era and go more into connected solutions and autonomous machines.”
In addition to preventing malware during pre-boot, the combination of Microchip’s CEC1712 and Soteria-G2 acts as a security enabler for connected autonomous vehicle operating systems, automotive Advanced Driver Assisted Systems (ADAS) and other systems that boot out of external SPI flash.
Microchip’s CEC1712 and Soteria-G2 package offer several options for software support such as Microchip’s MPLAB® X IDE, MPLAB Xpress and MPLAB XC32 compilers. Hardware support is also offered and includes the MPLAB ICD 4 and PICkit™ 4 programmer/debugger.
The CEC1712H-S2-I/SX (including the Soteria-G2 firmware) is being produced in volume and available from authorized worldwide Microchip distributor.