What is EP3C10F256I7N
The security of your IoT devices is paramount. To help you secure your devices, Arm offers the Arm CryptocellTM family of security extensions. The Armv8-based security extensions are designed to provide a mechanism for securely executing code from an isolated execution environment. These extensions are available as individual IP blocks and SDKs to accelerate adoption by IoT device manufacturers. Individual IP blocks and SDKs also reduce implementation time and cost, as well as increase flexibility in integrating the security features into existing SoCs.
Secure Monitor Extension (EP3C10F256I7N)
The Secure Monitor Extension (SME) can protect the critical control software, such as the operating system kernel and the hypervisor, from attack by secure processing outside the secure monitor. This extends the defense in depth of your system to protect the secure monitor against the increasing sophistication of attacks. The SME extends the defense in depth of your system to protect the secure monitor against the increasing sophistication of attacks. The SME provides a protected execution environment that can be used to enforce security policies and protect control software, such as the OS kernel, hypervisor, and trusted applications, from attack by secure processing outside the secure monitor. The secure processing outside the SME can include securely executing third-party code such as a Virtual Private Network (VPN) or Remote Access Server (RAS) client or a trusted execution environment (TEE).
Trusted Execution Environment (EP3C10F256I7N) Extension
The Trusted Execution Environment (TEE) extension is an Arm CryptocellTM IP block that secures data and code running on a TrustZone-enabled processor. The TEE is the most secure execution environment on a Cortex-A processor and is designed to protect sensitive data from software running outside the trusted execution environment. The TEE extension is a full IP block that includes the processor state control (PSC), the instruction memory controller (IMC), the data memory controller (DMC), and a cryptographic extension inside the PSC region. The TEE IP block is connected to the rest of the SoC via the secure interconnect. The TEE IP block itself is usually on the same chip as the TrustZone-enabled processor, although it can be implemented remotely using a secure interconnect protocol.
Hardware-backed Key Storage Extension (EP3C10F256I7N)
The Hardware-backed Key Storage Extension (HWKSE) provides an isolated virtual environment for secure key storage and generation, enabling IoT devices to resist physical and digital attack. The HWKSE uses an Arm-designed security chip that is tamper-resistant and physically isolated from the rest of the device. The security chip is designed to store and manage cryptographic keys in a dedicated, physically isolated security module. The security module is designed with a hardened silicon architecture that can resist side-channel attacks and physical attempts to extract keys or other sensitive data.
Arm TrustZone Based
Arm TrustZone-based security extensions provide a foundation for trusted execution and secure data transfer. These extensions are available as individual IP blocks and SDKs to accelerate adoption by IoT device manufacturers. Individual IP blocks and SDKs also reduce implementation time and cost, as well as increase flexibility in integrating the security features into existing SoCs. The Arm Cryptocell security extensions are designed to provide a mechanism for securely executing code from an isolated execution environment. The Cryptocell extensions are available as a set of TrustZone security extensions, which are closely integrated with the Trusted Execution Environment (TEE) security service. The Cryptocell extensions consist of a host security controller, a guest security controller, and a trusted communication channel between the two controllers. The Cryptocell security extensions are intended for the implementation of security-critical applications. These applications include secure remote login, secure data transfer, secure software update, and remote device management.
Conclusion
These security extensions are designed to provide a mechanism for securely executing code from an isolated execution environment. The Cryptocell extensions are available as a set of TrustZone security extensions, which are closely integrated with the TEE security service. The Cryptocell extensions consist of a host security controller, a guest security controller, and a trusted communication channel between the two controllers. The Cryptocell security extensions are intended for the implementation of security-critical applications, such as secure remote login, secure data transfer, secure software update, and remote device management.