Embedded Security in ARM-based microcontrollers

17
μCodeMeter Security Embedded in XMC4000 Marco Blume WIBU-SYSTEMS AG Dirk Heinen Infineon AG Embedded Security Cooperation

Transcript of Embedded Security in ARM-based microcontrollers

Page 1: Embedded Security in ARM-based microcontrollers

μCodeMeterSecurity Embedded in XMC4000Marco Blume WIBU-SYSTEMS AGDirk Heinen Infineon AG

Embedded Security Cooperation

Page 2: Embedded Security in ARM-based microcontrollers

XMC Microcontroller

High Volume Production

ARM Cortex™ - M4 (with FPU)• CPU Frequency up to 120MHz• Timers CCU4, CCU8, POSIF• USB / Up to 3x CAN / Up to 6x Serial Channels• High Resolution PWM• Interconnect Matrix• 2x 12Bit ADC / 2x DAC• TA = -40C to 125C

ARM Cortex™ - M0• Core 32MHz / Peripherals up to 64MHz• Capture Compare Units (CCU4)• 2x Serial Channels• 12Bit ADC• Interconnect Matrix• Secure Bootloader• 1,8V – 5,5V Supply Voltage Range• TA = -40C to 105C

Copyright © Infineon Technologi

es AG 2015. All

rights reserved.

OCTOBER 2014 PAGE 2

XMC1100Up to 64kB Flash

TSOP16/38, VQFN24/40+ 9ch LED Control (BCCU)+ 3x Analog Comparators

XMC1200Up to 200kB Flash

TSOP16/28/38, VQFN24/40

+ Math Co-Processor+ CCU8 PWM Timer+ Hall & Encoder I/F

XMC1300Up to 200kB Flash

TSOP16/28/38, VQFN24/40

XMC4100/4200Up to 256kB Flash / 40kB RAM

QFN48, TQFP64

XMC4400Up to 512kB Flash / 80kB RAM

TQFP64 / TQFP100

+ 120MHz Core + Ethernet+ ΔΣ Demodulator

XMC4500Up to 1MB Flash / 160kB RAMTQFP100 / TQFP144 / BGA144

+ EBU+ SD Card

February 2015

Page 2

Page 3: Embedded Security in ARM-based microcontrollers

XMC Target Markets

High through-put and up-time

Remote monitoring

Reliability and quality

Lifetime Security and

safety Interoperability

Energy efficiency

Comfort and ease of use

Remote monitoring

Appealing design and form factors

Interoperability

Robustnessfor harsh environment

Functional safety

Reliabilityand quality

Lifetime

Energy efficiency

Robustnessfor harsh environment

Up-time

Form factor, size and weight

Platform concept

Copy protection Fast ramp-up

Factory Automation

Building Automation

Trans-portation

Power& Energy

Home &Professional

Page 3

February 2015

Copyright © Infineon Technologi

es AG 2015. All

rights reserved.

XMC Family / DAVE™

Page 4: Embedded Security in ARM-based microcontrollers

Security challengesacross XMC Target Markets

Factory Automation

Building Automation

Trans-portation

Power& Energy

Home &Professional

Page 4

February 2015

Copyright © Infineon Technologi

es AG 2015. All

rights reserved.

Security challenges vary among market segments

We need to update FW of installed devices.

How to protect our IP?How to protect from cloning and reverse engineering at our

contract manufacturer?Can we make an after market

business with FW function upgrades?

How to make sure that only authorized devices are built in?

Page 5: Embedded Security in ARM-based microcontrollers

Security challengesacross XMC Target Markets

Factory Automation

Building Automation

Trans-portation

Power& Energy

Home &Professional

Page 5

February 2015

Copyright © Infineon Technologi

es AG 2015. All

rights reserved.

Security challenges vary among market segments

We need to update FW of installed devices.

How to protect our IP?

Can we make an after market

business with FW function upgrades?

Page 6: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

µCodeMeter:A cooperation on embedded security

Page 6

February 2015

CodeMeter Embedded

Driver

Personal Computer

Industrial PC

Embedded Device

Programmable Logic Controller

Microcontroller

High Power

Small Size

CodeMeter Runtime

µCodeMeter

Page 7: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

µCodeMeter technologyintegrated in DAVE™

Page 7

February 2015

DAVE™ plug in One dialog for security

configuration Master key for encryption and

licensing safely stored in CodeMeter dongle

Individual settings fit customers needs

Integrated in build process

Page 8: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Firmware Updateswith µCodeMeter USE CASE 1

Page 8

February 2015

FieldTrustedEnvironment

Page 9: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Firmware Updateswith µCodeMeter USE CASE 1

Page 9

February 2015

Firmware v1.0

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

FieldTrustedEnvironment

Initial programming of Firmware, Bootloader and µCmActLicense by device manufacturer

Page 10: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Firmware Updateswith µCodeMeter USE CASE 1

Page 10

February 2015

Firmware v1.0

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

FieldTrustedEnvironment

Firmware v1.0

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

delivery

Page 11: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

TrustedEnvironment

Secure Firmware Updateswith µCodeMeter USE CASE 1

Page 11

February 2015

Field

Firmware v1.0Firmware v2.0Encrypted

Generation of encrypted firmware file in DAVETM

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

DAVETM

µExProtector

Page 12: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

Secure Firmware Updateswith µCodeMeter USE CASE 1

Page 12

February 2015

Field

Firmware v2.0

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

Firmware update in the field. Files are loaded and decrypted by the SBSL

TrustedEnvironment

Firmware v2.0Encrypted

DAVETM

µExProtector

delivery

Page 13: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Function Upgradewith µCodeMeter USE CASE 2

Page 13

February 2015

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

FieldTrustedEnvironment

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

Blocked function Blocked function

Page 14: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Function Upgradewith µCodeMeter USE CASE 2

Page 14

February 2015

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

FieldTrustedEnvironment

CodeMeter LicenseCentral

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

Blocked function Blocked functionµCmActLicenseUpdate

Generation of encrypted µCmActLicense file.License is bound to individual hardware ID

Page 15: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

XMC4000Flash Memory

Secure Function Upgradewith µCodeMeter USE CASE 2

Page 15

February 2015

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

FieldTrustedEnvironment

CodeMeter LicenseCentral

µCmActLicense

SBSL(Bootloader +

µCmE, µExEngine)

Blocked function Enabled functionµCmActLicenseUpdate deliveryµCmActLicenseUpdate

Function upgrade in the field.

Page 16: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

Summary

µCodeMeter …

… enhances the standard tool chain to providesecure firmware updates or functional upgrades in embedded systems built around XMC4000 microcontrollers.

… is based on the market proven CodeMeter solutionfor processor level control.

… is an easy-to-use solution with state-of-the art cryptography.

… is available early in Q4/2015 from Wibu-Systems.

Thank you for your attention!

More info: www.wibu.com/micro-codemeterPage

16February 2015

Page 17: Embedded Security in ARM-based microcontrollers

Copyright © Infineon Technologies AG 2015. All rights reserved.

Page 17

February 2015