A survey of open and secure microcontrollers
This is an on going survey of microcontrollers that are secure and lightweight. It’s slightly biased on how well each microcontroller would work for Solo.
There are actually a ton of secure microcontrollers on the market, but most of which you'll never be able to use as a developer, or only as a limited smart card. The focus of this post are some ARM based solutions that target "IOT" instead of governments and banks, and “normal” people can use them in their products. I survey those chips here.
Traditional Secure Microcontrollers
But first, a bit on traditional secure microcontrollers. The IP that goes into making various silicone products is very proprietary and even more so if it's for security related applications. Silicone often can’t be patched so it’s bad if someone finds security bugs.
There's an international set of standards for chips that implement secure applications (payment, government ID, sim cards, etc.) called Common Criteria, and a certification will assign a Evaluation Assurance Level (EAL).
It's very important for stakeholders (governments, banks, large telco) that these chips do not get compromised and cause very expensive issues. Consequently, getting a high EAL certification is quite rigorous and expensive ($1M+). The stakes are quite high. The risk of letting average people know datasheet-level-information is not worth a manufacturer’s business.
Manufacturers of EAL certified chips (ST, Infineon, NXP) will only give access to few trusted entities. Some of these trusted entities develop a Java smart card operating system for the secure microcontroller, which acts as a standard, isolated environment that can run applets. The rest of the industry can, in theory, write Java applets to run on the Java OS on the secure microcontroller.
But each Java OS implementation implements different subsets of the standard, and none of them are complete. A given Java OS also may not have the features you need implemented (e.g. HID USB interface for FIDO2) even though the microcontroller could support it. You'd have to work with the 3rd party trusted Java OS developers to add in features (if they can).
Not to mention the BOM cost of the Secure MCU + Binary Java blob is going to be high.
ARM M23 + M33
ARM M23 and M33 is the same as M0 and M3 or M4, but with TrustZone added. TrustZone adds a layer of secure isolation to your application. It requires you to split your application into two parts (1) a simple, secure part, and (2) a non-secure complex part.
This type of split is actually common to see with products using secure elements or smart cards. They use the secure microcontroller, which runs Java, and it only does simple operations and handles key material. Another (normal) microcontroller will implement the complex application at hand, and interface with the secure microcontroller when needed. The normal microcontroller isn’t burdened by the political issues of EAL certifications. The Ledger Nano S does this.
This also potentially avoids the need to hire a 3rd part Java OS developer to add missing functionality.
ARM TrustZone basically allows this to happen on the same chip, and all the isolations are designed into the processor architecture itself. There's compiler support for ARM TrustZone applications to be compiled and interfaced in two parts. Also the main market for ARM TrustZone is "IoT". That means normal people like me and you! No Common Criteria, banks, or governments.
Anyways, let's survey some chips. All of the following chips have a HW RNG and secure boot capability, so I won’t list them.
The survey
Microchip’s SAML10 & SAML11
Microchip, offers M33 cores. I believe this is the first M33 chip to market.
Program memory: 16-64 KB. Admittedly this is pretty small. For reference, Solo takes about 80-90 KB of program memory when compiled for ARM M4 with size optimization.
Flash scrambling. This is pretty neat. There is a 2KB memory space that has a "scrambling" function so each byte gets written to a random location, or at least according to a programmed scrambling key. So if you have a 32 byte key scrambled about 2KB, an attacker would need to try on the order of 2048 choose 32 permutations to find it, which is astronomical.
Side channel resistant RAM and AES. There is 128 bytes of RAM that has power balanced memory access, so it's resistant to power analysis. Note the main memory does NOT benefit from this, so it would have to be used with the side channel resistant AES peripheral. Using it correctly with software based crypto implementations would be tricky.
ST’s STM32L562
ARM M33 and a direct upgrade to the STM32L4. At the time of writing this, it's not actually released yet. But it looks like it’s close to release.
Program memory: 256KB - 512KB. Good enough for me. The STM32L4 (which is what Solo uses) has 256 KB. To upgrade Solo and make more room for firmware upgrades, I’d opt for the 512KB variation.
Accelerated asymmetric crypto. The accelerator gives good cycle performance for ECC and RSA operations. This would be good for NFC operation of Solo, since it allows the clock rate to be lowered while still being able to compute crypto fast enough. Lower clock means less power, and more reliable NFC operation. If it wasn’t for power considerations, I wouldn’t care much about the accelerator.
Nuvoton’s M2531
Nuvoton is smaller manufacturer from Taiwan. The M2531 is an M23 core. So similar in performance to a ARM M0.
Program memory: 512KB. Nice.
Accelerated asymmetric crypto. Similar to the STM32L5.
This chip is the most lightweight and is the most affordable option I’ve seen. If you use this, you should try to use the accelerator and make sure your implementation is constant time. It’s difficult to make constant time implementations in software on a M0 core.
NXP’s LPC5500
This M33 chipset has the most packed in it. The coolest feature is the PUF.
Program memory: 640KB. Nice.
PUF. Physical unclonable function. Basically the silicone can consistently derive a high entropy secret key from itself. This provides a nice, secure way to keep data in flash encrypted, and the secret key doesn’t need to be stored anywhere. The secret key would be resistant to invasive readout methods.
Accelerated asymmetric crypto. Note that each accelerator is different. NXP published results showing a 3-8x speedup for various ECC and RSA operations.
Secure boot. Everything I’ve seen has provisions for secure boot but NXP has the richest option. Other secure boots are basically a hash your program, but NXP’s does signature checking and can check certificate chains of up to length 4. While you can always implement this on the other options, NXP already did it for you.
Wrap up
I think the best option for upgrading Solo would be NXP’s LPC5500. I really like the PUF and the rich secure bootloader features it offers. On the other hand, the Nuvoton M2351 comes in the smallest package and would make for more compact hardware. None of these chip sets are necessarily better than the other, but they each fit different applications differently. If you have a need, I encourage you to read more into each of them.
Also probably the most important feature on all of these chips is TrustZone. Being able to use the 2-chip model in a single chip is awesome.
There are other microcontrollers that claim security features, but really just offer acceleration for some crypto operations. While it may help with constant time implementations, I don’t consider these a significant security improvement.
Did I miss any chips or features? Let me know!