Secured SAMA5D4 for industrial, fitness or IoT display

---

To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough.

---

The new SAMA5D4 expands the Atmel | SMART Cortex-A5-based family, adding a 720p resolution hardware video decoder to target Human Machine Interface (HMI), control panel and IoT applications when high performance display capability is required. Cortex-A5 offers raw performance of 945 DMIPS (@ 600 MHz) completed by ARM NEON 128-bit SIMD (single instruction, multiple data) DSP architecture extension. To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough. In order to really make a difference, on top of the hardware’s dedicated video decoder (H264, VP8, MPEG4), you need the most complete set of security features.

Whether for home automation purpose or industrial HMI, you want your system to be safeguarded from hackers, and protect your investment against counterfeiting. You have the option to select 16-b DDR2 interface, or 32-b if you need better performance, but security is no longer just an option. Designing with Atmel | SMART SAMA5D4 will guarantee secure boot, including ARM Trust Zone, encrypted DDR bus, tamper detection pins and secure data storage. This MPU also integrates hardware encryption engines supporting AES (Advanced Encryption Standard)/3DES (Triple Data Encryption Standard), RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curves Cryptography), as well as SHA (Secure Hash Algorithm) and TRNG (True Random Number Generator).

If you design fitness equipment, such as treadmills and exercise machines, you may be more sensitive to connectivity and user interface functions than to security elements — even if it’s important to feel safe in respect with counterfeiting. Connectivity includes gigabit and 10/100 Ethernet and up to two High-Speed USB ports (configurable as two hosts or one host and one device port) and one High Speed Inter-Chip Interface (HSIC) port, several SDIO/SD/MMC, dual CAN, etc. Because the SAMA5D4 is intended to support industrial, consumer or IoT applications requiring efficient display capabilities, it integrates LCD controllers with a graphics accelerator, resistive touchscreen controller, camera interface and the aforementioned 720p 30fps video decoder.

The MCU market is highly competitive, especially when you consider that most of the products are developed around the same ARM-based family of cores (from the Cortex-M to Cortex-A5 series). Performance is an important differentiation factor, and the SAMA5D4 is the highest performing MPUs in the Atmel ARM Cortex-A5 based MPU family, offering up to 945 DMIPS (@ 600 MHz) completed by DSP extension ARM NEON 128-bit SIMD (single instruction, multiple data). Using safety and security on top of performance to augment differentiation is certainly an efficient architecture choice. As you can see in the block diagram below, the part features the ARM TrustZone system-wide approach to security, completed by advanced security features to protect the application software from counterfeiting, like encrypted DDR bus, tamper detection pins and secure data storage. But that’s not enough. Fortunately, this microprocessor integrates hardware encryption engines supporting AES/3DES, RSA, ECC, as well as SHA and TRNG.

The SAMA5 series targets industrial or fitness applications where safety is a key differentiating factor. If security helps protecting the software asset and makes the system robust against hacking, safety directly protects the user. The user can be the woman on the treadmill, or the various machines connected to the display that SAMA5 MCU pilots. This series is equipped with functions that ease the implementation of safety standards like IEC61508, including a main crystal oscillator clock with failure detector, POR (power-on reset), independent watchdog timers, write protection register, etc.

The SAMA5D4 is a medium-heavier processor and well suited for IoT, control panels, HMI, and the like, differentiating from other Atmel MCUs by the means of performance and security (not to mention, safety). The ARM Cortex-A5 based device delivers up to 945 DMIPS when running at 600 MHz, completed by DSP architecture extension ARM NEON 128-bit SIMD. The most important factor that sets the SAMA5D4 apart from the rest is probably its implemented security capabilities. These will protect OEM software investments from counterfeiting, user privacy against hacking, and its safety features make the SAMA5D4 ideal for industrial, fitness or IoT applications.

---

This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger as well as one of the four founding members of the site. This blog first appeared on SemiWiki on October 6, 2015.

Cosino Enigma is an SAMA5D3 based CPU module

Powered by the Atmel | SMART ARM Cortex-A5 based SAMA5D3, HCE Engineering has introduced the latest development in its Cosino Project: the Cosino Enigma CPU module.

As previously discussed on Bits & Pieces, the Cosino Project is an embedded prototyping system that combines the functionality of a mini-computer with those of a professional automation system. Cosino includes a comprehensive lineup of CPU boards, carrier boards and multiple peripherals that support industrial applications, as well as countless DIY projects by Makers.

With the recent launch of the Cosino Enigma, the team will now enrich their offering of Atmel based MPU modules. This new CPU module supports secure boot, which allows a user to store all of their software in an encrypted form on the system’s mass memory, therefore making it inaccessible to unauthorized intrusions!

How the secure boot works

Enigma’s CPU has two way of functioning: normal mode and secure mode. In the former mode, the CPU is no different than all other CPUs; however, once the secure mode is activated, it will execute ONLY encrypted code.

In normal mode, the boot stages consist of:

1. The on-chip ROM bootloader loads the pre-bootloader from an external mass storage into the internal RAM, then
2. The pre-bootloader sets up the external RAM and loads the bootloader from an external mass storage into external RAM, then
3. The bootloader can setup some peripherals in order to prepare the system for the kernel and loads the kernel from an external mass storage into external RAM, then
4. The kernel activates all system’s peripherals and mounts the rootfs from an external mass storage and starts the user’s processes executions.

Starting from stage 2, all the software that is not coded in ROM can be potentially subjected to attempts to replace the original firmware with a malicious one, simply by altering the code images stored into the system’s mass storage memory.

In industry applications this can lead to several issues related to system security. For instance, let’s consider a biomedical application where the system MUST not work continuously for more than 2 hours. The manufacturer can program the software in order to respect this directive; however, a malicious user may gain access to the system’s mass storage, copy it and then modify it in such a way that the machine can now work for more than 2 hours!

How can the manufacturer protect itself? It can simply use the secure mode!

Once the secure mode is activated, the Enigma’s CPU will execute ONLY encrypted code. In fact, when in secure mode, the internal ROM boot loader (during stage 1), will load the pre-bootloader image and it will then decrypt it by using the AES algorithm with the secret key deeply stored into the CPU.

Note that the AES key is not readable by using any CPU instruction nor the JTAG which is disabled too!

It’s obvious that without knowing the secret key is quite difficult to alter the pre-bootloader code! While, we have just shown that the second stage is secure, by using the same trick for both stage 3 and 4, all the booting chain is secure as well.

But, what about the root file system? Several solutions may be used; however, the SAMA5D3 based Cosino Enigma solution is used as an embedded file system into the kernel, and in the event that large data storage is needed, to mount an encrypted partition.

What the secure boot cannot do

Despite the secure mode, your system is not protected against backdoors and programming bugs, but these issues are NOT due the secure mode but due weak programmers! The secure mode can assure that your code cannot be altered and/or read so, if your code is well-written, the system is strongly protected against malicious attacks.

The secure boot and the Libre Software

Since Cosino Enigma runs a complete GNU/Linux system, how can it fit within the open source/free software licences? The answer: the unlock track.

By damaging this track on the board, the user can unlock the system; that is, even in secure mode the CPU can run unencrypted code, so every open source/free software licence is respected! Of course, the manufacturer can release the open source/free software code but NOT its protected code.

In addition, the integrity of the unlock track can be used to assert the warranty integrity; once damaged, the unlock path can assert that the warranty is now void. The open source/free software licence is saved and the manufacturer can decline all responsibility against any software modifications.

Hardware overview

The newly-unveiled board features a vast range of I/O peripherals and communication ports. Along with the TFT touchscreen LCD panels driver capable of resolutions up to 1024×768 pixels, it makes the Cosino Engima quite suitable for human/machine interfaces, gateways, and industrial controllers.

Aside from the ARM Cortex-A5 based SAMA5D3, other key specs include:

• Internal hardware floating-point unit
• 256MB (optional 512) SDRAM DDR2
• 256MB NAND
• 1x Ethernet 10/100 (optional 1000)
• 2x USB Host 2.0
• 1x USB Host/Device 2.0
• 2x microSD
• 7x UART
• 1x LCD
• 1x real-time clock1
• 1x I2C
• 2x SPI
• 1x crypto engine
• 1x true number generator

Interested in learning more? You can check out Cosino’s official page here.