“Emerging requirements make security mandatory for the majority of IoT connected devices,” said Microhip v-p Rod Drake, claiming: “The PIC32CK makes it cost effective to provide hardware-based security to mid-range microcontroller applications.”
That said, security does not come with every PIC32CK MCU – only those with PIC32CKxxxSG… part numbers get Arm’s TrustZone virtualisation with the Cortex-M33, plus a block that Microchip is calling ‘HSM’ for ‘hardware security module’.
It is not clear if this HSM is a specific or generic term within Microchip – Electronics Weekly has asked the question.
The product data sheet does not help much here as the specific HSM chapter is brief and includes the sentence: “Contact a local Microchip sales office for more information on this module available under a non-disclosure agreement.”
However, the data sheet does reveal some general specs for the particular HSM in PIC32CKxxxSG… parts:
- Cortex-M0+ CPU with 128kbyte of local ram (user-programmable, with standard turn-key firmware)
- Secured non-volatile key storage, boot and debug
- True random number generator
- Real-time clock
- Tamper response module
- Crypto accelerators for
AES-128, AES-192 and AES-256 compliant to NIST FIPS 197
Triple DES support up to 168bit keys
ChaCha20-Poly1305 authenticated encryption
HASH/MAC for SHA-1, SHA-256, SHA-224, SHA-384, SHA-512 and SHA3
Key derivation (at least HKDF and KDF2)
RSA, DSA and ECC public key cryptography (RSA with or without CRT up to 4,096bit keys and DSA up to 2048bit keys)
The devices are “designed to support ISO 26262 functional safety and ISO/SAE 21434 cybersecurity standards”, said Microchip. “The PIC32CK family offers a range of options to tune the level of security, memory and connectivity bandwidth – up to 2Mbyte dual-panel flash and 512kbyte SRAM, with options like 10/100 Ethernet, CAN FD and USB.”
EV33A17A is a development board for the secured PIC32CKxxxSG… microcontrollers
The company’s Trust Platform Design Suite is available for factory provisioning-as-a-service, for keys, certificates and IP.
Similar parts with neither TrustZone nor HSM are called PIC32CKxxxSG…
Find the PIC32CK family data sheet here
