Microchip Trust Platform

The Trust Platform from Microchip is hardware-based security for IoT. This platform is used for the CryptoAuthentication family from Microchip, which puts securely provisioned credentials into product. Without secure key provisioning the product is at risk of being exposed to third-party software during and after production. The Trust platform consists of pre-provisioned, pre-configured or fully customizable secure elements. Using Hardware Secure Modules (HSM) installed in manufacturing, the credentials are generated inside each secure element boundary. Development tools are provided for both software and hardware that make prototyping easy and fast. Three tiers are provided Trust&GO, TrustFLEX and TrustCUSTOM.

The following is a summary of each platform. For a more in-depth overview of each, click on the name.

Trust&GOTrust%26go

Easiest and quickest option with pre-configured and pre-provisioned, plus a minimum MOQ of 10 units. Best option for small projects and using the ATECC608A secure element is as easy as buy, claim it and it’s ready to go.

Follow these steps:

  1. Purchase your prototype device and development kit.

  2. Select the stack example listed below.

  3. Prototype with your Trust&GO pre-provisioned device and download the manifest file from your account at the website where you purchased the device.

  4. Place your production order with Microchip’s online store or from the ecommerce website of a participating distribution partners.

Stack code examples available for Trust&GO

AWS IoT authentication

Microsoft Azure IoT Hub authentication

Google IoT authentication

LoRa authentication

Third-party TLS authentication

TrustFLEXtrust%20flex

As the name suggests this option has more flexibility than the Trust&GO option. Pre-configured and provisioned with a changeable default thumbprint certificate and a minimum MOQ of 2000 units. Using the ATECC608A-TFLXTLS secure element which comes with pre-established locked configuration which supports the most common cloud authentication use cases.

Following are use cases for the TrustFLEX:

  • Certificate-based authentication for any Public Key Infrastructure (PKI), any cloud platform

  • Token-based authentication

  • Secure boot

  • OTA verification

  • Firmware IP protection

  • Message encryption

  • Key rotation

  • I/O protection key

  • Host accessory Authentication

If none of these meet the requirements you should look into the TrustCUSTOM platform.

Follow these steps for the TrsutFLEX option:

  1. Download the datasheet

  2. Install Trust Platform Design Suite

  3. Buy Trust Platform hardware then integrate your application code into the microcontroller.

  4. Once the C code is working in your embedded application, you are ready to create the configuration file using the TrustFLEX configurator that is available in the Design Suite. Once the configuration file is finalized, submit a support ticket to obtain your encryption key. Encrypt the configuration file using the provided utility, load it in the support ticket and you will receive provisioned validation devices from our Hardware Secure Module (HSM) equipped factories.

Stack examples with TrustFLEX:

AWS IoT core

Microsoft Azure

Third-Party TLS

TrustCUSTOMtrust%20custom

This option is if you looked at Trust&GO and TrustFLEX and they don’t meet your needs. TrustCUSTOM takes longer and has more steps, but is fully customizable. Start with the ATECC608A-TCSM secure element and use the tools provided by Microchip to meet the security requirements you choose. This option requires contact with Microchip sales and a Non-disclosure agreement must be setup. MOQ of at least 4000 units.

For TrustCUSTOM follow these steps:

  1. Before getting started make sure Trust&GO or TrustFLEX options will not meet the standards you need. TrustCustom datasheet.

  2. Establish contact with Microchip sales organization either directly or through one of the distribution partners to set up a Non-Disclosure Agreement (NDA).

  3. Buy the Trust platform hardware.

  4. Download and review the CryptoAuthLib library from Github.

  5. Submit a support ticket and request TrustCUSTOM design tool.

  6. Once configuration is tested and working, submit another ticket for a secret package exchange.

Development Tools to use With the Trust Platform:

  • CryptoAuth Trust Platform Development Kit

dm320118

(DM320118) Digi-key Part Number: 150-DM320118-ND

This USB-based development kit includes a SAM D21 MCU, debugger, mikroBUS socket and on-board ATECC608A secure element with Trust&GO, TrustFLEX and TrustCUSTOM options.

  • ATECC608A Trust Platform Kit

ATECC608A

(DT100104) Digi-key Part Number: 150-DT100104-ND

Add-on board to the CryptoAuth Trust Platform Development Kit (DM320118), this kit provides a mikroBUS footprint for adding soldered-down versions of Trust&GO, TrustFLEX or TrustCUSTOM secure elements.

  • CryptoAuthentication SOIC Socket Kit

AT88CKSCKTSOIC

Provides an SOIC8 socket that accommodates the ATECC608A or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.

  • CryptoAuthentication UDFN Socket Kit

AT88CKSKTUDEN

(AT88CKSCKTUDFN-XPRO) Digi-key Part Number: AT88CKSCKTUDFN-XPRO-ND

Provides a uDFN8 socket that accommodates theATECC608A or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.

  • AVR-IoT WG Development Board

ac164160

(AC164160) Digi-key Part Number: AC164160-ND

The AVR-IoT WG development board combines 8-bit ATmega4808 MCU and the ATECC608A CryptoAuthentication secure element IC with fully certified ATWINC1510 Wi-Fi network controller that provides simple and effective ways to connect to Google’s Cloud IoT core platform.

  • PIC-IoT WG Development Board

ac164164

(AC164164) Digi-key Part Number: AC164164-ND

The PIC-IoT WG development board combines PIC24FJ128GA705 MCU and ATECC608A CryptoAuthentication secure element IC with certified ATWINC1510 Wi-Fi network controller to provide a simple and effective way to connect to Google’s Cloud IoT core platform. This also includes an on-board debugger and does not need external hardware to program and debug the MCU. Add a sensor using the mikroBUS header to interface to MikroElekronika Click boards.

  • WiFi 7 click

wifi%207%20click

(MIKROE-2046) Digi-key Part Number: 1471-1775-ND

Click board from MikroElektronika which includes an ATWINC1500 Wi-Fi module and can be used to add TCP/IP and TLS links to the CryptoAuth Trust Platform Development Kit (DM320118).

  • Shuttle click

shuttle%20click

(MIKROE-2880) Digi-key Part Number: 1471-1948-ND

Click board from MikroElektronika that allows you to stack up to four Click boards on a single mikroBUS socket.

  • mikroBUS Shuttle

mikrobus%20shuttle

(MIKROE-2882) Digi-key Part Number: 1471-1949-ND

Intended to be used with Shuttle click to expand the mikroBUS socket with additional stacking options. One Shuttle click can support up to four mikroBUS Shuttles.

Information and pictures provided by Microchip.com