Arm’s Cortex-M23 and Cortex-M33 microcontroller architecture incorporates the latest TrustZone features for the ARMv8-M, but they’re simply designs that vendors can build products on. Microchip has taken the Cortex-M23 and delivered it in a pair of microcontrollers designated the SAM L10 and SAM L11 (Fig. 1). Since the latter incorporates the 32-MHz SAM L10 platform and integrates the security features, developers can choose whether they need the additional security support found in the SAM L11.
1. The SAM L10 and SAM L11 share a common Cortex-M23 architecture. The SAM L11 also supports the enhanced security support.
Both chips include Microchip’s picoPower support that has multiple sleep modes, and event system and Microchip’s SleepWalking technology. The latter takes advantage of the event system and enables the main processor to remain in sleep mode. Peripherals such as the I2C interface can check for an address match, allowing the system to operate using less power. The technology has been employed in earlier SAM platforms.
Microchip’s picoPower support uses less than 25 µA/MHz in active mode and less than 600 nA in sleep mode with full RAM retention. This represents a 152% improvement over the SAM L21 and twice that of competing microcontrollers. The chips use less than 100 nA in shutdown mode with a 1.5-µs wakeup time. The software-development tools include a power debugger and power data visualizer.
The L10 and L11 also include Microchip’s peripheral touch controller (PTC). The PTC can handle up to 100 buttons and operates in parallel, providing up to a 400% performance improvement, according to the company. The chips come with 64 kB of flash and 16 kB of SRAM. There is an 8-kB boot ROM that provides multiple boot options, such as secure boot for the SAM L11.
Thanks to the SAM L11 TrustZone support, the chip can isolate application code from trusted code (Fig. 2). The SAM L11 also includes a hardware crypto accelerator, secure nonvolatile memory, and secure debugging support. The SAM L10 does share secure key storage and a hardware random number generator with the SAM L11. The SAM L11 also prevents physical attacks like microprobing and side-channel attacks with chip-level tamper resistance and silent access countermeasures.
2. The SAM L11 isolates application code from trusted code and the security peripheral support.
Microchip does more than just deliver secure hardware with the SAM L11. It also provides security software and third-party support to take advantage of the hardware in addition to the software-development tools like the Atmel Studio integrated development environment (IDE). Software support includes Atmel START and Atmel START TrustZone Manager. There are third-party IDEs, too, such as IAR Embedded Workbench and Arm Keil MDK.
The third-party support comes from Trustonic. Its Kinibi-M software-development kit (SDK) provides an abstraction layer for the security hardware (Fig. 3). This allows developers to take advantage of the hardware without needing to address the driver details. Trustonic provides services like key provisioning with its Secure Thingz Key Provisioning.
3. Trustonic’s Kinibi-M software provides end-to-end security support insulating developers from the security hardware.
The $58 SAM L10 and L11 Xplained Pro Kits are available to developers (Fig. 4). Both have mikroBUS sockets, Xplained Pro expansion headers, and an on-board debugger. The chips are housed in 24- and 32-pin packages.
4. The SAM L10 and SAM L11 Xplained Pro Kits have mikroBUS sockets, Xplained Pro expansion headers, and an on-board debugger.
Developers will likely choose the SAM L11 for secure applications, such as devices for the industrial Internet of Things (IIoT), where secure communication is only part of the puzzle. The other security features of Cortex-M23 fill out the rest of the puzzle. Having the simpler, lower-cost SAM L10 available allows the same tools and code to run if the advanced security features aren’t required. The SAM L11 sets the bar for microcontroller security.