Telecoms, Datacoms, Wireless, IoT


NXP’s EdgeLock provides secure enclave for IoT devices

28 April 2021 Telecoms, Datacoms, Wireless, IoT

NXP Semiconductors has unveiled the EdgeLock secure enclave, a preconfigured, self-managed and autonomous on-die security subsystem that offers intelligent protection for Internet of Things (IoT) edge devices against attacks and threats. Fully integrated as a built-in security subsystem across NXP’s upcoming i.MX 8ULP, i.MX 8ULP-CS and i.MX 9 applications processors, it eases the complexity of implementing robust, system-wide security intelligence for IoT applications.

This secure enclave enables developers to more easily achieve their security goals, freeing them to focus on new ways to differentiate their edge applications. By integrating secure enclave into many upcoming EdgeVerse processor families, NXP will provide developers with a wide range of scalable options to more easily deploy state-of-the-art security in thousands of edge applications including smart home devices, wearables, portable healthcare devices, smart appliances, embedded controls and industrial IoT systems.

“Billions of IoT products deployed at the edge have become attractive targets for attacks. Providing a security framework based on strong isolation enables device makers to focus on the functionality and rely on the tested and proven security from NXP,” said Wolfgang Steinbauer, vice president and head of Crypto and Security, NXP. “Building on NXP’s strong history of providing end-to-end security solutions, we’ve engineered the EdgeLock secure enclave to simplify the deployment of robust security mechanisms and meet the ever-increasing demand for scalable, easy-to-implement IoT security. Embedded developers can now focus on their applications and time-to-market challenges and let the EdgeLock secure enclave technology handle the underlying complexities of securing the IoT.”

‘Security HQ’, a fortress in a chip

The self-contained, on-die hardware security subsystem has its own dedicated security core, internal ROM, secure RAM and supports state-of-the art side channel attack resilient symmetric and asymmetric crypto accelerators and hashing functions, providing an array of security services to the other user-programmable cores within the SoC. In essence, the secure enclave functions like a security headquarters or fortress inside the system-on-chip (SoC), storing and protecting key assets, including root of trust and crypto keys to protect the system against physical and network attacks.

This subsystem is isolated from the other processor cores that handle applications and real-time processing functions. This physically-siloed architecture supports a well-defined security perimeter within the SoC, simplifies development of secure IoT products and enhances SoC and application security by isolating secure key store management, cryptography and other important security features.

Beyond crypto

The secure enclave provides flexible policies and controls that extend security practices beyond mainstream cryptography. It enables autonomous management of critical security functions including silicon root of trust, run-time attestation, trust provisioning, SoC secure boot enforcement, fine-grained key management augmented by extensive crypto services for advanced attack resistance, while also simplifying the path to security certifications.

Advanced tamper detection and response techniques protect the entire root of trust, ensuring functional integrity during operation of the secured processor. When an attack is detected, the secure enclave system is designed to block it.

The EdgeLock secure enclave is designed to intelligently track power transitions when end-user applications are running on the processors. This unique ‘power-aware’ capability enhances resistance and prevents new attack surfaces from emerging by enforcing security policies when the application processor’s heterogeneous cores enter different power modes.

It uses managed agents to extend security across the SoC domains outside of the security HQ. These autonomous agents establish and maintain system-wide security capabilities, manage keys and enforce policies across domains. The agents operate independently through private buses within the SoC to ensure that other system domains, for example, those running Linux or an RTOS, are always protected, especially during power mode transitions.

Preconfigured security policies help developers reduce the complexity of security implementations and avoid costly integration errors for faster time to market. The EdgeLock secure enclave supports provisioning services outside of the enclave, offering a simpler path to security certifications. This on-die security technology also supports the latest IoT use cases such as secure connection to public/private clouds, device-to-device authentication and sensor data protection.

The EdgeLock secure enclave will be fully integrated as a standard security feature across i.MX 8ULP, i.MX 8ULP-CS and i.MX 9 applications processor families and more upcoming EdgeVerse products.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Module provides 4G LTE Cat 1 bis connectivity
Dizzy Enterprises Telecoms, Datacoms, Wireless, IoT
Mikroe adds 4G LTE Cat 1 bis connectivity where reliable data transmission and low power consumption are critical with the GC02S1-EU2 module.

Read more...
Enabling next-generation FPGA and SDR innovation
RFiber Solutions Telecoms, Datacoms, Wireless, IoT
Puzhi Electronic Technology has established itself as a dynamic provider of advanced ARM and FPGA-based solutions, delivering a comprehensive ecosystem of products designed for modern embedded and high-performance computing applications.

Read more...
Magnetic mount antenna takes the hassle out of 4G installations
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
Designed for fast, tool-free installation, the YECN022CA 4G magnetic mount whip monopole antenna gives wireless devices a dependable cellular link in the field, where installation time and signal reliability both matters.

Read more...
Engineering for failure: why resilient telemetry matters more than perfect connectivity
Editor's Choice Telecoms, Datacoms, Wireless, IoT
One of the biggest assumptions in modern tracking systems is that connectivity will always be available. From an engineering perspective, this creates an interesting problem.

Read more...
Wi-Fi and Bluetooth smart module series integrates intelligence
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
Quectel Wireless Solutions has expanded its smart module portfolio with the SH503FM, a new-generation series of Wi-Fi and Bluetooth smart modules.

Read more...
Edge AI improves condition monitoring
EBV Electrolink AI & ML
STMicroelectronics has introduced the IIS3DWB10IS, an intelligent MEMS vibration sensor designed for high-performance industrial condition monitoring applications.

Read more...
Powering smart sensor networks
CST Electronics Telecoms, Datacoms, Wireless, IoT
NeoCortec’s NeoMesh wireless mesh networking protocol and software stack is ideally suited for powering smart sensor networks where each device is required to send and receive small packets of data infrequently, but with high reliability.

Read more...
Lessons in long-distance telemetry
Omniflex Remote Monitoring Specialists Telecoms, Datacoms, Wireless, IoT
Ian Loudon, international sales and marketing manager at Omniflex, reflects on some of the key engineering lessons learned from decades of deploying wireless telemetry systems in demanding industrial applications.

Read more...
PEAK’s first automotive Ethernet solution
Industrial Data Xchange (IDX) Editor's Choice Telecoms, Datacoms, Wireless, IoT
The PAE-Media Converter is a robust and compact device designed to connect Automotive Ethernet (100BASE-T1 or 1000BASE-T1) with standard Ethernet (100BASE-TX or 1000BASE-T) networks.

Read more...
Compact LTE connectivity for IoT
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
The Quectel EG916Q-GL is a compact LTE Cat 1 bis module designed to provide reliable and cost-effective cellular connectivity for IoT and M2M applications.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved