Cryptographic microcontroller protects against Rootkit and Bootkit malware
Microchip has assembled a cryptographic microcontroller, custom firmware and provisioning service to enable platforms to detect and stop malicious firmware.
The CEC1712 microcontroller with Soteria-G2 custom firmware is designed to stop malicious malware such as rootkit and bootkit for systems that boot from external serial peripheral interface (SPI) flash memory. A bootkit targets the master boot record on the computer’s motherboard whereas a rootkit loads before an operating system boots and is able to hide from conventional anti-malware software.
Microchip’s Soteria-G2 custom firmware on its CEC1712 Arm Cortex-M4-based microcontroller provides secure boot with hardware root of trust protection in a pre-boot mode. It also provides key revocation and code rollback protection during operating life enabling in-field security updates. The CEC1717 complies with NIST 800-193 guidelines and detects and recovers from corruption. The secure boot with hardware root of trust protects the system against threats before they can load and only allows the system to boot using software trusted by the manufacturer.
The Soteria-G2 firmware is designed to be used in conjunction with the CEC1712 to allow designers to simplify the code development to speed adoption and implementation of a secure boot and reduce risk. Soteria-G2 uses the CEC1712 immutable secure bootloader, implemented in read-only memory (ROM), as the system root of trust.
The CEC1712 secure bootloader loads, decrypts and authenticates the firmware to run on the CEC1712 from the external SPI flash. The validated CEC1712 code authenticates the firmware stored in SPI flash for the first application processor. Up to two application processors are supported with two flash components supported for each. Microchip or Arrow Electronics offer the option of pre-provisioning of customer-specific data. Pre-provisioning manufacturing helps prevent overbuilding and counterfeiting. Microchip says that in addition to saving months of development time, the solution simplifies provisioning logistics, making it easy for customers to secure and manage devices without the overhead cost of third-party provisioning services or certificate authorities
Aiden Mitchell, vice president of IoT at Arrow Electronics, believes that, as 5G, connectivity and autonomous machine adoption advances, customers will increasingly request secure provisioning.
In addition to preventing malicious malware during pre-boot in 5G and data center operating systems, Microchip’s CEC1712 and Soteria-G2 combination is a security enabler for connected autonomous vehicle operating systems, automotive advanced driver assistance systems (ADAS) and other systems that boot out of external SPI flash.
Microchip’s CEC1712 and Soteria-G2 package offers several options for software and hardware support. Software support includes Microchip’s MPLAB X IDE, MPLAB Xpress, and MPLABXC32 compilers. Hardware support is included in programmers and debuggers including the MPLAB ICD 4 and PICkit 4 programmer/debugger.
The CEC1712H-S2-I/SX is available now in volume production, and includes Soteria-G2 firmware.
