RA Family of 32-bit Arm Cortex-M Microcontrollers Offers Ultimate IoT Security with Renesas’s Secure Crypto Engine and Arm TrustZone
Renesas Electronics Corporation announces both PSA Certified Level 2 and Security Evaluation Standard for IoT Platforms (SESIP) certifications for its RA Family of 32-bit Arm Cortex-M microcontrollers (MCUs).
Renesas’ RA6M4 MCU Group devices with the Flexible Software Package (FSP) have been PSA Level 2 certified, expanding on the PSA Certified Level 1 achieved by RA4 and RA6 Series MCUs. Renesas’ RA6M3, RA6M4, and RA4M2 MCU groups have achieved SESIP1 certification with Physical and Logical Attacker certifications.
In addition to these widely recognized industry certifications, Renesas RA MCUs offer customers the ultimate IoT security by combining Secure Crypto Engine IP with NIST CAVP certifications on top of Arm TrustZone for Armv8-M. RA Family devices incorporate hardware-based security features from simple AES acceleration to fully-integrated crypto subsystems isolated within the MCU. The Secure Crypto Engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.
“Renesas understands that security is essential for IoT designers, so we have engineered the RA Family from the ground up with security in mind,” said Roger Wendelken, Senior Vice President in Renesas’ IoT and Infrastructure Business Unit. “These industry certifications augment what is already the most secure device family in the industry for IoT applications.”
“We are glad to work with Renesas on the SESIP and PSA Certified certifications. Renesas RA Family certifications are prime examples of the relevance of security standards for the industry,“ said Carlos Serratos, Senior Director of Strategy, Policy and Advocacy at Brightsight. “From an OEM perspective, there is an increasing awareness of the value of certified devices as a tool for managing risk, and for aligning with multiple device certifications. While this is particularly relevant for devices used in critical infrastructures, it is steadily becoming the norm for the rest of the IoT domain.”
PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standardized resources addressing the growing fragmentation of IoT requirements, ensuring security is no longer a barrier to product development. PSA Certified through a third- party laboratory evaluation of a PSA Root of Trust (PSA-RoT), PSA Certified Level 2 provides evidence of protection against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.
SESIP is an optimized version of Common Criteria methodology (ISO 15408-3) for the evaluation of IoT components and connected platforms. SESIP defines a catalogue of Security Functional Requirements (SFRs), which the product developer can use to build their secure device, scaling appropriately for their specific threat model and use case. SESIP also incorporates and refines Common Criteria Security Assurance Requirements (SARs), including the requirement ALC_FLR.2 Flaw Reporting Procedures, which Renesas addresses with its Renesas PSIRT (Renesas Product Security Incident Response Team) process and public web interface. Specifically designed for SFR reuse and mapping to other certifications, the SESIP methodology enables product developers to pursue appropriate certification of their device to other industry-standard certifications such as IEC 62443.