Nuvoton – M2354 Update – M23 with ARM Trustzone and DICE

Nuvoton – M2354 Update – M23 with ARM Trustzone® and DICE: Since its foundation in 2008 (as a spin-off from Winbond Electronics), Nuvoton has focused on the development of microcontrollers.

The M2354 microcontroller family was developed for IoT and other applications that benefit from separation into a secure and non-secure “world” using ARM Trustzone® technology. This family has now been expanded to include additional derivatives that meet PSA Level 3 and SESIP Level 3 security standards, enabling implementation of the requirements of the Cyber Resilience Act (CRA).

Nuvoton – M2354 Family Update – What’s new?

These four new derivatives of the M2354 family continue to use a Cortex M23 core (up to 96 MHz) with Trustzone implementation in the ARMv8-M architecture. All new derivatives come with 1024 kB FLASH and 256 kB SRAM. In addition to the three existing package variants (LQFP48, LQFP64, and LQFP128), Nuvoton now offers the M2354CJFAE, a very space-saving WLCSP49 variant measuring just 3.455 mm x 3.725 mm.

Standby power down with 2 µA and deep power down with battery backup via VBat at 500 nA offer many opportunities to extend the battery life of the product in the field.

Improvement of security features in the M2354

As mentioned at the beginning, the most significant innovation is the implementation of a Device Identifier Composition Engine (DICE).

This allows step-by-step verification of the bootloader and firmware to check against unauthorized modifications. The new M2354 thus supports the root-of-trust architecture with regard to the secure boot mechanism. The DICE in the M2354 is based on the SHA-512 and ECDSA P-521 algorithms. The diagram shows the step-by-step verification process. For a general, more detailed description of the functional sequence, please refer to the documentation about Android or the specification of DICE protection environments of TCG.

Looking ahead

With the Cyber Resilience Act, Europe is responding to the increasing threat to connected devices in the IoT and other applications. The extension and obligation to implement Articles 3.3 d to 3.3 f of the RED by August 1, 2024, represents preparation for the CRA. You can find out exactly what this means in our summary here.

The new M2354 MCUs from Nuvoton are ideally suited to meet the requirements that will become mandatory with the CRA. We are happy to support and advise you, together with our partners such as Nuvoton, Cyberwhiz, Winbond, and SealSQ, to ensure you are well prepared.

For applications in the defence, medical technology, or government communications sectors, other topics such as PQC (post-quantum cryptography) are also relevant. The time horizon here is somewhat longer. If you are already considering this topic, talk to us about the hardware solutions currently available.

Are you embarking on the next generation of device development, and is security a relevant factor? Contact us directly about the new derivatives of the Nuvoton M2354 family update with DICE or other aspects. Send us your inquiry here, and we will get back to you as soon as possible.