Trust Platform Design Suite V2

Trust Platform Design Suite V2 introduction

Dear User - thank you for onboarding with Microchip Security solutions through the Trust Platform Design Suite V2.

You will find all necessary information to learn, understand and prototype security Use Cases and you will be able to integrate the relevant security features inside your embedded system as well as starting the provisioning process. The typical journey is as follow:

Education & theory

• Learning center: tutorial videos to start with embedded security concepts and implementation.
• Interactive Application Notes (Use Cases): understand Cryptographic Asset List, Use Case steps and execute it through the interactive transaction diagram.

Development

• C code integration: leverage existing MPLAB projects (Microchip microcontroller) or C Code example (non-Microchip Microcontroller) for requested Use Case(s).
• Configurator
  • Secure system configuration: finetune (TrustFlex) the Secure System configuration (Secure data & slot policies) or configure (TrustCustom) your Secure System.
  • Secure Data Exchange (TrustFlex / TrustCustom): Generate the provisioning package to start the Secure Data Exchange process with Microchip HSM provisioning system.

(Pre)Production

• Verification Samples: procure Verification samples to validate the Secure System configuration and the Secure Data Exchange process.
• Start of Production: after Verification Samples approval, start procurement of your custom Secure System through Microchip provisioning system.

Home Page walkthrough

In the Home Page, you can find 3 sections:

• Select your Security Solution
• Part Number Parametric List
• Learning Center

Select your Security Solution

This interactive plugin helps you to identify the best security solution(s) for the Use Cases you will implement in your secure Embedded System. You can filter output by Uses Case(s) (mandatory), Application category (optional) and Product category (optional). When selecting the Use Case(s), it will show below the supported Security Solutions. You will then be able to - Open the relevant Use Case(s) per Security Solution to access the Interactive Application Note and the relevant C Code project - Click on Usecase. - Open the Security Solution configurator to start the provisioning process (Configurator and Secure Exchange process) – click on Configurator.

Part Number Parametric List

This page list Microchip’s security solutions partially or fully supported by the Trust Platform Design Suite. This list will continue to grow as Microchip release new solutions with integrated hardware security.

Learning Center

You will find videos to start onboarding with high-level security concepts as well as dedicated training for specific Use Cases (Cloud Authentication, accessory authentication...). Please reach out to Microchip if you are looking for additional content.

Use Case walkthrough

Use Cases are formatted as follow:

Introduction

The introduction will help to understand the intend of the Use Case that will be implemented in the embedded system, at system level.

Cryptographic asset list and Use Case implementation

• The cryptographic asse list will show the relevant resources required from the Secure System, whether it is Keys (Private Keys, Public Keys, Symmetric Keys) or Data (Certificates, Immutable data).
• The Use Case implementation will define the different steps to be implemented during development phase (generation of the keys for example) and during the run-time of the product both in the customer backend and inside the embedded system.

Interactive transaction diagram

• This part will allow you to visually understand the execution of the Use Case.
• In addition, with the help of the relevant evaluation kit connected to your computer, you will be able to run the steps of the Use Case by clicking on the steps number by chronological order.

• Finally, you will be able to open the relevant C code that will have to be implemented in your embedded system. For usage with Microchip Microcontroller, under MPLAB project, you will have access to the MPLAB project (requires the installation of MPLAB and path setting in the TPDS setting menu). For usage with non-Microchip Microcontroller, under C Code, you will have access to the C Source code.

• Select the supported evaluation kit:

  

• Execute the Use Case by clicking on the steps:

  

• Verify each step output in the Terminal:

  

• Access to the MPLAB project or C Source Code:

  

• Conclusion:

  • The conclusion will guide you through the next step to start the configuration of your Secure System through the Secure Exchange process and will remind you with the relevant slots (if applicable) to be populated during the Configuration.

TrustFlex Configurator walkthrough

ATECC608-TrustFlex Configurator

After validating the correct Use Case(s) to be implemented in your Embedded Design, you can now move to the next steps:

• Secure System configuration
• Secure Data Exchange process

The process starts with opening a support case on Microchip Technical Support Portal for Direct Customer or through your channel partner – Microchip’s Provisioning team will provide:

• a unique Custom Part Number and associated unique HSM encryption key per project.
• for Custom PKI only:
  • a MAN-ID (Manufacturer ID)
  • Certificate Signing Request (CSR) to be signed by your Root Certificate Authority (CA)

The Secure System configuration of the ATECC608-TFLXTLS consists of:

• Selecting the Use Case(s)

  

• Adding your secrets (symmetric keys) / immutable data (Public keys, data…) inside the highlighted slots and finetune configuration if needed (Disable slot write permissions)

  

• Detailed example:

  

• Adding the Part Number and MAN-ID (if Custom PKI Use Case is selected):

  

• Then you can:

  • Optional: generate the Provisioning Package for prototyping purpose

    

  • Optional: provision your ATECC608-TFLXTLS-PROTO samples (through the DM320118 evaluation kit)

• Mandatory: generate the Encrypted Provisioning Package for Secure Exchange purpose that will allow you to procure the Verification Samples

Verification Samples: - You (or your channel partner) will need to upload the encrypted provisioning package in the support case on Microchip Technical Support Portal. - You will then be able to procure Verification Samples through the related Microchip-Direct account.

TrustCustom Configurator walkthrough

ATECC608-TrustCustom Configurator

The TrustCustom configurator extension for the ATECC608-TCSM is available under NDA.

Please navigate to SW-ATECC608-TCSM to request the extension through myMicrochip / Secure File Request.

The SW-ATECC608-TCSM software package is the extension to the Trust Platform Design Suite V2 enabling full customization of the ATECC608 device and leveraging Microchip TrustCustom provisioning flow starting an MOQ (Minimum Order Quantity) of 4000 units.

This extension is only available after signing an NDA and with Business Unit marketing approval. After NDA and Marketing hold release, you will be granted access to enable the TrustCustom extension in the Trust Platform Design Suite V2.

Support Tools:

• DM320118

• DM320118 + DT100104

• DM320118 + mikroE Secure UDFN or Secure SOIC + ATECC608B samples

TA100-TrustCustom Configurator

The TrustCustom configurator extension for the TA100-TCSM is available under NDA.

Please navigate to SW-TA100-TCSM to request the extension through myMicrochip / Secure File Request.

The SW-TA100-TCSM software package is the extension to the Trust Platform Design Suite V2 enabling full customization of the TA100 device and leveraging Microchip TrustCustom provisioning flow starting an MOQ (Minimum Order Quantity) of 4000 units.

This extension is only available after signing an NDA and with Business Unit marketing approval. After NDA and Marketing hold release, you will be granted access to enable the TrustCustom extension in the Trust Platform Design Suite V2.

Support Tools:

• DM320118 + TA100 8-pin SOIC CryptoAutomotive™ socket Board

• DM320118 + TA100 14-pin SOIC CryptoAutomotive™ socket Board