Hackers Often Target Flash Memory. New NOR Flash Devices Introduce Extra Layers of Protection
In a move that shows the power of the Infineon-Cypress duo, the companies introduce what they term the "world’s most advanced, secured NOR Flash memory."
Today’s electronic devices face a gamut of security threats, both internet-based and from physical tampering. This means that all levels of a design require local protection, and that includes memory—especially external memory unprotected by SoC defenses.
To address the issue of memory security, Infineon and its recently-acquired branch Cypress Semiconductor announced today an addition to its established Semper NOR flash memory platform: the Semper Secure NOR Flash memory.
Semper Secure NOR Flash is said to be the first memory solution to combine security and functional safety in a single NOR flash device.
Built-in Security for NOR Flash Memory
Infineon/Cypress says some of the highlights of the Semper Secure Flash devices include hardware root-of-trust, which afford the device an unclonable identity, and end-to-end protection. This latter feature allows designers to secure regions with configurable access to allow authenticated and encrypted transactions. The companies also tout the new devices' flexible embedded compute architecture, including a hardware-accelerated crypto engine and cryptography algorithms.
The Semper Secure NOR Flash family extends the secure environment to flash memory not contained within the SoC’s security envelope. Image used courtesy of Infineon/Cypress
“As systems increasingly rely on external flash to protect code and data in connected systems, the need for added advanced cryptographic security in memory is growing,” said Sam Geha, President of memory solutions at Infineon.
"Our Semper Secure Flash architecture . . . adds a secure subsystem to the already most functionally safe Semper products to enable end-to-end persistent protection and efficiently protect a system from being compromised.”
Semper Secure NOR Flash memory secure architecture. Image used courtesy of Infineon/Cypress
Jim Handy, President of Objective Analysis, adds insight to this concept, explaining that as Flash moves beyond a host processor, designers must be extra concerned about securing embedded systems. He claims that Infineon's move to secure Flash memory (which can no longer be embedded in an MCU) is a "compelling architecture" because it offers designers more versatility.
Specifications of the Semper Secure NOR Flash
The Semper Secure NOR Flash family is available in three different density options: 128 Mb, 256 Mb, and 512 Mb. They operate at 1.8 V and 3.0 V and include AEC-Q100 qualified devices with a temperature range of -40°C to +125°C.
One unique aspect of the Semper NOR Flash memory family is its MirrorBit technology. MirrorBit is designed for high-density NOR Flash process technology, storing two bits per cell.
Diagram of MirrorBit Technology. Image used courtesy of Infineon/Cypress
Some of the notable onboard diagnostics of the devices include SafeBoot and error checking. The devices also feature quad SPI, Octal SPI, and HyperBus interfaces. The latter two are compliant with the JEDEC eXpanded SPI (xSPI) standard with a read bandwidth of up to 400 MBps.
Infineon/Cypress say that the devices' EnduraFlex architecture enables optimization for high endurance or long data retention partitions, thereby simplifying system design. Possibilities include multiple partitions providing up to 25-year data retention and endurance of over a million cycles.
Features for Hardware Security
When hackers target a system, one of their key aims is to breach the flash memory device, which, importantly, contains security keys, boot code, and other sensitive data. The Semper Secure NOR Flash family features a number of specs to provide functional safety and reliability to such flash memory devices.
Automotive systems that can be tampered with through memory systems. Screenshot used courtesy of Infineon/Cypress
A few features that are especially relevant include:
- Secure Boot. The integrity of the stored boot code can be verified by with no additional overhead.
- Secure storage. Multiple partitions are devoted to separate owners.
- Remote firmware updates and diagnostics. A remote server or cloud-based source writes to secure Flash and the host SoC will only read from that safe source.
- Crypto mode operating environment. Crypto mode packets arrive in a packet write buffer and are parsed by Semper Secure. The secure transaction is performed, and the result is placed in the packet read buffer where they can be safely read.
Infineon/Cypress offer a development kit for the new Semper Secure Nor Flash solution to help designers work the device into their designs.
Featured image (screenshot) used courtesy Infineon/Cypress Semiconductor
If you work with connected vehicles, smart factories, or other systems that require secure memory, what is the role of NOR Flash memory in your design process? Share your experiences in the comments below.