Two Firms Collaborate to Reimagine the Role of the Secure Element
The new architecture has the secure element as the Master, while the CPU serves as the Subordinate.
With the digitization of modern life and the proliferation of data, security has become among the biggest concerns for engineers. Within this, creating a secure design can come at many levels, ranging all the way from the hardware, to the software, to the system architecture that gets employed in a device.
Last week, GreenWaves Technologies and Tiempo Secure announced their collaboration to demonstrate a new system architecture that they claim brings greater levels of security to SoC designs. In this article, we’ll discuss the concept of a secure element, the traditional roles of master and subordinate (slave), and the new architecture crafted by the two companies.
Terminology Note: Although the terms “master” and “slave” have long been used together in the electronics industry, those terms are discouraged these days for obvious and valid social reasons. The industry as a whole has not yet come to any widespread agreement on replacement terms. For this article, we’ve decided to use the term “subordinate” to replace “slave.”
What is a Secure Element?
A central element of the new architecture proposed by the two companies is the use of a secure element in an SoC system. On a high level, a secure element is a tamper-resistant component embedded within an SoC that provides hardware-level security to sensitive data and operations.
Designed explicitly to protect sensitive information and protect against unauthorized access to the system, secure elements are added to hardware systems to provide high-security storage of data and sensitive information such as cryptographic keys.
Example secure element applications. Image from NXP Semiconductor
In practice, the secure element can often be implemented as an MCU that is physically isolated from the rest of the system and contains its own memory and processor. In the context of an SoC, secure elements can be integrated into the same chip as the rest of the system. Regardless of the implementation, secure elements work to communicate with the rest of the system through a set of dedicated communication channels to share secured information.
Additionally, a secure element can perform critical security functions such as encryption and decryption, digital signatures, and secure boot.
Master vs Subordinate
With respect to communication in digital electronics, there are generally two types of devices: master devices and subordinate devices.
I2C communication employs a master/subordinate topology, with an MCU as the master, and I2C devices as subordinates. Image used courtesy of Embedded Lab
An All About Circuits article by Tyler Charboneau both explains the background of the “master/slave” scheme in electronics and addresses how the use of these terms have come into question in our industry. The terms master/subordinate are used to describe the hierarchical link between components in an electronics circuit, where the master has communication priority, can serve as a hub, and essentially controls the process flow of a communication scheme.
Because of this, the more powerful and central computing devices in a system are designated as master devices, while peripheral devices, like sensors, are designated as subordinate devices.
Classically, a secure element is integrated into a system as a subordinate device since it is often viewed as more of an accessory to the system.
Flipping the Script
In their joint effort announced last week, Tiempo Secure and GreenWaves Technologies teamed up to demonstrate a new secure element architecture that enables greater levels of system security.
Within this, the companies flipped the script on the traditional secure element hierarchical roles and devised a new architecture where the secure element acted as the master device within the SoC. By implementing the secure element as the master device in the SoC, the companies were said to have unlocked a number of security advantages over traditional architectures.
Block diagram of the TESIC RISC-V CC EAL5+ Secure Element. Image from Tiempo Secure
First, since the secure element was the master in their architecture, that means that it was the first component to boot when the device was started. By having the secure element boot first, the team was able to ensure that security measures are always activated within a device, adding a higher degree of security to the system.
Beyond this, the new architecture enables the storage of boot code to be stored in rewritable memory, as opposed to ROM. This allows for the ability for secure software updating as well as a generally more flexible memory allocation within the SoC.
According to the companies, this project, which was supported by the French government, has been a successful step in a series of initiatives to create safer and more secure digital systems moving into the future.