EN 
DE 
The latest generations of multicore microcontrollers can meet the highest demands for networked systems and data security. However, developers need the right knowledge, from defining requirements to implementation, to effectively protect data in this environment.
Even entry-level smartphones costing around €200 now feature an eight-core processor. These new 32-bit multicore microcontrollers offer significantly more performance than their single-core predecessors, even at comparatively low clock speeds. Overall, the Performance of the processor with each additional processing core. In multicore systems, a single program can be processed more quickly on multiple CPUs, or several software tasks can be executed in parallel.
Although performance was an important driver for the development of more cores, battery life and therefore the... plays a crucial role in mobile devices. Energy efficiency Another important factor: How long will the device be available to me on a single battery charge before I need to plug it back into the power supply?
For a mobile device that typically operates in diverse network environments and continuously receives data from cloud services via email, social media, and messaging apps, data security is essential. Smartphones are now a critical part of our identity and therefore require particularly close attention to data security. Data security This mobile multicore system therefore requires crypto hardware with high demands on the encryption of stored and transmitted data. The higher the required data security, the more complex the encryption mechanisms.
In summary, the following three elements are indispensable for reliable mobile communication systems today:
Performance + Energy efficiency + Data security
= Modern reliable mobility
How is a modern 32-bit multicore microcontroller structured, and which areas require special protection through encryption?
- The Bus systems connect the CPU to program and data memory and peripheral modules.
- In the Program memory The flow control sequences (programs) of the different processes are stored.
- In the Data storage The data generated during the processing of the control sequences will be stored.
In addition, there are the Peripheral modules:
- timer for the timing control and monitoring of program and signal sequences
- Serial interfaces, such as SPI interfaces for communication with display units, as well as USB modules for communication with other USB devices for storing data via the USB protocol (on USB sticks or similar).
- PWM units for generating PWM signals, e.g. for controlling motors, brightness of LEDs, etc.
Proper storage partitioning – the key to success
A flawlessly functioning system that is intended to solve and process different tasks simultaneously and access shared resources (such as program/data memory) without data loss or unintentional data manipulation requires strictly separate storage partitions or time-controlled access to shared storage areas or peripheral modules, such as a USB interface.
The CPUs must not interfere with each other when using shared memory and other resources for different tasks within a microcontroller. A successful software project requires a clear allocation and separation of available resources to the software tasks to be solved.
Storage partitioning is the basis for
- Consistent data during parallel data processing
- secure data to ensure the Functional safety
- Encrypted and therefore protected data in storage and during data transmission
Parallel data processing in multicore microcontrollers
Multicore systems enable different apps to run simultaneously on smartphones or tablets. To ensure the privacy of user data, it is essential to implement memory access control in the crypto hardware. This also applies to human-machine interfaces (for example, in automobiles) with their stringent real-time requirements. High security standards must be met here; when software control modules are processed in parallel, this necessitates strict synchronization of memory accesses. This raises the following important questions:
- When is access to shared storage partitions permitted?
- How can access to these partitions be monitored?
This real-time performance requires microcontroller architectures with the following key features:
- Multicore implementation (multiple CPUs in one microcontroller)
- Crossbar: Multi-master/multi-slave bus matrix
- Global and CPU-local memory implementation
- MPU(s) – Memory Protection Unit(s)
- Crypto hardware for data encryption
Secure data for secure software: Functional safety
The following aspects are essential for data security:
- Storage allocationWhich application gets which storage partitions assigned?
- Memory access controlWho is allowed to read or write to a shared storage partition, and when?
Every read and write access must be monitored during program execution to ensure that only authorized accesses are performed. If prohibited accesses are detected, an error handling routine must be initiated.
Figure 1: Multicore architecture – Access to shared resources via XBAR bus
The Memory Protection Unit (MPU) prevents unauthorized memory access via memory access control. To this end, the developer defines for each part of the application (e.g., for each software task) which program memory can be read and which application data in the data storage and peripheral modules may only be read, only written, or both read and written.Read, Write and Read-Write-Protection). If a program part or task attempts to access a memory area that is not released, the MPU prevents access and calls an MPU error routine (Error Task).
Data as secure as in a safe.
Data encryption is essential for protecting data both in storage and during data exchange between different devices. Applications processing sensitive data must protect their contents from unauthorized access (both in storage and during data transmission) using encryption techniques. This is achieved by employing dedicated Security System-on-Chip (SoC) structures and defining distinct security zones on a microcontroller. These zones are protected by a firewall designed to prevent unauthorized access to the protected area.
The latest multicore architectures offer a hardware security module (HSM) to meet enhanced security requirements, such as those demanded by vehicle manufacturers for increased protection of their systems against manipulation and/or potential hacking attacks. This ensures the safety of occupants and other road users.
Figure 2: Multicore microcontroller with hardware security module – HSM
Within the “secure zone” of a microcontroller, a dedicated CPU processes security applications. This protected CPU has locked memory (ROM and RAM) that the other CPUs and bus masters (such as the DMA module) of the multicore microcontroller cannot access.
That will be absolutely certain High Ssecurity Mmodule (HSM) through, on the one hand, the Crypto hardware module (e.g., Advanced Encryption Standard Module AES) as well as through the True Random Number Generator (TRNG), which has several functions:
- Secure Cryptographic Key Generation
- Secure storage of cryptographic keys (e.g., master keys) in a non-volatile key memory (NVM, e.g., in a data flash module)
- Cryptographic key management
- Processing and management of cryptographic data in secure functions (encryption and signature functions)
Gain the right knowledge to efficiently protect data in this environment – from requirements to implementation.
MicroConsult offers you professional training and coaching on the following topics Multicore microcontroller, Safety, security, requirements engineering, software architecture and much more.
Further information
MicroConsult Training & Coaching on the topic of multicore
MicroConsult Training & Coaching on the topic of Safety & Security
