The IoT Era Foundation is Security

The rise of the internet of things era has increased awareness for the integration of the physical world into digital systems. While the digitization of our everyday lives led to efficiency improvements and economic benefits, it has also placed pressure on systems designers who are now required to come up with innovative IoT products capable of performing secure connection and data exchange while maintaining low power consumption. Recognizing that both security and energy efficiency are critical for IoT application, Nuvoton has introduced a range of microcontrollers designed to meet these demands. This portfolio includes the NuMicro® M235x Series, M2L31, M46x Series and M55M1, all of which are well-suited for powering the next generation of intelligent, connected devices.

A Range of IoT Security Technologies

The NuMicro® Family series, including the products mentioned above, integrates a broad range of security technologies to strengthen overall system security. These technologies can be grouped into several key areas:

  1. Boot and Runtime Protection
    • Secure Boot verifies the firmware’s digital signature to ensure that the firmware loaded during startup is complete and unaltered.
    • The Memory Protection Unit (MPU) and TrustZone® create isolated SRAM and flash regions to run applications with different privilege and security levels, thereby protecting critical code and data from unauthorized access.
    • Flash memory protection features include Readout Protection (lock bits), which prevents unauthorized access to or modification of firmware stored in internal flash memory. In addition, mechanisms such as eXecute-Only Memory (XOM), Write Protection, and Secure Conceal enable designers to define flash memory blocks with specific access controls, such as execute-only, read-only, or hidden, protecting critical data and firmware from being copied, modified, or read.
  2. Encryption and Key Security
    • Hardware Crypto Accelerators support AES, RSA, ECC and SHA algorithms, enhancing encryption performance and strengthening overall security.
    • Random number generators include True Random Number Generators (TRNG) and Pseudo-Random Number Generators (PRNG). A TRNG produces unpredictable random numbers that can be used to derive cryptographic keys and generate nonces for cryptographic operations, enhancing security against attacks. A PRNG generates random numbers from a secure seed, enabling fast and consistent cryptographic operations while maintaining strong security.
    • Key Store (KS) stores and manages encryption keys in secure storage such as SRAM, flash, or OTP memory. When a key is needed, KS retrieves it directly from secure storage and transfers it to the crypto accelerator, minimizing any risk of key exposure.
  3. Tamper Detection and Incident Response
    • The tamper detection sensors can detect abnormal behaviors and trigger protective responses. These sensors include an I/O Tamper Detector, which detects unexpected changes in I/O pin status; a Clock Detector, which monitors whether the clock frequency goes out of range; and a Voltage Detector, which identifies sudden spikes, over-voltage, or under-voltage on the power line. If a tamper event is recorded, the hardware can immediately respond by clearing sensitive data, such as RTC spare registers and keys in the Key Store, or by restarting the system to prevent further damage or data leakage.
  4. Lifecycle Management and Debug Control
    • The Product Lifecycle Manager (PLM) ensures that critical data loaded into the microprocessor such as firmware, keys, and certificates, receives appropriate access control based on the microprocessor's current lifecycle state, thereby preventing data leakage.
    • Debug Port Management (DPM) prevents unauthorized access to the microcontroller’s internal resources via the debug port, protecting against potential security vulnerabilities. It also supports password-based authentication, ensuring that only authorized users can enable the debug port when needed, while preserving flexibility for product maintenance.
    • The Firmware Version Counter (FVC) securely stores the current firmware version, allowing the update program to compare version numbers and block the installation of older or less secure firmware, thereby protecting against rollback attacks.

These security features, each serving a specific function, work together to provide a robust and comprehensive foundation for protecting the entire system. The following is a brief summary of all NuMicro® IoT Security Technology.

MCU System Security
Secure Boot
Secure Bootloader in ROM with Driver APls
Device Identification
Unique ID, Customer Unique ID
Isolation
TrustZone-M, TrustZone-A, Peripheral Privileged Mode, Trusted Security Island (TSI for MPU)
Flash Memory Protection
Read/Write Protection, eXecute-Only Memory (XOM), Dual-Bank with Bank Swap
Tamper Detection and Countermeasures
Tamper Detection Pins, RTC Domain Backup Registers, Clock Detector, Voltage Detector
Chip-Level Security
Temperature Sensor, Clock Function Monitor, Voltage Glitch Detection
Crypto Security
TRNG, Hardware Accelerators, Secure Storage
TRNG, DES/3DES, SHA, AES, RSA, ECC, Power Side-Channel Attack Mitigation for AES/RSA/ECC, Secure Key-Store, China SM2/SM3/SM4
Product Lifecycle Security
Product Lifecycle Management
Booting Status Monitor, Lifecycle Management, Firmware Version Counter
Secure Debug
Debug Authentication (temporarily unlock), Debug Port Management (DPM)
Software and Service
Product Lifecycle Management
Security Reference Software and Provisioning Key Generation Tool, Firmware Image Signing Tool, OTA Update, Key/Certificate Provisioning Service  
























Easy to Implement, Easy to Develop

Being committed to providing an easy development experience, Nuvoton offers a wealth of resources to support for assurance of IoT Security. For software Integrated Development Environment (IDE) selection, Nuvoton supports development with Arm® Keil MDK, IAR Embedded Workbench for Arm® and GCC. In addition, Nuvoton and Arm provide software developers with the free-to-use Keil® MDK Nuvoton Edition – Full Cortex®-M, a professional tool suite for commercial use that supports all Nuvoton devices based on Arm® Cortex®-M processor cores, including the Cortex®-M0, M0+, M23, M33, M4, M55, M7, and M85.

For supporting tools, the M235x Series provides helpful utilities to aid project progress. For example, the TrustZone® Template Generator assists with security state planning and secure firmware building, while the CryptoTool supports the cryptographic requirements of M235x Series, including key generation, key exchange, signature signing, encryption and decryption.

Nuvoton also provides native and third-party libraries to support project development. Examples include NuSMP (Nuvoton Secure Microcontroller Platform), which integrates security technologies for developing security applications; RTOS (Real-Time Operating System) for IoT solutions; and SEGGER emWin for building interactive interfaces. In addition, application notes, sample codes, and training videos for each technology are available for developers to access and reference.