POLO
  • Products
    • M2351
    • M2354
  • Contact us
  • Buy
  • Introduction
    • Introduction
    • Solutions
    • Nuvoton Experts
    • Partners
  • Technologies
  • Applications
  • Compliance/Standards
    • EU CRA Overview
    • Nuvoton EU CRA Compliance Statement
    • PSA Certification
  • Development
  • Learning Center
    • Tech Blog
    • Video Center
  • Award
  • Tech Forum
    • 2023 Tech Forum
    • 2022 Tech Forum

Nuvoton Security Capabilities

Security capabilities helping customers comply with Cyber Resilience Act (CRA) requirements

Secure Boot

The Nuvoton Secure Bootloader is a bootable code pre-written in the MCU/MPU Mask ROM. It is tamper-proof due to the Read-Only feature of Mask ROM. It an immutable ROM code that executes unconditionally after power on or reset. The secure bootloader verifies the firmware's digital signature to ensure its integrity and the authenticity of the signer.

Algorithm support list

ECDSA-P256/P521/ Ed25519/ RSA-2048/ RSA-3072(depends on different platform)

Digital Signature generation flow

Only the matching public key can verify the signature

Activating Secure Boot flow

The CRA requires devices to ensure software integrity, prevent unauthorized access, and support secure updates throughout the product lifecycle. Nuvoton’s secure boot meets these requirements by establishing a hardware root of trust, verifying all firmware using cryptographic signatures.

Trustzone

Arm® TrustZone creates a secure and non-secure world within a single microcontroller. TrustZone uses memory addresses to divide flash, SRAM, and peripherals into secure and non-secure regions. Allows critical code and data to run isolated from the rest of the system, enhancing overall device security. Nuvoton provides comprehensive examples and application notes to help users get started quickly, understand how to properly configure TrustZone, and perform debugging.

The CRA requires devices to ensure protection against unauthorized access, protecting sensitive data, and minimize attack surfaces through secure design. Nuvoton’s M23/M33/M55/MA35 platforms leverage Arm TrustZone to meet these requirements by providing hardware-based isolation between secure and non-secure domains. This ensures critical assets such as keys and security functions are protected from unauthorized access, supporting CRA Annex I requirements for integrity, confidentiality, and attack surface reduction.

Flash Protection

The MCU platforms have internal Flash memory typically includes APROM, optional Data Flash, LDROM and optional OTP. Protecting embedded Flash memory is essential to secure firmware, sensitive data, and system integrity.

Readout Protection

When the lock configuration is enabled, debugging interface reads will return 0xFFFFFFFF, and writes are ignored

Readout Protection for TrustZone-Enabled MCUs:

Two Level Locks
1. Secure Region Lock (SCRLOCK):
When active, SCRLOCK blocks debug access to secure data while allowing access to non-secure data.
2. All Region Lock (ARLOCK):
When ARLOCK is activated, no Flash regions can be accessed via the debug interface.

eXecute-Only Memory (XOM):

a secure zone of the APROM/LDROM used to save secure application instructions.

Write Protection:

Flash memory—including APROM, Data Flash, and LDROM—is divided into n equal-sized blocks, with write protection configurable for each block independently.

The CRA requires products to prevent unauthorized access, protect software and data integrity, and reduce the risk of tampering. Nuvoton’s Flash Lock, XOM, and Write Protection features help meet these requirements by restricting unauthorized read, execution, or modification of firmware stored in flash memory.

Tamper Detection

Physical attacks are a kind of attacks on microcontroller (MCU) application system, which locks in chip-level vulnerabilities rather than hardware-design-level or software-level weaknesses.
To protect internal secrets, the Tamper Controller monitors intrusion events on IO pins, external clocks (LXT) and voltage sources (VDD and LDO_CAP), reporting event status and initiates event response. In short, tamper detection strengthens device resilience and attack resistance, helping customers build systems that are more robust against physical and fault-based attacks under CRA requirements.

Intrusion events:

1. I/O Pin: unexpected changed status

2. Clock: out of range

3. Voltage: glitch, over/under voltage

4. Temperature: out of range

Secure by Default

Debug Port Management (DPM):

The DPM controls debug interface(SWD) access based on current debug state and supports password-based debug authentication.

Debug state Descriptions
Default Debug is enabled
Locked Debug is permanently disabled
Close Debug is temporarily disabled
Open Debug is temporarily enabled

Product Lifecycle Manager (PLM):

The PLM defines four forward-only stages: Vendor, OEM, Deployed, and RMA. Each PLM stage impacts the use of specific hardware resources. The table below illustrates the effects of each stage

Firmware Version Counter (FVC):

The counter value must always increase, starting from the initial value and progressing to the maximum value which means cannot decrease or reset to initial value. Using FVC to record the version is important and It is helpful to prevent rollback attacks.

The CRA requires products to enforce access control and maintain security throughout the device lifecycle.

Nuvoton secure by default through its DPM, PLM, and FVC features. DPM restricts unauthorized access via debug interfaces, preventing firmware extraction or tampering. PLM defines security states across development, production, and deployment stages, ensuring appropriate protection at each phase. FVC enforces firmware version tracking to prevent rollback attacks by blocking installation of outdated or insecure firmware.

Hardware Crypto and Key Store

Hardware crypto accelerators securely perform encryption, digital signing, true/pseudo-random number generation, and hashing, improving performance while helping meet security requirements. The M2354 series also provides side-channel attack protection for commonly used cryptographic algorithms, including AES, ECC, and RSA. This protection significantly reduces information leakage from power and ground terminals during cryptographic operations, helping prevent attackers from analyzing leaked physical information to recover secret keys.

Hardware crypto support lists
TRNG
  • Generates unpredictable random numbers, providing secure keys and improving protection against attacks.
PRNG
  • Generates random numbers from a secure seed.
  • Enables fast and consistent cryptographic operations while maintaining security.
AES
  • Industry standard encryption and decryption.
  • Multiple cipher modes (ECB, CBC, GCM, CCM, etc.).
SHA
  • Robust hashes (SHA-1, SHA-2, SHA-3 and SM3) to ensure data integrity.
  • HMAC for message authentication.
ECC
  • Efficient cryptographic operations using elliptic curves, supporting NIST curves, Curve25519, and SM2.
  • Including ECDSA signature generation and verification.
RSA
  • Asymmetric encryption for secure key exchange.
  • Optimized with CRT for decryption.
PQC
  • FIPS 203
  • FIPS 204
  • FIPS 205

In certain MCUs, Crypto is paired with a Key Store (KS) for key management and retrieval, offering side-channel protection capabilities. The Key Store manages cryptographic keys stored in secure storage. Before shipment, relevant keys can be securely provisioned into the Key Store. During operation, the crypto engine can directly access and use these keys from the Key Store, reducing the risk of key exposure during CPU read/write operations.

It provides key management functions, including key storage, generation, access control, erasure, and revocation, for keys stored in SRAM, flash memory, and OTP.

Nuvoton’s hardware crypto accelerators help customers implement strong security functions such as encryption, hashing, digital signature verification, secure boot, and secure firmware updates with better performance and lower software exposure risk. The Key Store securely protects cryptographic keys and allows the crypto engine to use them directly, reducing the chance of key leakage during CPU access or memory handling. Together, these features help customers meet CRA requirements for data confidentiality, integrity protection, authentication, secure updates, and protection of critical assets.

Mbed TLS Support

MbedTLS is a C library that implements X.509 certificate manipulation and the TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.

The CRA requires products to protect data confidentiality, integrity, authenticity, and support secure communication/update mechanisms throughout the lifecycle. Nuvoton BSP integrates MbedTLS, which provides cryptographic primitives, X.509 certificate handling, TLS/DTLS protocols, and is suitable for embedded systems due to its small footprint. In addition, Nuvoton provides Crypto Accelerator integration for MbedTLS, including AES, CCM/GCM, RSA, ECDSA/ECDH, SHA-256, and TRNG-related modules. Therefore, developers can more easily build CRA-aligned security functions such as encrypted communication, secure firmware verification, digital signature validation, key exchange, random number generation, and data integrity checking. This helps products meet CRA expectations for secure-by-design implementation, protected communications, trusted updates, and protection of sensitive data.

MCUboot

MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a common infrastructure for the bootloader and the system flash layout on microcontroller systems, and provides a secure bootloader that enables easy software upgrade.

Nuvoton MCUs integrate the MCUboot architecture to meet these requirements by enabling cryptographically verified firmware updates and a secure boot process. MCUboot ensures that only authenticated images are executed, while supporting features such as image signing, version control, rollback protection, and dual-image (A/B) update schemes. These capabilities align with CRA Annex I requirements for secure update mechanisms, integrity protection, and system recovery, helping developers build secure and resilient embedded systems.

TSI

TSI stands for Trusted Secure Island and is part of the MA35D1 SoC. Its purpose is to provide secure encryption and key storage services. In the MA35D1, the TSI operates as an independent subsystem and runs separately from the Cortex®-A35 main system. By enforcing strict isolation, secure key usage, and trusted execution of security functions, TSI helps meet CRA requirements for protection against unauthorized access

Secure platform selection and Documents

Microcontrollers

Secure Boot
TrustZone
Flash Protection Crypto Accelerators
PRNG
TRNG
Key Store
Tamper Controller
DPM
PLM
FVC
XOM
Write Protection
Two level Locks
Secure Conceal
DES/3DES
AES
SHA
HMAC
ECC
RSA
Tamper Pin
Vol. Sensor
Clk. Monitor
M2351 ●●●●●●●●●●●●
M2354 Security Standards Support
●●●●●●●●●●●●●●●●●●
M3331 ●●●●●
M55M1 ●●●●●●●●●●●●●●●●●
M261 ●●●●●●●●●
M262 ●●●●●●●●●
M263 ●●●●●●●●●
M2L31 ●●●●●●●●●
M463 ●●●●●●●●●●●●
M467 ●●●●●●●●●●●●

Microprocessors

TSI
Secure Boot
TrustZone
Crypto Accelerators
PRNG
TRNG
Key Store
Tamper Controller
DPM
PLM
FVC
DES/3DES
AES
SHA
HMAC
ECC
RSA
Tamper Pin
Vol. Sensor
Clk. Monitor
MA35D1 ●●●●●●●●●●●●●●●
MA35D0 ●●●●●●●●●●●●●●
MA35H0 ●●●●●●●●●●●●●●
NUC990 ●●●●●●●●●

Documents

NuMicro® M2351
M2351_TrustZone_Program_Development
M2351_XOM_Configuration_Manual
M2351_Trusted_Boot
NuMicro® M261 / NuMicro® M262 / NuMicro® M263
M261_XOM_Configuration_Manual
M261_Trusted_Boot
NuMicro® M2354
M2354_TrustZone_Program_Development
Non-invasive Physical Attack Detection on M2354
M2354_XOM_Configuration_Manual
M2354_Trusted_Boot
NuMicro® M2L31
M2L31_Secure_Boot
NuMicro® M467 / NuMicro® M463
M460_Secure_Boot
NuMicro® M55M1 / NuMicro® M5531
M55M1_M5531_Secure_Boot
NuMicro® MA35
MA35_Secure_Boot
MA35_PLM
Copyright ©2008-2026 Nuvoton Technology Corporation