Alif Semiconductor has introduced a new advanced on-chip security solution. Particularly, the unique security architecture brings together a combination of innovative technologies. This includes an integrated Secure Enclave with its own resources.

In addition, the solution comes with a highly configurable secure firewall structure, multiple general purpose, and neural processing cores with secure communication between them. Moreover, it has in-factory creation of unique device key pairs within every device.

Alif leverages all these elements to secure the next wave of deployed Edge devices. Advanced processing, including artificial intelligence and machine learning (AI/ML), are helping power them.

Bullet-Proof Security Baseline

The Secure Enclave, standard in every device of the Ensemble family, is an isolated subsystem for management of vital security functions. Namely, secure key management and storage, secure boot with an immutable Root-of-Trust, attestation at run-time using certificates, and hardware cryptographic services. Also included are secure debugging, read-out protection, secure firmware updates, power management, and complete lifecycle management.

A solid foundation of trust is essential to make security functions effective. During manufacturing, the Secure Enclave on every Ensemble device establishes the required trust foundation. Specifically, by creating and storing unique device key pairs internally which can be used to identify and authenticate each device, eliminating the need for external equipment such as a Hardware Security Module (HSM) to inject the keys. The result – every device and every customer can set up a chain of trust from the network to the device. Particularly, by design, without introducing any complex, risky, or costly third-party dependencies to inject secrets. This is true even after the deployment of end-products in the field.

Going Beyond the Baseline

The Alif Ensemble family scales from single-core to a new class of multi-core devices. They combine up to two Cortex-M55 MCU cores, up to two Cortex-A32 microprocessor cores capable of running high-level operating systems, and up to two Ethos-U55 microNPUs for AI/ML acceleration.

For each CPU core, developers may allocate any portion of memory, or any individual peripheral, either shared or separated, using the Secure Enclave. This is because of its unique firewall mechanism.

Not only does this grant great flexibility to the developer but also infuses a high level of system security. Particularly, with durable separation of resources between multiple processing subsystems as well as secure and non-secure operations.

This extends security well beyond the capabilities of traditional Arm TrustZone, which has been optimized for single-core operation.

The Secure Enclave itself will always boot from a known good ROM image. Thus, allowing it to validate that no other parts of the system have been maliciously interfered with before allowing code to begin executing on any of the application cores.

What this Means for Alif’s Customers

Affordable solid security. Ensemble devices bring robust and sophisticated security measures inside the chip.

Life cycle management. The Secure Enclave ensures one-way progress through the life cycle of the chip and the end-product. That is, from manufacture, to development, to deployment, to maintenance, to retirement. This blocks cloning, rollbacks, malware, and IP theft.

Security standards. Most importantly, Alif Semiconductor has taken an ambitious and proactive stand on forward-looking security requirements. For that reason, providing customers a coherent security posture for the applications, deployments, and life cycle management.