Information Security Overview

Top Picture

Information Security Overview

Overview

With the rapid growth of IoT and smart devices, information security has become increasingly critical. True system security requires end-to-end consideration — from cloud services and data transmission channels to edge devices and end products — where each component must incorporate appropriate security measures. Especially for resource-constrained devices, limited processing power or cost constraints should not make them the weakest link in the system’s security chain. Ameba Trust is a security solution developed in this context to help customers integrate robust security capabilities early in the product design phase. It leverages the hardware security features of Ameba MCUs and supporting ecosystem resources to simplify the implementation of security functions and enhance the overall trustworthiness and reliability of the system.

Ameba Trust is an information security architecture designed for embedded devices, providing full-chain protection from chip boot-up to application runtime. It integrates core capabilities including secure boot, trusted execution environment (TEE), secure storage, and key management, aligns with common industry security standards, and allows flexible activation of required security features based on specific application scenarios.

Ameba_Trust

Typical security requirements include:

  • Secure Boot
  • Secure Firmware Update
  • Code Protection
  • Secure Storage
  • Cryptographic Engine
  • Security Isolation

Secure Boot & Secure Update

Ameba provides a reference implementation for secure boot and secure firmware update based on the Arm TrustZone security architecture, targeting Cortex-M (v8-M) processor platforms. The solution leverages the MCU’s hardware security capabilities to ensure a single, immutable boot entry point and protect boot code from tampering. Key features include:

  • Support for multiple cryptographic algorithms and signature schemes
  • Provided signing and firmware packaging tools
  • Support for single-image and dual-image update modes
  • Validated through third-party security assessments (e.g., PSA Certified Level 2)
Ameba_Secure_Boot

For more details, see Secure Boot and OTA Firmware Update.

Code Protection

To prevent unauthorized extraction of firmware code through debug interfaces, Ameba chips support key-based locking of debug functionality. It is recommended to restrict debug access in mass-produced devices using this mechanism, with the option to permanently disable debug interfaces for either the Secure World or Non-Secure World. Newer Ameba series further support disabling all debug access by default at power-on, and only enabling debug permissions for specific domains on-demand after successful Secure Boot verification — balancing development flexibility with runtime security.

Debug Port Access Control
  • Password-protected access control
  • Optional permanent disable of debug interface
  • Authorized access enabled after secure boot
Flash Memory Data Protection
  • Real-time decryption of encrypted code and data in Flash
  • No software decryption required; encrypted code can execute directly
  • Independent keys for multiple firmware regions
  • Unique encryption key per device

When code or data is stored in internal or external Flash, Ameba chips provide transparent runtime decryption via the RSIP (Runtime Secure Image Protection) hardware module. Positioned between the bus matrix and the SPI controller, RSIP automatically decrypts data when the CPU or DMA accesses encrypted regions — without software involvement or preloading into internal RAM — enabling direct execution of encrypted code from Flash. The Flash memory can be partitioned into multiple regions, each protected by an independent key.

Firmware encryption is performed using the chip’s integrated symmetric cryptographic engine, with encrypted images written to Flash (typically via an internal RAM buffer). Keys can be uniquely generated per device and are hardware-protected, accessible only by the cryptographic engine. Note: RSIP provides transparent decryption only during read operations and does not support real-time encryption during write operations.

For more details, see Flash Decrypt On-The-Fly and SWD Protection.

Secure Storage

Sensitive data must be encrypted when stored, and the secure storage and controlled use of the encryption keys themselves are critical to overall protection. Ameba chips address different threat types through the following mechanisms:

  • Protection against external attacks: Debug port access control and chip lifecycle management (e.g., locking debug permissions from development to mass production) prevent physical extraction.
  • Protection against internal software attacks: Hardware isolation mechanisms (such as Arm TrustZone or secure memory regions) ensure that even if software vulnerabilities exist, sensitive data cannot be accessed by unauthorized code.

Ameba achieves secure and controlled key storage through hardware-software co-design, with the following capabilities:

  • OTP protection: By configuring security option bytes, multiple keys can be permanently locked in one-time programmable (OTP) memory — rendering them unreadable and unwritable thereafter. Certain OTP regions are accessible only from the Secure World.
  • Isolated key usage: The cryptographic engine can use locked OTP keys to perform encryption and decryption, but the keys themselves are never exposed to software or external interfaces.
  • Hardware Unique Key (HUK) support: Each chip has a unique HUK accessible only during the ROM boot stage, used to derive runtime keys. The HUK is hardware-locked after the ROM phase and cannot be accessed again.
  • Secure state isolation for cryptographic engine: The hardware cryptographic engine distinguishes between secure and non-secure states. Application code in the Non-Secure World cannot control hardware operations in the secure state, ensuring protected key usage.
  • System-level protection via TrustZone: Supports Arm TrustZone architecture to leverage hardware-enforced system isolation for key protection. It can also integrate with the Trusted Firmware-M (TF-M) software framework to provide standardized secure storage services.
Ameba_Secure_Storage

For more details, see OTP and HUK.

Cryptographic Engine

Ameba series chips provide software support for mainstream cryptographic libraries, enabling development of applications that comply with different security standards:

  • Mbed TLS: A lightweight open-source cryptographic library supporting TLS/DTLS and widely used international algorithms. Ameba includes hardware acceleration support. Learn more in the official documentation.
  • GmSSL: An open-source toolkit implementing China’s commercial cryptographic standards, including SM2 (public-key encryption/signature), SM3 (hash), SM4 (block cipher), SM9 (identity-based cryptography), and ZUC. Learn more on the project website.

On the hardware side, Ameba chips integrate dedicated modules for HASH, AES, and a true random number generator (TRNG). They also include a hardware asymmetric cryptography engine capable of efficiently performing RSA (up to 3072-bit) and ECC (256-bit) operations. The RTL8721F further supports RSA (4096-bit) and ECC (512-bit), and includes countermeasures against timing attacks, simple power analysis (SPA), and differential power analysis (DPA). Its cryptographic implementations have been validated under the NIST Cryptographic Algorithm Validation Program (CAVP).

Ameba_Crypto

For more details, see TRNG, Symmetric Encryption, and Asymmetric Encryption.

Security Isolation

Purpose of isolation mechanisms:

  • Protect the system against attacks: Isolation primarily mitigates logical attacks — especially when unpatched software vulnerabilities exist. By restricting access between different software components, critical resources remain protected even if one component is compromised.
  • Enforce differentiated access rights: Isolation policies assign resources to different privilege levels. Software running in different states has distinct access permissions; for example, critical resources such as memory and peripherals are accessible only to authorized code, preventing malicious software from accessing sensitive data or performing unauthorized operations.
Ameba_Isolation

Isolation features in Ameba MCUs:

  • MPU unit: All Ameba MCUs include a Memory Protection Unit (MPU) or equivalent functionality, enabling division of memory into multiple regions with configurable access attributes. Combined with the processor’s User and Privilege modes, it provides effective control over critical resources.
  • TrustZone: System resources — including memory and peripherals — are classified as either secure or non-secure. Code executes in either a secure or non-secure state, with access to resources strictly governed by their security attribute.
  • Hardware isolation controllers: The Memory Protection Controller (MPC) and Peripheral Protection Controller (PPC) enforce protection at the physical bus level for memory regions and peripherals marked as secure.

Through these mechanisms, Ameba MCUs not only support fundamental security functions — such as secure key storage and cryptographic operations — but also enable more advanced use cases, such as execution of authentication algorithms.

Ameba_Isolation_Ameba

For more details, see Memory Management, TrustZone, and TrustZone Image Protection.

Development Resources

SDK icon SDK Download Link
Doc icon FreeRTOS Security Guide Link
Contact icon Contact Us Link


Recommended ICs

Features RTL872xD RTL8721Dx RTL8721F RTL8720E RTL8710E RTL8726E RTL8713E RTL8730E RTL8735B Comment
Symmetric Encryption Engine
Asymmetric Encryption Engine / /
Secure Boot
Flash OTF Decryption
Arm TrustZone®-M / /
EFUSE Secure Storage
True Random Number Generator /
HUK Derivation Mechanism /
Authenticated Debug Access