we are currently evaluating to use Pelion Device Management in our product. At the moment we are planing a custom board using the STM32H743 which is supported by mbed. After reading the Client hardware requirements for Mbed OS which can be found in the Pelion Device Management docs I have a few questions regarding the security aspect.
I did the Pelion Device Management Quick Start Guide and most of the boards listed there don’t seem to have a chip like the ATECC608A.
The STM32H743 has a TRNG. On-die flash for the root of trust is also available. I am not sure what would be needed for secure boot.
If a Cryptographic processor and Hash processor are recommended we could also switch to the STM32H753.
Lastly is a 32.768 kHz clock recommended for the Real Time Clock or would the internal 32 kHz clock also be sufficient for use with Pelion Device Management?
I’ve pinged our support team as well, but as far as I know TRNG and hardware Root of Trust are enough for normal Pelion DM functionality. However, for trusted boot you’ll indeed need a secure element like the ATECC608A. Having the ATECC608A also gives you a hardware crypto accelerator which saves on memory usage, but typically Pelion DM boards are capable enough to do this in software.
In addition you can take more security measures such as separation between trusted and untrusted code as we describe in PSA which requires additional hardware (either Cortex-M23/M33 with TrustZone-M or dual v7-M architecture), but we don’t have a reference design integrated with Pelion DM (yet!).
Lastly is a 32.768 kHz clock recommended for the Real Time Clock or would the internal 32 kHz clock also be sufficient for use with Pelion Device Management?
Good question. I don’t think the RTC is required, as long as you set the PAL_USE_HW_RTC to 0.
Thanks for the fast reply and further information on security measures
If I understand correctly these features could also be provided by the STM32H75x series. According to the Introduction to STM32 microcontrollers security it has a secure area and a hardware crypto accelerator. Would that be enough for trusted boot or would the ATECC608A still be needed?
Reading the app note that should indeed be the case. I only have experience with the ATECC608A for secure boot, but it’s not the only solution of course!
Hi TimoK90,
The selected board indeed has sufficient HW capability to run Pelion Device Management Client and can also be taken up for production purposes. As Jan pointed out having secure element and crypto accelerator optimize some of the memory space and speed issues, Pelion Client has software module to support those in case HW is missing those capabilities. Also, when going forward to Production mode, Pelion Client also provides factory tools that can inject external entropy and RoT through our factory injection tools so you can add additional security elements into your HW and not just trust on HW’s own security features.
Additional security chip is an add-on benefit but not mandatory for running Pelion Device Management Client securely.
