To protect and isolate security functions critical to device operation, we equip many of our latest generations of MCUs, MPUs and crossover processors with a dedicated security unit, called the EdgeLock Secure Enclave. Physically isolated from the rest of the SoC, the EdgeLock Secure Enclave has its own CPU core and its own memory. It protects SoC integrity, prevents application cores from gaining direct access to sensitive data, and provides enhanced isolation for execution of critical and sensitive security functions. It also provides an extra layer of protection beyond what’s provided by standard Trusted Execution Environments (TEEs).
The EdgeLock Secure Enclave empowers OEMs to simplify and streamline the deployment of security in industrial and consumer IoT products, enabling access to regulated markets and to build resiliency.
| Benefits | Details |
|---|---|
| Key Security Functions | Providing support to a broad set of essential and foundational security functions, including secure boot, device attestation, authentication, secure debug, secure firmware update, secure connect, device lifecycle management, data protection, software (IP) protection, and more. |
| Enhanced Device Protection | Having a dedicated security unit that runs independently of application cores and memory provides a higher degree of isolation based on physical separation, more secure for critical and sensitive security functions. |
| More On-Chip Resources | Offloading cryptographic operations to a dedicated security unit frees up resources on application cores and memory, and makes the design of time and performance sensitive applications easier. |
| Faster Certification | Faster Certification A silicon-based root of trust facilitates compliance to IIoT standards and regulations, such as IEC 62443, US Cyber Trustmark and the Cyber Resilience Act, and simplifies certification maintenance. |
| Easier Lifecycle Maintenance | EdgeLock 2GO cloud service enables secure updates of root-of-trust credentials, without having to invest in and maintain an infrastructure for key management. |
| Secure Manufacturing | Secure Manufacturing Increasing control over supply chain in untrusted production environment through secure software and credential installation (even for flash-less processors). |
| Lower Development Costs | Security at the chip level minimizes the need for protection mechanisms applied at equipment level such as secure facilities with access controls, surveillance systems, alarms or tamper-evident seals or coatings to detect if a device or enclosure has been tampered with. |
The EdgeLock Secure Enclave is available in two capability profiles – Core and Advanced – designed to deliver scalable security across our edge processing portfolio. The Core Profile provides essential security for constrained, lightweight devices. For more robust edge processing platforms, the Advanced Profile offers enhanced features. This approach ensures scalability optimizing security deployment across a diverse range of IoT devices.
| Features | Core | Advanced |
|---|---|---|
| Crypto Services, TRNG | ||
| Secure Key Store | ||
| Device Unique Identity and Keys | ||
| Device Attestation | ||
| Secure Connections | ||
| Key Management OTA (EdgeLock 2GO) | Optional* | |
| Enclave FW/Crypto Updatability | Optional* | |
| Runtime Device Protection | - | |
| Integrated typically on |
(constrained and lightweight devices) |
|
| Supported Devices |
Native integration of NXP’s EdgeLock 2GO key management platform in the EdgeLock Secure Enclave means OEMs can use our service to securely add, remove, and update keys and digital certificates, at every point in the device life cycle, from manufacturing to end of life. Devices stay current with evolving security regulations, even after they’re sold and put in service, and there’s no need to build and maintain an in-house key-management infrastructure. The integration is or will be available on MPUs and most MCUs featuring an EdgeLock Secure Enclave.
Protecting sensitive information at every endpoint requires smart security that you can count on. Designed to meet industry standards, NXP products in the EdgeLock Assurance program follow proven security development processes and verification assessments – from product concept through release.
