SAM L10/L11 Global Safety and Secure Features
Safety & Security Feature Overview
The SAM L10/L11 MCU family takes an innovative approach by integrating chip-level security features to help protect applications from both physical and remote attacks. This enables you to develop secured applications supported by a comprehensive security solution framework to simplify the implementation of security. IoT nodes driven by a SAM L11 provide strong resistance to remote software attacks thereby increasing the reliability and avoiding downtime of the critical functions of the nodes. Furthermore, the combination of security offered by TrustZone® for ARMv8-M and additional hardware-enforced security will help protect from cloning and intellectual property theft.
Features
- Up to four tamper pins for static and dynamic intrusion detection
- Data Flash
- Optimized for secrets storage
- Address and Data Scrambling with user-defined key (SAM L11)
- Rapid Tamper erase on scrambling key and on one user-defined row
- Silent access for side-channel attack resistance
- TrustRAM
- Address and Data scrambling with a user-defined key
- Chip-level tamper detection on physical RAM to resist micro probing attacks
- Rapid Tamper Erase on scrambling key and RAM data
- Silent access for side-channel attack resistance
- Data remanence prevention
- Peripherals
- Peripheral Access Controller (PAC)
- One True Random Generator (TRNG)
- AES-128, SHA-256, and GCM cryptography accelerators (SAM L11)
- Secure pin multiplexing to isolate on dedicated I/O pins a secured communication with external devices from the non-secure application (SAM L11)
- TrustZone for flexible hardware isolation of memories and peripherals (SAM L11)
- Up to six regions for the Flash
- Up to two regions for the Data Flash
- Up to two regions for the SRAM
- Individual security attribution for each peripheral, I/O, external interrupt line, and Event System Channel
- Secure Boot with SHA-based authentication (SAM L11)
- Up to three debug access levels
- Up to three ChipErase commands to erase part of or the entire embedded memories
- Unique 128-bit serial number
- SAM L11 Secure key provisioned in hardware ('KPH' option) (SAM L11)
- Key Provisioning using Root-of-Trust flow
- Security Software Framework using Kinibi-M™ Software Development Kit (SDK)