Roots of Trust for Edge-Based Solutions: Q&A with Avnet
What goes into offering a secure foundation for connected devices?
Editor’s Note: In November Avnet, Inc. released an add-on module, the Infineon TPM V1.2 Peripheral Module, and reference design for its MicroZed™ Industrial IoT Kit. Following the announcement, EECatalog e-mailed a few questions to Avnet’s Jim Beneke, the company’s Vice President, Global Technical Marketing.
EECatalog: What should embedded designers and developers know about the functionality the Peripheral Module lends to the Industrial IoT Kit?
Jim Beneke, Avnet: Awareness of the importance of security in connected devices is growing every day. It doesn’t matter what market or application your product is targeting, if it’s connected, security is becoming a requirement. The Infineon TPM solution offers developers the most basic hardware-based roots of trust for any edge-based solution. Security is not a problem that is solved by one device at one location. It’s something that must be addressed at multiple points and layers in the system. The TPM provides the secure hardware and storage for implementing boot measurement, key storage, and cryptographic algorithms at the edge devices. It offers the secure foundation upon which additional layers of security can be built within the edge device and the entire system.
In releasing a security Pmod for its MicroZed Industrial IoT Kit, Avnet noted that designers can use the Pmod to investigate a number of security options, such as those which factory automation, smart cities, smart grid and health care applications require. [Source: Fotolia]
EECatalog: What steps were taken to assure that the trade-offs needed to keep the cost of the security peripheral module low did not mean compromising security?
Beneke, Avnet: Avnet’s goal in offering the MicroZed IIoT Kit is to enable designers that are developing next-generation, cloud-enabled industrial platforms, with a low-cost, expandable development system that will speed their development efforts. In introducing the TPM Pmod for enhanced security capabilities, we want to make it as easy as possible for those same designers to prototype with the Infineon TPM solution.
The base MicroZed IIoT kit was designed for expandability, with the Pmod and Arduino expansion connectors provided for easy connectivity into the MicroZed and Zynq processing system. We simply leveraged this capability by offering the Infineon TPM solution in a small, postage-stamp-size Pmod form factor. The standard SPI interface between the TPM and Zynq devices was easily implemented using the 2×6 Pmod connector format. There were no compromises made in terms of security. By simply plugging the TPM module into the MicroZed IIoT kit, designers instantly get access to all the benefits that the TPM offers.
Keep in mind that this kit and the TPM Pmod is not something that designers would use as-is in production. It serves as a development and prototyping platform that offers easy migration to a production ready system, given the MicroZed system on module (SOM) approach. By using the MicroZed SOM as the basis of the system, 100 percent of the designer’s software can be developed using the kit and then transferred to their production platform with zero changes. What is more likely to happen is that developers would design their own carrier card or baseboard that includes the TPM device on it, along with other application-specific interfaces, plug the MicroZed SOM into that carrier card, and instantly have a secure, production IIoT product.
EECatalog: Are you seeing that the reasons for choosing a commercially backed kit versus a DIY or Maker kit have changed?
Beneke, Avnet: I think the DIY or Maker movement has helped all developers due to the increased recognition that low-cost development platforms are important and necessary tools for OEM developers as well as Makers. The advantage in choosing a more commercially backed kit like the Avnet MicroZed IIoT kit are many: it’s built using products that have long term product life cycles; it offers industrial temperature ranges; it includes support from Avnet’s global network of sales and field application engineers, and it has the support and backing of industry leading suppliers like Xilinx and Infineon. In addition, Avnet has partnered with Wind River to include its Pulsar Linux software as the basis of the software environment for the Zynq processing system. Developers can rely on the availability of long term maintenance and security updates to the Linux kernel, which is critical for commercial grade products.
EECatalog: What goes into avoiding a kit that is overkill for what embedded hardware and software designers need now, and at the same time, avoiding the other extreme—a kit too bare bones for what is needed?
Beneke, Avnet: The modular design and expandability that Avnet offers with the MicroZed IIoT kit enables developers to add features as their requirements grow or change. The base platform provides the core of what designers need to start their development, and through add-ons like the TPM module, more features can be added. This approach addresses the needs of a broad base of customers while not targeting a specific application with fixed functionality that may not be needed by others outside of that space.