Embedded Trust details

Embedded Trust

Complete, streamlined security configuration 

Embedded Trust provides a Security Development Environment for developing a full range of security functions, including creating unique device identities, secure application development and manufacturing mastering.

The Embedded Trust assisted setup simplifies the configuration of security, from the root of trust and key storage on your secure device, to the creation of security profiles and projects. It enables customization of the secure boot manager to achieve the level of security suitable for your product. Thanks to its scalability, you can achieve a standardized workflow for different classes of devices, from multiple vendors.

Integrated identity and certificate management

Identity is at the center of secure systems, providing authentication, authorization, non-repudiation and confidential communications. It is also at the center of the product value, defining ownership and providing a guarantee of the product’s origin in a secure supply chain.

Embedded Trust integrates an identity and certificate configurator. It enables you to define how your certificate hierarchies will span across multiple product ranges, whilst enabling the creation of a product device framework which can be dynamically resolved and injected at manufacturing time. The system enables a wide array of functionality, including separate development and manufacturing certificate frameworks, certificate revocation lists, and dynamic mapping of existing certificate structures.

Scalable Secure Boot Manager

A robust Root of Trust is essential in every connected device, providing low-level secure services and foundation update management. The configurable Secure Boot Manager functionality within Embedded Trust leverages secure device hardware and is configurable from a small trusted core, through to a powerful set of execution, management, and update functions operating below the RTOS or application. This configurable security ensures that trust can be applied also to cost-sensitive and resource-limited secure devices.

Secure deployment with integrated manufacturing mastering

Once an application has been created, Embedded Trust can be used to master it. The mastering process enables the transition from developer certificates to formal manufacturing certificates, inhibiting early firmware leakage. The code is signed and encrypted for the target device, ensuring that malware cannot be appended and that the code will only execute on the target devices. The application code is then delivered to the device fully encrypted, and decrypted in place on the device, ensuring that it is never transmitted in the open.

To extend the scope of use into volume manufacturing, Embedded Trust integrates with the full Secure Deploy framework from Secure Thingz, enabling secure provisioning, programming, manufacturing and device updates.

Release management with versioning and update infrastructure

Lifecycle management, versioning, and update strategies are major issues as IoT devices evolve multi-decade lifecycles. Companies can no longer just ship devices, but must evolve multi-year support releases, with the challenges this delivers. Embedded Trust integrates version management and update management into the development flow, ensuring that updates can be easily released and that lifecycle management is not a lifelong burden.

Embedded Trust and C-Trust are developed jointly by IAR Systems and Secure Thingz, a global domain expert in device security, embedded systems security, and lifecycle management.

© IAR Systems 1995-2019 - All rights reserved.

We use cookies on this website to provide you with a better experience. You need to accept cookies to continue using this site. Cookies