Why there is a se50 while MPU has trustzone?

Showing results for 
Search instead for 
Did you mean: 

Why there is a se50 while MPU has trustzone?

Contributor I

Hi , I have a question when I learnt through Advance your IoT Security Leveraging Hardware Protected Keys on Microcontrollers | NXP .

It says we need a se50 or other secure element to achieve highest level of security even if the MPU has TrustZone.

Why there is a se50 while MPU has trustzone? Thank you.

0 Kudos
1 Reply

NXP TechSupport
NXP TechSupport

Hi Wei,

One of the measures for increasing the robustness of IoT designs is the addition of a security as an isolated closed system in addition to the Host controller. that's why we recommend the security IC like SE050 for that purpose..
This security IC provides a protected access to device keys since those keys never leave this tamper resistant IC.
It prevents the insertion of counterfeit devices by allowing the secure storage of the credentials used to verify the authenticity and proof-of-origin of the device. It also enables trusted and authenticated connections with the cloud by securely storing the keys used to establish a TLS encrypted link.
In addition, this security IC can also contributes in limiting (mitigating) the attack scope of:
-Potential software bugs, by preventing device credentials from being compromised.
-Malicious code execution, by providing root of trust of the public key used to verify the signed code binary (run-time protection).
-Data leakage, by enabling an encrypted TLS connection with the keys securely stored in the IC.
Therefore, the level of security depends on how secrets are generated, stored, and handled.

Hope that makes sense,

Have a great day,

- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

0 Kudos