How to Design Secure Low-Power Edge IoT Devices using Silicon Labs PG23 MCUs

Designers across a range of consumer and industrial edge Internet of Things (IoT) applications, from light switches, meter readers, and smart locks to solar inverters and security panels, need to find a suitable balance of high performance and low power—particularly for battery-powered designs—while also ensuring their implementations are secure. In many instances, the foundation of such designs is a microcontroller (MCU), so the designer must carefully consider which one to use.

Along with solid support for security, factors to consider include processor core performance, efficiency, peripheral and I/O support, overall form factor, and ecosystem support. While an MCU may meet the design requirements in terms of performance and power, the implementation of a secure design has a learning curve that may cause delays or result in security not being implemented adequately.

This article briefly discusses security considerations for edge IoT devices. It then introduces the Silicon Labs EFM32PG23 MCU and shows how to apply it for secure edge IoT designs, with an emphasis on low power.

Security issues with IoT devices

The number of remote attacks on internet-connected devices continues to rise. Embedded developers might be tempted to think that their IoT edge device doesn’t need security because it does not contain “anything valuable”. The truth is that nearly every device has something that a hacker might find valuable, whether it’s the sensor data, customer data, the actual firmware that is on the device, or the access the device provides as a back door to connected networks. Security is a critical feature that must be designed into every IoT edge device from the start: it shouldn’t be bolted onto the system at the end of the design cycle. Otherwise, the device will be highly vulnerable to attack.

Every IoT edge device has several areas of security that need to be considered such as device identification, device configuration, and software/firmware updates. Figure 1 shows a list of common concerns and how these concerns translate into a device security requirement. Each security requirement has an associated technology that is often used to meet that requirement and thwart would-be attackers.

Figure 1: The security concerns, requirements, and associated technology that designers of edge IoT applications need to consider are many. (Image source: Silicon Labs)

A big problem with a lot of the embedded teams developing IoT edge applications is that they don’t have in-house security expertise. The result is that they must either do their best internally to learn and implement security or use an external source. Either way, the cost and timing can be extraordinary.

An alternative exists: the development team can select an MCU designed with security in mind and which provides ready-to-use security solutions that require minor configuration adjustments for the application at hand.

Introduction to the Silicon Labs PG23 series MCU devices

The Silicon Labs EFM32PG23 series of microcontrollers is an interesting option for IoT edge device applications for several reasons. First, the PG23 MCU can run Silicon Labs’ own Secure Vault IoT security solution. Secure Vault is a platform for securing and future-proofing IoT devices that recently became the first IoT security solution to achieve PSA Certified Level 3 status. Some of the features that Secure Vault brings to PG23 MCUs include Secure Device Identity, Secure Key Management and Storage, and Advanced Tamper Detection.

Secure Vault takes advantage of a unique digital fingerprint generated by a physically unclonable function (PUF). A PUF can be used to create an AES symmetric key that physically disappears when the system powers down. The AES symmetric key doesn’t even exist when the chip is off, making it impossible to remove from the device. A PUF is an effective solution to the key management challenge facing many IoT edge applications. In fact, the PUF can scale to support as many keys as needed to support an application. Secure Vault also includes a tamper detection system that makes it so the key cannot be reconstructed once the device is shut down after a tamper event. The key security features can be summarized as:

• Secure attestation
• Secure key management
• Secure key storage
• Anti-tamper

Another reason that the PG23 MCUs are well-suited for IoT edge applications is that they are designed for low-power applications. The active current consumption for the PG23 is 21 microamperes per megahertz (µA/MHz). The current consumption is 1.03 µA with 16 kilobytes (Kbytes) of RAM active in EM2 mode, or 0.7 µA with the real-time clock (RTC) enabled in EM4 mode. Current consumption levels this low help developers as they work to design an energy-efficient device, whether it is plugged into a wall or battery-powered.

The last feature of the PG23 to be examined here is the MCU’s capabilities. The PG23 has an Arm® Cortex®-M33 processor clocked at up to 80 MHz. The processor can operate in the 1.71-volt to 3.8-volt range using a single power supply. For developers working on sensor applications, there is a low-energy sensor interface (LESENSE). The MCU comes in a 40-pin QFN package measuring 5×5 millimeters (mm) or a 48-pin QFN package measuring 6×6 mm. A block diagram of the PG23 is shown in Figure 2. The MCU also has five power states: EM0 for run mode, EM1 for sleep, EM2 for deep sleep, EM3 for stop, and finally, EM4 for shutoff.

Figure 2: The PG23 MCU has a wide range of peripherals, memory, and energy saving modes. (Image source: Silicon Labs)

Getting started with the PG23-PK2504A development board

The best way to get started with the PG23 is to use the PG23-PK2504A development board. The board has an EFM32PG23B310F512 processor that is supported by its own 512 Kbytes of flash and 64 Kbytes of RAM. The development board includes a wide range of onboard sensors, interfaces, and a 4×10 segment LCD (Figure 3).

Figure 3: The PG23-2504A development board comes with an EFM32PG23 MCU as well as a 4×10 segment LCD, temperature and humidity sensors, a voltage reference, and expansion interfaces. (Image source: Silicon Labs)

With the board in hand, developers can download and install Simplicity Studio (under the Getting Started tab). Simplicity Studio is a launching pad for everything needed to evaluate, configure, and develop with EFM32 microcontrollers. The software includes getting started materials, documentation, compatible tools, and resources.

When a developer opens Simplicity Studio and plugs in a development board, the software will identify the board and provide recommendations for example projects, documentation, and demos (Figure 4). The developer can then choose the best path for them to get started and begin experimenting with the PG23.

Figure 4: The Silicon Labs Simplicity Studio detects the board and provides customized recommendations for getting started, documentation, example projects, and more. (Image source: Silicon Labs)

One feature that is worth highlighting on the PG23-PK2504A development board is the switch that decides how the development board is powered. There are two options; AEM or BAT (Figure 5). In AEM mode, there is a current-sensing resistor in series with the LDO power supply and the PG23. The advantage of this mode is that developers can measure the current draw of the processor to assist in power optimization. Once the application is optimized, developers can switch to BAT mode to run the development board off a coin-cell battery.

Figure 5: The PG23-PK2504A provides an option to power the board through USB-C in its AEM mode, which allows the processor current to be measured. Alternatively, the processor can be powered through a CR2032 coin cell battery. (Image source: Silicon Labs)

Tips and tricks for minimizing energy usage in an IoT application

Minimizing the energy consumption is critical for every IoT edge design, whether they are battery operated or not. Optimizing a design for energy usage can be time-consuming if developers aren’t careful. Below are several "tips and tricks" developers should keep in mind that can help to quickly optimize an IoT application for low power:

• Use an event-driven software architecture. When the system is not processing an event, put it into a low-power state.
• Profile the system’s battery consumption over several charge/discharge cycles. Record the current draw and the operating voltage and plot them over time.
• Leverage low-power modes to automatically disable clocks, peripherals, and the CPU.
• In simple applications, explore using the Arm Cortex-M “sleep on exit” feature to minimize interrupt overhead when waking the system.
• If using an RTOS, leverage its “tickless” mode to prevent the RTOS from inadvertently waking up the system.
• When optimizing in iterations, track the energy savings of each change. At a certain point, developers discover a “knee” where the time spent optimizing has a low return on investment in terms of energy savings. It’s time to stop optimizing and move to the next stage.

Developers following these "tips and tricks" will save quite a bit of time and grief when getting started on their next secure, low-power IoT design.

Conclusion

The need for secure, low-power MCUs is increasing for IoT edge applications. Along with solid support for security, the factors designers need to consider in order to meet the needs of edge-based designs include processor core performance, efficiency, peripheral and I/O support, overall form factor, and ecosystem support.

As shown, the Silicon Labs EFM32PG23 MCU can help developers solve several issues associated with low-power design and device security. Its associated development board provides all the necessary tools to get started, and by following some important “tips and tricks”, a low-power design can be quickly implemented.