The company's RA6M4 MCU Group devices with the Flexible Software Package (FSP) have been PSA Level 2 certified, expanding on the PSA Certified Level 1 achieved by RA4 and RA6 Series MCUs. Renesas’ RA6M3, RA6M4, and RA4M2 MCU groups have achieved SESIP1 certification with Physical and Logical Attacker certifications.
Renesas said that in addition to these widely recognized industry certifications, the company's RA MCUs now offer customers improved levels of IoT security by combining Secure Crypto Engine IP with NIST CAVP certifications on top of Arm TrustZone for Armv8-M.
RA Family devices incorporate hardware-based security features from simple AES acceleration to fully-integrated crypto subsystems isolated within the MCU. The Secure Crypto Engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.
“Renesas understands that security is essential for IoT designers, so we have engineered the RA Family from the ground up with security in mind,” said Roger Wendelken, Senior Vice President in Renesas’ IoT and Infrastructure Business Unit. “These industry certifications augment what is already the most secure device family in the industry for IoT applications.”
PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. It provides standardised resources addressing the growing fragmentation of IoT requirements, ensuring security is no longer a barrier to product development.
PSA Certified through a third- party laboratory evaluation of a PSA Root of Trust (PSA-RoT), PSA Certified Level 2 provides evidence of protection against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.
SESIP is an optimised version of Common Criteria methodology (ISO 15408-3) for the evaluation of IoT components and connected platforms and defines a catalogue of Security Functional Requirements (SFRs), which the product developer can use to build their secure device, scaling appropriately for their specific threat model and use case. SESIP also incorporates and refines Common Criteria Security Assurance Requirements (SARs), including the requirement ALC_FLR.2 Flaw Reporting Procedures, which Renesas addresses with its Renesas PSIRT (Renesas Product Security Incident Response Team) process and public web interface.
Specifically designed for SFR reuse and mapping to other certifications, the SESIP methodology enables product developers to pursue appropriate certification of their device to other industry-standard certifications such as IEC 62443.