NXP introduces a new generation of i.MX 9 application processors that redefine security and productivity at the edge

The introduction of the EdgeVerse family of application processors, including the i.MX 8ULP and i.MX 8ULP-CS(Cloud Security) Microsoft Azure Spher certification series and the new generation of the i.MX 9 series of intelligent application processors, expands its EdgeVerse portfolio. The expansion includes new innovations, EdgeLock security enclaves to enhance edge security, and the Energy Flex architecture to maximize energy efficiency.

"The next evolution of the edge will be driven by distributed intelligence across billions of devices, which will require profound innovation in processing, energy efficiency and security," said Ron Martino, senior vice president and general manager of NXP Semiconductors' edge processing business. "Our announcement marks an industry milestone for ultra-low power processing and trusted cloud-to-edge security."

EdgeLock Secure Enclave is a pre-configured security subsystem that simplifies the implementation of complex security technologies and helps designers avoid costly mistakes. It enhances the protection of edge devices by autonomously managing critical security functions such as root of trust, runtime authentication, trust provisioning, secure startup, key management, and encryption services, while also simplifying the path to industry-standard security certifications.

EdgeLock is able to intelligently track power conversion while end-user applications are running to help prevent new attack surfaces.

The Secure Enclave will be a standard integration feature across the entire i.MX 8ULP, i.MX 8ULP-CS with Azure Sphere, and i.MX 9 application processors, giving developers a wide range of compute scaling options to easily deploy security across thousands of edge applications.

Keeping edge devices secure long after initial deployment is a challenge, so NXP has partnered with Microsoft to bring Azure Sphere chip-to-cloud security capabilities to customers in the I.M.8ULP-CS (Cloud Security) application processor family.

The I.M.8ULP-CS with Azure Sphere integrates the Microsoft Pluton-enabled EdgeLock security enclave as a foundation of security trust built into the chip itself and as a key step toward achieving highly secure devices for a wide range of iot and industrial applications.

In addition to security hardware, Azure Sphere includes the secure Azure Sphere operating system, cloud-based Azure Sphere security services, and operating system updates and security improvements that last more than a decade. Azure Sphere chip-to-cloud security will be enabled on select products in the i.MX 9 family, giving developers a wider choice of processors to implement managed device security in their products.

"This partnership will empower a new class of connected devices with continuous security improvements, and the i.MX 8ULP-CS partnership with Microsoft Azure Sphere will provide partners with security, productivity and opportunity." Dr. Galen Hunt, Microsoft Azure Sphere Distinguished Engineer and Managing Director, said, "By combining the power and flexibility of the NXP I.X series of chips with intelligent, responsive, scaled Azure Sphere security, customers can transform products, services, and experiences with confidence. Because they know Microsoft supports them."

The i.MX 8ULP and i.MX 8ULP-CS series implement NXP's Energy Flex architecture, which improves energy efficiency by up to 75% over the previous generation by combining heterogeneous domain processing, design technology and 28-nanometer FD-SOI process technology. Embedded in these processors is a programmable power management subsystem that can manage more than 20 different power mode configurations to deliver superior energy efficiency - from full power down to as low as 30 microwatts.

With this range of flexible configurations, Oems and developers can customize application-specific power profiles to maximize energy efficiency.

NXP's i.MX 9 series debuts a new generation of scalable, high-performance processors The processor brings together a higher performance application core, an McU-like standalone real time domain, an Energy Flex architecture, state-of-the-art security with EdgeLock security enclaves, and a dedicated multi-perception data processing engine (graphics, images, display, audio, and voice).

The i.MX 9 series fully integrates hardware neural processing units for accelerating machine learning applications. This also marks the first time NXP has implemented the Arm Ethos U-65 micro NPU, which makes it possible to build low-cost, energy-efficient edge machine learning (ML). The first product lines in this series will feature 16/12nm FINFEt-class process technology with specific low-power optimizations.

NXP today announced the availability of EdgeLock™ Secure Zone, a pre-configured, self-managed and autonomous on-chip security subsystem that provides intelligent protection against attacks and threats for Internet of Things (IoT) edge devices. As a built-in security subsystem, it is fully integrated in NXP's upcoming i.MX 8ULP, i.MX 8ULP-CS, and i.MX 9 application processors, easing the complexity of implementing robust system-wide security intelligence for iot applications.

This security enclave makes it easier for developers to achieve their security goals, freeing them up to focus on new ways to differentiate their edge applications. By integrating security enclaves into many of its upcoming EdgeVerse™ processor families, NXP will provide developers with a wide range of scalable options to more easily deploy state-of-the-art security across thousands of edge applications. This includes smart home devices, wearables, portable healthcare devices, smart appliances, embedded controls and industrial iot systems.

"The billions of iot products deployed at the edge have become attractive targets for attack. Providing a security framework based on strong isolation enables device manufacturers to focus on functionality and rely on NXP's tested and proven security." "Said Wolfgang Steinbauer, Vice President and Head of Encryption and Security at NXP. Building on NXP's long history of providing end-to-end security solutions, we designed the EdgeLock Security enclave to simplify the deployment of robust security mechanisms and meet the growing demand for scalable, easy-to-implement iot security. Embedded developers can now focus on their application and time-to-market challenges, allowing EdgeLock Secure Enclave technology to handle the underlying complexity of securing iot."

"Security Headquarters," the fortress in the chip

The self-contained hardware-on-chip security subsystem has its own dedicated security kernel, internal ROM, secure RAM, and supports state-of-the-art side channel attack elastic symmetric and asymmetric encryption accelerators and hashing capabilities to provide a range of security services for other user-programmable cores within the SoC. In essence, a security enclave functions like a secure headquarters or fortress inside a system-on-chip (SoC), storing and securing critical assets, including RoT and encryption keys, to protect the system from physical and cyber attacks.

This subsystem is isolated from other processor cores that handle applications and real-time processing functions. This physically isolated architecture supports well-defined security boundaries within the SoC, simplifies the development of secure iot products, and enhances the security of SOCs and applications by isolating secure key storage management, cryptography, and other important security functions.

Beyond cryptography

Secure enclaves provide flexible policies and controls that extend security practices beyond mainstream cryptography. It autonomously manages critical security functions, including silicon trust roots, runtime authentication, trust provisioning, SoC security startup execution, fine-grained key management, and enhances advanced attack resistance with a wide range of encryption services, while also simplifying the path to security authentication.

Advanced tamper-proof detection

Advanced tamper detection and response technology protects the entire foundation of trust and ensures functional integrity during secure processor operation. When an attack is detected, the secure enclave system is designed to stop the attack.

Intelligent power management

The EdgeLock Secure enclave is designed to intelligently track power conversion while end-user applications are running on the processor. This unique "power awareness" capability enhances resistance and prevents new attack surfaces by enforcing security policies when heterogeneous cores of the application processor enter different power modes.

Administrative agent

It uses managed agents to extend security beyond the SoC domain of the security headquarters. These autonomous agents establish and maintain system-wide security functions, manage keys, and enforce policies across domains. These agents operate independently via a private bus within the SoC to ensure that other system domains, such as those running Linux or RTOS, are always protected, especially during power mode transitions.

Be ready

Pre-configured security policies help developers reduce the complexity of security implementation and avoid costly integration errors, speeding time to market. EdgeLock Secure Enclaves support services outside of the enclave, providing an easier path to secure authentication. This in-mode security technology also supports the latest iot use cases such as secure connectivity to public/private clouds, device-to-device authentication, and sensor data protection.

Availability

EdgeLock Secure Enclave will be fully integrated as a standard security feature into the i.MX 8ULP, i.MX 8ULP-CS and i.MX 9 application processor families, as well as more upcoming EdgeVerse products.