Secure IoT Development with Kinibi-M

Microchip and Trustonic

Microchip and Trustonic have partnered to bring advanced hardware-based security to the SAM L11 microcontroller family. The first MCU to feature Arm TrustZone and Trustonic’s Kinibi-M Trusted Execution Environment (TEE), IoT developers and embedded systems developers can now build the most secure solutions with the easy to use toolkit.

With the growing need to robustly secure IoT devices, services and infrastructure, Trustonic and Microchip solutions combine to enable multiple secure use cases:

IP protection with Trustonic’s Kinibi-M TEE:

  • Device authenticity verification throughout lifecycle using Trustonic Attestation
  • Digital Holograms
  • Secure automatic cloud enrolment
  • Over-production detection

Getting started

This site provides everything you need to get up and running – SDK, software, demos and documentation. Starting to build your first secure IoT solution is easy.

IoT Developer Kit

Once you have submitted the download form, you will receive your download package by email. The download package contains the developer SDK, production SDK and the cloud enrolment demo. Additional resources and an FAQ are below and if you have questions after downloading the SDK please contact iot.support@trustonic.com.

Request Download Link

  • TRUSTONIC IOT SECURITY SDK LICENCE FOR MICROCHIP SAML11 This licence agreement (Licence) is a legal agreement between you (Licensee or you) and TRUSTONIC LIMITED a company registered in England having its offices at 20 Station Road, Cambridge, CB1 2JD, UK (Licensor, us or we) for the Trustonic SDK We license use of the Trustonic SDK to you on the basis of this Licence. We do not sell the Trustonic SDK to you. We remain the owners of the Trustonic SDK at all times. 1. DEFINITIONS Licence means this licence and any validly executed amendments made to it by the parties. Business Day means a day (other than a Saturday, Sunday or a public holiday) when banks in Paris are open for business. Confidential Information means: i. Licensor Group confidential information: Business and technical information including the Trustonic SDK, specification, business models and roadmap related to Trusted Platform Technologies which includes but are not limited to content protection technologies, trusted computing components, Over-The-Air Provisioning (OTAP), back-end content and key management services and all information contained in the Licensor’s developer web sites for development and support; and ii. Licensee Group confidential information: Business and technical information including but not limited to specifications, business models and roadmaps related to Licensee Group’s products and technologies; and iii. where such information designated in writing by either party or its respective Subsidiaries, by appropriate legend, as confidential relating to (i) and (ii) above, as applicable; and iv. any information relating to (i) and (ii) above, as applicable, which if first disclosed orally by either party or its respective Subsidiaries is identified as confidential at the time of disclosure and is thereafter reduced to writing for confirmation and sent to the other party or its respective Subsidiaries within thirty (30) days after its oral disclosure; and v. notwithstanding (iii) and (iv) above, any information relating to (i) and (ii) above, as applicable, that should reasonably have been understood by the receiving party to be confidential or proprietary regardless of whether it has been marked, designated or confirmed in writing as such; and vi. the terms and conditions of this Licence. Derivative Works shall mean any work, whether in source code, object code, or executable form, that is based on (or derived from) the Example Source Code only and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. Effective Date means the date that the Licensor makes the Trustonic SDK available to the Licensee. Example Source Code means the example source code provided with the Trustonic SDK. Excluded License means any licence that requires as a condition of use, modification and/or distribution of software subject to the Excluded License, that such software (or other software combined and/or distributed with such software) be (i) disclosed or distributed in source code form; (ii) licensed for the purpose or making Derivative Works; or (iii) re-distributable at no charge. Import/Export Legislation means any applicable laws in force from time to time regarding import/export regulations, tax and/or customs and duties. Licensee Software means software developed by LICENSEE using the Trustonic SDK. Open Source Software means the open source, public domain and other third-party software set out in the open source license file contained within the Trustonic SDK as detailed in clause 2.8. Person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality). Subsidiaries means any company the majority of whose voting shares is now or hereafter, owned or controlled, directly or indirectly, by a party hereto, as applicable. A company shall be a Subsidiary only for the period during which such control exists. Trustonic SDK means the IOT security software development kit provided by LICENSOR that enables LICENSEE to develop, to run on Microchip SAML11, security software and develop other software to interface with such security software. 2. LICENCE 2.1. From the Effective Date and subject always to the terms of this Licence and subject to LICENSOR receiving the necessary export licence and clearance, LICENSOR grants to LICENSEE a non-transferable, non-exclusive, perpetual, limited licence for the Term to: a) Use the Trustonic SDK to develop, modify and commercialize LICENSEE Software to be used solely in conjunction with Microchip Technology Inc.’s SAML11 microcontroller; b) Use the Example Source Code for the purposes of supporting the activities set out in clause 2.1(a) and to prepare Derivative Works of the Example Source Code. together the Licence. 2.2. LICENSEE may only copy or part copy the Trustonic SDK as reasonably required to exercise its rights under clause 2.1. LICENSEE shall ensure that all such copies contain any copyright and other proprietary notices which were provided with the Trustonic SDK. 2.3. Save as provided for in clause 2.1, LICENSEE shall not: a) distribute, disclose or otherwise provide or make available the Trustonic SDK; b) modify, adapt or create Derivative Works of the Trustonic SDK (in whole or in part); c) modify, adapt or alter the Trustonic SDK (in whole or in part) d) decompile, disassemble, reverse engineer or convert the whole or any part of the Trustonic SDK, or determine or attempt to determine any source code, algorithms, methods or techniques embodied in the Trustonic SDK, including but not limited to Trustonic TEE binaries, (except to the extent that such restriction on decompiling, disassembly or reverse engineering is prohibited by law. e) remove or alter any copyright, patent, confidentiality or other proprietary notices appearing on or in copies of the Trustonic SDK; f) assign, sublicense, part with possession of, lend, or transfer (or purport to assign, sublicense, part with possession of, lend or transfer) any part of the Trustonic SDK to any other Person or fail to keep the Trustonic SDK safe and secure; or g) use, reproduce or otherwise exploit the Trustonic SDK. 2.4. LICENSEE shall ensure that the Trustonic SDK and any other products, software or technology received from LICENSOR under this Licence, will not be exported, diverted, transferred or otherwise disposed of in violation of the Import/Export Legislation, either in their original form or after being incorporated into other items. 2.5. If LICENSEE discovers or is made aware of any known security issue that could affect the Trustonic SDK and any other related Trustonic products and services, then LICENSEE shall report such security issue to LICENSOR promptly and confidentially via LICENSOR’s public website (www.trustonic.com) or by emailing security@trustonic.com. 2.6. The Open Source Software shall be deemed to be incorporated within the Trustonic SDK for the purposes of this Licence and LICENSEE’s use of the Open Source Software shall be subject to, and LICENSEE agrees to comply with, the terms of use of the Open Source Software. If any Open Source Software license requires that LICENSOR provide LICENSEE any rights, or imposes any restrictions or other terms with respect to the Open Source Software that are inconsistent with or in addition to the licenses or other terms of this Licence, then the applicable Open Source Software license will take precedence over such licenses or other terms, but only with respect to the applicable Open Source Software. 2.7. Except in relation to the Open Source Software and in such case only to the extent strictly required to comply with the terms of use of the Open Source Software, LICENSEE shall not use the Trustonic SDK in any way that would cause any part of it to become subject to any of the terms of an Excluded License. 2.8. The Trustonic SDK comprises: • Developer SDK that includes o Documentation o Zip files containing the templates for secure software and non-secure software used in Atmel Studio o Non modifiable source code and scripts o Example source code in the Samples directory o Debug version of Kinibi-M in binary format not to be used for commercial deployment • Production SDK o Documentation o Non modifiable source code and scripts o Example source code in the Example scripts directory o Production version of Kinibi-M in binary format • Cloud Enrollment Demo o Documentation o Debug version of Kinibi-M in binary format o Example source code The Open Source Software comprises the following files which are licensed under the terms of the Apache 2.0 license: http://www.apache.org/licenses/LICENSE-2.0. • Developer SDK: o samI11e16a_sram.ld o samI11e16a_flash.ld o system_samI11e16a.c o startup_samI11e16a.c o ns_delay.c o ns_delay.h Copyright © 2017 Microchip Technology Inc. • Production SDK: o Tools/ed25519_sha256_tric/bin/ed25519_sha256_tric Copyright © 2017 Aalto University, Secure System Group and © 2017 Trustonic Limited. • Cloud Enrollment Demo: o samI11e16a_sram.ld o samI11e16a_flash.ld o system_samI11e16a.c o startup_samI11e16a.c o ns_delay.c o ns_delay.h Copyright © 2017 Microchip Technology Inc. 3. CONFIDENTIALITY 3.1. Each party will keep confidential all Confidential Information supplied by the other party, and shall not without the prior written consent of the other party use, exploit, make copies, disclose or make available to any third party the Confidential Information, in whole or in part, for any purpose whatsoever except for the purposes permitted or set out under this Licence and only to the extent necessary for those purposes, and each shall inform its employees and contractors of their duty of confidentiality. Each party warrants that it has the right to make the disclosures under this Licence. Except as expressly stated in this Licence, the Confidential Information is provided “as is” and accordingly no party makes any express or implied warranty or representation concerning its Confidential Information, or the accuracy or completeness of the Confidential Information. Each party will protect the disclosed Confidential Information by using the same degree of care (but no less than a reasonable degree of care to prevent the unauthorised use, dissemination, or publication of the Confidential Information) as the receiving party uses to protect its own confidential information of a like nature and upon discovery of any actual, threatened or improper disclosure or other misuse of Confidential Information promptly notify the disclosing party and act to prevent any further disclosure or misuse. This obligation shall survive for 5 years from termination of this Licence. LICENSEE acknowledges that, due to the unique nature of LICENSOR’s Confidential Information, the unauthorised disclosure or use of such Confidential Information will cause irreparable harm and significant injury to Licensor, the extent of which will be difficult to ascertain and for which there will be no adequate remedy at law. Accordingly, LICENSEE agrees that LICENSOR, in addition to any other available remedies, will have the right to an immediate injunction and other equitable relief enjoining any breach or threatened breach of this clause 3, without the necessity of posting any bond or other security. LICENSEE will notify LICENSOR in writing immediately upon Recipient’s becoming aware of any such breach or threatened breach. 3.2. The obligations of confidentiality shall not extend to any part of the confidential information which: a) is already known to the receiving party prior to its disclosure by the disclosing party without obligations of confidentiality or restrictions on disclosure; or b) is lawfully received by the receiving party from a third party; or c) independently developed by the recipient without recourse to the Confidential Information; or d) is required to be disclosed by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction to the extent of such required disclosure; or e) becomes generally available to the public without breach of this clause 3 by the receiving party; or f) the disclosing party agrees in writing by an offer of the disclosing party that it can be disclosed by the receiving party to a third party without restriction. 4. INTELLECTUAL PROPERTY RIGHTS 4.1. Except as expressly licensed to LICENSEE under this Licence, the Trustonic SDK and all intellectual property contained within (including all modifications, enhancements and Derivative Works of the Trustonic SDK by whomever created or developed) are and will remain the property of LICENSOR or its licensors. Licensee will not obtain under this Licence, and nothing in this Licence is intended to or will be deemed to grant to LICENSEE (i) any title or ownership interest in or to the Trustonic SDK or any other property of LICENSOR or its licensors or (ii) any license or other right, whether by implication, estoppel or otherwise, except for the limited licenses expressly granted to LICENSEE hereunder. 4.2. LICENSOR warrants that as far as it is aware, the Trustonic SDK does not infringe any third party’s intellectual property rights. If any valid claim of breach of such warranty is brought to the attention of LICENSOR it may: a) obtain a licence from the third party so that the Trustonic SDK does not infringe; or b) provide a non-infringing substitute for the Trustonic SDK; or c) terminate this Licence immediately. 4.3. The intellectual property rights in the Licensee Software shall on creation of the rights vest in the LICENSEE. 4.4 LICENSEE must inform LICENSOR, in writing, if the LICENSEE becomes aware of any breach of the warranty in clause 4.2, permit LICENSOR to deal with any claim and give LICENSOR, at its reasonable cost, all reasonable assistance in relation to any claim. 5. WARRANTIES 5.1. The Trustonic SDK is provided “AS IS”. Accordingly, LICENSOR makes no express or implied warranty or representation concerning the Trustonic SDK, or its accuracy or completeness and therefore excludes all conditions, warranties and representations (express or implied), statutory or otherwise in respect of the Trustonic SDK. 6. LIMITATION OF LIABILITY 6.1. EXCEPT FOR INJURY TO OR DEATH OF ANY PERSON CAUSED BY LICENSOR’S NEGLIGENCE (FOR WHICH NO LIMIT APPLIES), LICENSOR WILL NOT BE LIABLE UNDER CONTRACT, TORT (INCLUDING IN EACH CASE NEGLIGENCE) OR ANY OTHER LEGAL THEORY FOR ANY LOSS OF PROFITS OR ANY INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGE (INCLUDING LOSS OR DAMAGE TO LICENSEE’S (OR ANY OTHER’S) DATA OR COMPUTER PROGRAMS) ARISING OUT OF, OR IN CONNECTION WITH, THE TRUSTONIC SDK OR THIS LICENCE. IN ANY EVENT AND NOTWITHSTANDING THE FOREGOING, LICENSOR’S TOTAL AGGREGATE LIABILITY FOR ANY LOSS OR DAMAGE IN RESPECT OF THE TRUSTONIC SDK OR THIS LICENCE WILL NOT EXCEED €50. 6.2. LICENSEE SHALL BE EXCLUSIVELY RESPONSIBLE FOR ANY APPLICATIONS AND ACCORDINGLY LICENSEE SHALL INDEMNIFY LICENSOR IN RESPECT OF ALL COSTS DAMAGES AND EXPENSES INCURRED AS A RESULT OF ANY CLAIMS BY THIRD PARTIES IN TORT OR OTHERWISE AGAINST LICENSOR ARISING IN ANY WAY OUT OF THE USE OF APPLICATIONS OR THE TRUSTONIC SDK BY THIRD PARTIES OR THE LICENSEE SOFTWARE, PROVIDED THAT LICENSOR WILL PERMIT THE LICENSEE TO DEAL WITH ANY CLAIM AND GIVE THE LICENSEE, AT THE LICENSEE’S REASONABLE COST, ALL REASONABLE ASSISTANCE IN RELATION TO ANY CLAIM. IN RELATION TO ANY SUCH CLAIM, LICENSEE AGREES AT ITS OWN EXPENSE, TO (I) DEFEND LICENSOR FROM AND AGAINST ANY AND ALL SUCH CLAIMS, AND (II) PAY ANY FINAL SETTLEMENT OR AMOUNT AWARDED IN ANY FINAL JUDGMENT RENDERED ON SUCH CLAIM. 7. TERM AND TERMINATION 7.1. Either party may terminate this Licence at any time by giving written notice to the other party if the other party commits any material breach of this Licence and (in the case of a breach which is not persistent and can be remedied) have failed, within 30 days after receipt of a request in writing to do so, to remedy the breach. 7.2. On termination for any reason all rights granted to LICENSEE under this Licence shall cease. LICENSEE must immediately cease all activities authorised by this Licence. LICENSEE must immediately delete or remove the Trustonic SDK from all hardware, and immediately destroy all copies of the Trustonic SDK and related documents then in LICENSEE’S possession, custody or control and certify to LICENSOR that LICENSEE has done so. 7.3. Termination will not affect any accrued rights of action or liabilities of either party, nor will it affect the coming into force or continuance in force of any provision of this Licence which is expressly, or by implication, intended to come into or continue in force on or after ending this Licence, including but not limited to clauses 2.6, 5, 6, 7 and 8.10. 8. GENERAL 8.1. Force majeure a) Neither party shall in any circumstances be in breach of this Licence nor liable for delay in performing, or failure to perform, any of its obligations under this Licence if such delay or failure results from events, circumstances or causes beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of LICENSEE or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. In such circumstances, the affected party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for six months, the party not affected may terminate this Licence by giving 30 days’ written notice to the other party. 8.2. Waiver a) A waiver of any right under this Licence is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and the circumstances for which it is given. b) Unless specifically provided otherwise, rights arising under this Licence are cumulative and do not exclude rights provided by law. 8.3. Severance a) If any provision of this Licence (or part of a provision) is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions will remain in force. b) If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision will apply with whatever modification is necessary to give effect to the commercial intention of the parties. 8.4. Entire Agreement a) This Licence and any documents referred to in it constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter of this Licence. b) Each party acknowledges that, in entering into this Licence and the documents referred to in it, it does not rely on any statement, representation (whether innocent or negligent), assurance or warranty of any Person (whether a party to this Licence or not) other than as expressly set out in this Licence or those documents. c) Nothing in the clause shall limit or exclude any liability for fraud. 8.5. Amendments a) Save as expressly provided in this Licence, no amendment or variation of this Licence shall be effective unless in writing and signed by a duly authorised representative of each of the parties to it. 8.6. Assignment a) LICENSEE shall not, without the prior written consent of LICENSOR, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Licence. b) LICENSOR may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Licence. 8.7. No partnership or agency a) Nothing in this Licence is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party. 8.8. Third party rights a) This Licence is made for the benefit of the parties to it and (where applicable) their successors and permitted assigns, and is not intended to benefit, or be enforceable by, anyone else. 8.9. Notices a) Any notice under this Licence must be in writing and must be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Licence or such other address as may have been notified by that party for such purposes, or sent by fax to the other party’s fax number as set out in this Licence. b) A notice delivered by hand will be deemed to have been received when delivered (or if delivery is not in normal business hours, at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post will be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax will be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender). 8.10. Governing law and jurisdiction a) This Licence and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by and construed in accordance with the laws of England. b) The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any disputes or claims arising out of or in connection with this Licence, its subject matter or its formation (including non-contractual disputes or claims). 8.11 Anti-bribery and anti-corruption a) LICENSEE shall comply with all applicable laws, statutes, regulations, and codes relating to anti-bribery and anti-corruption including but not limited to the UK Bribery Act 2010 and promptly report to LICENSOR any request or demand for any undue financial or other advantage of any kind received by LICENSEE in connection with the performance of this Licence. 8.12 Interpretation a) Clause headings shall not affect the interpretation of this Licence. b) A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established. c) Unless the context otherwise requires, words in the singular shall include the plural and in the plural include the singular. d) A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time. e) References to clauses are to the clauses of this Licence. f) A reference to writing or written includes faxes and e-mail.
  • This field is for validation purposes and should be left unchanged.

Developer SDK

The Developer SDK is the starting point to create secure software that leverages all the advanced security features offered by SAM L11 and the Kinibi-M TEE. The SDK contains all the necessary documentation and code samples to make development easy.

Trustonic has made advanced hardware-based security accessible and simple to use with an easy and comprehensive development flow.

The Developer SDK contains:

  • Getting started documentation
  • Kinibi-M API documentation
  • Kinibi-M developers guide
  • Atmel Studio templates
  • Project examples (samples)
  • Kinibi-M kernel
  • Software tools

IoT Production SDK

The IOT Developer Kit also contains the Production SDK which contains all the necessary tools to sign your secure software and program it in a secure way on the Microchip SAM L11-KPH.

The Production SDK contains:

  • Production SDK user guide Kinibi-M kernel
  • Software tools
  • IoT Cloud Enrolment Demo

Cloud Enrolment Demo

The third package in the IOT development kit is the cloud enrolment demo.

This package contains all the components needed to build and demonstrate the secure automatic enrolment of an IoT device based on the Microchip SAM L11 chip on Google Cloud and Amazon AWS.

The Cloud Enrolment Demo contains:

  • Demo documentation
  • Demo binaries and sources
  • Android App (APK) binaries and sources

Additional Resources

Video: SAM L11 Security Features
A quick overview of SAM L11 security features, use cases, comprehensive security solution framework and demos to make your implementation of advanced security simple.

Video: SAM L11 Trusted Execution Environment Demo
An overview of SAM L11 Trusted Execution Environment to implement a secure temperature sensor while counteracting malware and physical attacks.

More Microchip and Trustonic solution information: visit the Microchip SAM L11 website.

Kinibi-M FAQs

What is the difference between SAM-L11 and SAM-L11 KPH
The two chips have identical silicon, but the -KPH version is pre-provisioned with the Trustonic Kinibi-M ‘Micro-TEE’ security solution, and in addition every device is provisioned with a unique identity and cryptographic key. In addition, Kinibi-M is only licensed for production use on the SAM-L11 KPH.

What can I use the pre-provisioned key for?
The pre-provisioned key, together with Trustonic Digital Holograms™ can be used to securely identify message from a device built using the SAM-L11. This can in turn be used to dynamically provision additional keys or certificate in the field and/or distinguish genuine devices from forgeries.

Does the solution remove the need for traditional key injection or an external secure element?
In many cases the -KPH device, together with digital holograms to identify the product built using the MPU, can remove the need for additional key deployment during manufacturing.

Can we custom program SAML11-KPH
Absolutely. Customers can add both ‘secure world modules’ and ‘normal world’ code and data, together with additional keys, as needed. Secure world modules are flashed ‘execute only’, protecting their IP whilst allowing factories further down the manufacturing chain to flash additional software.

What is the pricing for Digital Holograms?
Digital Holograms are freely available. Trustonic provides free access to the attestation service during development, and will normally make a per-attestation charge for production use. Contact Trustonic to discuss for terms tailored to your project.

Can the same hologram be added to multiple devices?
Each hologram is unique – much like a serial number – though larger numbers of holograms can represent the same product identity or event. There is a software API to add a hologram to a device, callable from any code running on the device. Typically, this is done either via flashing the hologram and ingesting it from flash, or by sending it over a UART link.

Get in touch

Contact us to find out more

Please leave us a message and
our team will get back to you.

Oops! We could not locate your form.

Loading