Download the Trustonic IoT Developer Kit – Secure By Design

Microchip and Trustonic have partnered to bring advanced hardware-based security to the SAM L11 microcontroller family. The first MCU to feature Arm TrustZone and Trustonic’s Kinibi-M Trusted Execution Environment (TEE), IoT developers and embedded systems developers can now build the most secure solutions with the easy to use toolkit.

With the growing need to robustly secure IoT devices, services and infrastructure, Trustonic and Microchip solutions combine to enable multiple secure use cases:

Get Started

This site provides everything you need to get up and running – SDK, software, demos and documentation. Starting to build your first secure IoT solution is easy

Secure IoT Development with Kinibi-M
  1. Get a Microchip SAML11 Xplained Pro board
  2. Download the free Developer SDK pack
  3. Browse additional resources
  4. Browse FAQs
  5. Build your secure IoT solution

IoT Developer Kit

Once you have submitted the download form, you will receive your download package by email. The download package contains the developer SDK, production SDK and the cloud enrollment demo. Additional resources and an FAQ are below and if you have questions after downloading the SDK please contact

Download the IoT Developer Kit

Trustonic IoT Developer SDK

The Developer SDK is the starting point to create secure software that leverages all the advanced security features offered by SAM L11 and the Kinibi-M TEE. The SDK contains all the necessary documentation and code samples to make development easy.

Trustonic has made advanced hardware-based security accessible and simple to use with an easy and comprehensive development flow.

The Developer SDK Contains:

  • Getting started documentation
  • Kinibi-M API documentation
  • Kinibi-M developers guide
  • Atmel Studio templates
  • Project examples (Samples)
  • Kinibi-M kernel
  • Software tools

OK, What Next?

The next step is to use the Production SDK to prepare your secure software and add it to Microchip SAM L11-KPH on the production line.

IoT Production SDK

The production SDK contains all the necessary tools to sign your secure software and program it in a secure way on the Microchip SAM L11-KPH.

The Production SDK Contains:

  • Production SDK user guide
  • Kinibi-M kernel
  • Software tools

IoT Cloud Enrollment Demo

This package contains all the components needed to build and demonstrate the secure automatic enrollment of an IoT device based on the Microchip SAM L11 chip on Google Cloud and Amazon AWS.

The Cloud Enrollment Demo Contains:

  • Demo documentation
  • Demo binaries and sources
  • Android App (APK) binaries and sources

Additional Resources

Demonstration Videos:

SAM L11 Security Features
A quick overview of SAM L11 security features, use cases, comprehensive security solution framework and demos to make your implementation of advanced security simple:


SAM L11 Trusted Execution Environment Demo
An overview of SAM L11 Trusted Execution Environment to implement a secure temperature sensor while counteracting malware and physical attacks:

More Microchip and Trustonic solution information:

Visit the Microchip SAM L11 website:

Download the Trustonic IoT product information:

Download the IoT Developer Kit

Request the IoT Developer Kit

  • This field is for validation purposes and should be left unchanged.


What is the difference between SAM L11 and SAM L11-KPH?

The two chips have identical silicon, but the -KPH version is pre-provisioned with the Trustonic Kinibi-M ‘Micro-TEE’ security solution, and in addition, every device is provisioned with a unique identity and cryptographic key during manufacture.

What can I use the pre-provisioned key for?

The pre-provisioned key, together with Trustonic’s Digital Holograms™ can be used to securely identify messages from a device built using the SAM L11 chip. This can, in turn, be used to dynamically provision additional keys or certificates in the field and/or distinguish genuine devices from forgeries and counterfeits.

Does the solution remove the need for traditional key injection or an external secure element?

In many case the -KPH device, together with Digital Holograms™ employed to identify the product built using the chip, can remove the need for additional key deployment during manufacturing.

Can we custom program SAM L11-KPH?

Absolutely. Customers can add both ‘secure world modules’ and ‘normal world’ code and data, together with additional keys, as needed. Secure world modules are flashed ‘execute only’, protecting their IP whilst allowing factories further down the manufacturing chain to flash additional software.

What is the pricing for Digital Holograms™?

Digital Holograms™ are freely available from Trustonic. Trustonic provides free access to the attestation service during development, and will normally make a per-attestation charge for production use. Contact Trustonic to discuss for terms tailored to your project.

Can the same Digital Holograms™ be added to multiple devices?

Each Digital Holograms™ is unique – much like a serial number – though larger numbers of Digital Holograms™ can represent the same product identity or event. There is a software API to add a Digital Holograms™ to a device, callable from any code running on the device. Typically, this is done either via flashing the Digital Holograms™ and ingesting it from flash, or by sending it over a UART link.