AI Security in a Flashless World with STM32N6 and PSOC Edge

By Dimitar Tomov

Protecting AI models and embedded applications on STM32N6 and PSOC Edge is more complex compared to existing platforms.

Our industry is used to having microcontrollers with internal flash memory but this is now changing with the new MCU solutions targeted at AI applications. Running AI at the edge requires performance for low latency and high accuracy, as well as memory capacity for computation of machine learning models that can take multiple inputs. These factors combined with the cost of memory drove silicon vendors to make a shift. Infineon Technologies offers the PSOC 6 AI Kit with 2MB of internal flash memory while the new PSOC Edge comes flashless with 5MB of SRAM for AI computation and 512kB RRAM for execution-in-place, but everything else like Wi-Fi and BLE drivers, OTA and cloud connectivity needs to go in an external memory. STMicroelectronics also released a new STM32N6 series targeted at AI workloads with 4.2MB of SRAM and no internal flash, the main firmware needs to live in an external QSPI memory.

We are used to having a single stage bootloader in ROM that passes control to our firmware application in internal memory. Now, this is also changing and we are seeing vendor solutions that talk about updatable Root of Trust because the second stage bootloader lives in external memory.

How to prepare for securing edge AI applications on new MCU platforms?

• Prepare for “on-the-fly encryption and decryption” architecture.
• Choose an external memory vendor that supports “on-the-fly decryption” as a minimum.
• Prepare for maintaining a second stage bootoader yourself or use off-the-shelf solutions.
• Without internal flash memory, enabling secure boot becomes not just mandatory but vital for establishing a strong RoT with the firmware living encrypted in external memory.

The industry has been moving toward this moment for quite some time and we have a very mature MCU platform like PSOC 6 that offers “execution-in-place” with support for “on-the-fly encryption and decryption." Here is a link to the Infineon appnote AN228740 Usage of Quad SPI (QSPI) / Serial Memory Interface (SMIF) in PSOC 6 MCU that describes this in detail and below you can find a dedicated quote about this functionality:

"The SMIF block has an inbuilt 128-bit AES encryption engine. This encryption hardware is dedicated for the SMIF block. This encryption is available for usage in both the Memory mapped (XIP) and command (MMIO) mode of operation. In the XIP mode the cryptography hardware supports on-the-fly encryption in write operations and on-the-fly decryption for read operations.”

Solutions like STM32L5 and STM32H7B3 from STMicroelectronics also have long introduced “on-the-fly Decryption” and now STM32N6 adds “On-the-fly encryption and decryption." However, this does not mean the industry has adopted these features as a standard practice. On the contrary, this adds complexity to the firmware architecture and security. We made these graphic comparisons of the new and old MCU series to help the reader visualize the significant changes in the modern architectures meant for Edge AI. Below we have the comparison of STM32H7 and STM32N7:

Here is the comparison between the popular PSOC 62 used in the PSOC 6 AI Kit and new PSOC Edge 84 meant for heavy edge AI applications:

What solutions exist to help with this change?

Our choices usually can be fit in these three categories:

• Vendor examples and templates
• Third-party solutions
• Own custom solution

STMicroelectronics offers two flavors of security examples and templates for STM32N6:

• FSBL — A fairly standard secure boot approach verifying and booting a user application.
• OEMuRoT — Secure boot with bootloader update (based on MCUBoot) stored in external memory.

It is difficult for us to name the most favorable solution as this depends on your project timeline and engineering capacity. As both STM32N6 and PSOC Edge are very new hardware platforms, the industry will depend at first on vendor examples and templates, and will slowly transition to more and more third-party solutions like Thistle Technologies.

Security at the edge does not become easier, it becomes more challenging. This is why the mission of Thistle is to make the enablement of secure boot an easy process for any platform, mature or new.