Microchip SAML10/11 Xplained Pro Evaluation Kits - Review

Table of contents

RoadTest: Microchip SAML10/11 Xplained Pro Evaluation Kits

Author: alejoseb

Creation date:

Evaluation Type: Development Boards & Tools

Did you receive all parts the manufacturer stated would be included in the package?: True

What other parts do you consider comparable to this product?: The Nuvoton's NuMaker PFM-M2351 board is a similar product featuring the Cortex-M23 and the TrustZone extension. However Nuvoton's board includes different on-board peripherals including wi-fi module and audio codec. In addition Nuvoton's board features Arduino compatible headers.

What were the biggest problems encountered?: There were no major issues, the lack of minimum accompanying information for the kits is unexpected. However the quality of the vendor's website compensates this initial impression. In addition, many basic examples cannot be tested because they require an expansion board (IO1 Xplained Pro) not included with the kit.

Detailed Review:

First of all I would like to thank Element14 for the awesome opportunity to review the SAML10/11 Xplained Pro Evaluation Kits.

I will start with a brief introduction, then I will walk through some examples running on the boards and I will finish with some Pros, Cons and conclusions.

 

Introduction: the SAM L10 and L11 Microcontroller Family

SAML10/11 are the Microchip's secure and low-power solutions for the new connected IoT devices [1]. This family of microcontrollers implement the new ARM Cortex-M23 processor family, which is based on the ARMv8-M architecture. ARMv8-M is the new ARM's architecture for real-time deterministic embedded processors [2]. This architecture improves debugging capabilities, simplifies the programmer's model for the MPU (memory protection unit), and includes the optional Security Extension for hardware base secure environments TrustZone [3].

 

The SAML10 microntroller family include all the new characteristics of the Cortex-M23 processor. It is aimed for ultra low power embedded applications that requires general purpose embedded control capabilities. In addition, this microcontroller family features enhanced enhanced peripheral touch controller and advanced analog [5]. The SAML11 microcontroller family offers the same capabilities and benefits of the SAML10 family, but it also integrates security oriented hardware, which includes ARM TrustZone, secure boot, crypto acceleration, secure key storage and chip-level tamper detection [1].

 

Microchip offers an end-to-end solution for secure embedded solutions. According to its web site, they offer a comprehensive solution based on  the robust secure hardware of the SAML11 microcontrollers and a complete software ecosystem.  This comprehensive solution leverages developer efforts and reduce the  time to market  of feature-rich and secure applications.

 

Documentation

The specific documentation used for this review is located on the following links:

Getting Started with the SAM L10/L11 Xplained Pro

SAM L10/L11 Xplained Pro User Guide

Design documentation (Include schematics, BOM, building files, etc.)

SAM L10/L11 Family Microcontroller Datasheet

 

SAML10/11 Xplained Pro Evaluation Kits overview

The SAML10/11 Xplained Pro evaluation kits are the official Microchip evaluation kits for the SAML10/11 microcontrollers [6], [7]. 

These microcontrollers suit IoT nodes, authenticated accessories, secure remote input devices, encrypted data loggers, etc

 

The key features of the boards are as follow:

• ATSAML10E16A-AU/ATSAML11E16A-AU microcontrollers

• One mechanical reset button

• One mechanical programmable button

• One QTouch button

• One user LED (yellow)

• 32.768 kHz crystal

• ATECC508A CryptoAuthentication IC (both boards implements this IC)

• Two Xplained Pro extension headers

• mikroBUS header

• X32 header

• Embedded debugger/programmer (EDBG) with power measurement capabilities, SPI/I2C/GPIO gateway and virtual COM port (CDC).

 

The following pictures depict the Xplained Pro board according to documentation, and the actual boards that I received. They came in static shielding bags and do not include any other accessories or USB cables.

 

image

image

 

Testing SAML10/11 Xplained Pro Evaluation Kits

I recommend to check the Getting Started with the SAM L10/L11 Xplained Pro.  This guide provide concise instructions to start testing the boards.

However, I will briefly go through the steps required to start with the testing.

 

First of all you need to install Atmel Studio IDE from the following link:

Atmel Studio

 

If you are familiar with Microsoft's Visual Studio, then you will enjoy of one of the most powerful IDEs available for embedded development.  This IDE is based on the same Microsoft's IntelliSense technology that assist you while you write code.

In my opinion, Atmel Studio outperforms many other free and commercial IDEs. However, this is the only development option, there is no official documentation to configure a command line (make, kconfig, etc) development environment.

 

After installing Visual Studio, you will need a Micro USB cable (not included in the kit) to connect your board to your PC.

After connecting your board to your PC, you will see that the drivers are located automatically by Windows and Atmel Studio will automatically recognize the connected board.

 

The next step is to explore the bast collection of examples provided by Atmel Start. I personally tested many of them for both SAML10 and SAML11. However, I only include 3 examples in this review. These examples shows basic and advanced charcateristics of the SAML10/11 Xpalined pro boards.  Specifically, these examples test on-board security ICs and the TrustZone available on the SAML11 microcontroller family.

 

Atmel Start

This is a practical tool to select and configure software components of an embedded application. This tool allows you to begin a project from scratch or quickly begin with plenty of examples for many evaluation boards including the SAML10/11 Xplained Pro boards.

Atmel start is offered by Microchip as a web application, or it is integrated directly on Atmel Studio.

 

Many of the examples for the SAML10/11 require the IO1 Xplained Pro expansion board, which is not included with the kit. This is unfortunate, becasue I was not able to test many of the microcontroller capabilities. For example,  the "IO1 Xplained Pro Low power demo" demonstrate the highlighted low-power capabilities of the SAML10/11 microcontrollers, but it requires a expansion board. In spite of the missed expansion board, there are still plenty of examples that you can try directly on the evaluation board without using any extra hardware.

 

Led Flasher

The first example that I tested was the led flasher---the blinky example---which is included in any development/evaluation platform.

For testing this example, within Atmel Studio you need to go to File->New->Atmel Start Example Program. This is going to show the Atmel Start tool interface. In this interface you need to select your board (SAML11 Xplained Pro in my case) and look for the Led flasher example. Select the example and click on Generate project. Atmel Studio will show you a dialog window to define the name of the project and the location to save it, you may provide the information accordingly. If this is the first time that you use Atmel Studio it is possible that it will install extra packages for the target board. You must agree with the installation of the missing packages. After installing missing packages  Atmel Studio will create all the required folders and include all the source files for your project.

At this point you are ready to compile and debug your code. Press F7 to build your solution, open the led_flasher_main.c file on the Solution Explorer and set a breakpoint,  then press Alt + F5 to start debugging. Atmel Studio will compile and flash your board automatically. The whole process to test the first example took me 5 minutes in total. It was a  very straight forward and clean process.  The following image shows a debugging session on Atmel studio for the led flasher example, it includes a break point,  the solution explorer and the content of base flash.

 

image

 

 

Node Authentication Basic example

According to Atmel Start documentation, "This project is an all-in-one example that uses the ATECC508A CryptoAuthenticationTM device to demonstrate secure node provisioning and node authentication using PKI methodology. Specific details include internal key generation, creation of signer and device certificates, and certificate chain verification from device to the certificate root.". Since, the ATECC508A IC is included in both evaluation boards you can test this example on either the SAML11 or SAML10.

 

You need a bit of background about asymmetric encryption and PKI (Public Key Infrastructure) to understand this example. You can check the following link to have a brief idea about it: Public key Infrastructure.

 

This example requires a serial  communication port to access the console and execute the commands of the example. You can use any external terminal software or the data visualizer of Atmel Studio. I used both, the data visualizer and Putty software with equal results. The following are the configuration parameters used on my test:

  • No parity
  • 8-bit character size
  • 1 stop bit
  • 115200 baud-rate

 

No issues were faced testing this example, similar to the previous led flasher example, compiling and flashing the code took less than 5 minutes. The following image shows the Data Visualizer accessing the serial console and the help menu of the Node Authentication Example.

image

 

 

This is an all-in-one example. It demonstrates the following roles of the secure implementation:

Provisioner: The role that configures and programs the ATECC508A for runtime use.

Client: The device to be authenticated, such as an accessory.

Host: The device which would perform the authentication and verification steps to ensure the device is authentic.

 

More details about the example can be read on the following link:

http://ww1.microchip.com/downloads/en/appnotes/atmel-8983-cryptoauth-atecc508a-node-example-asymmetric-pki-applicationno…

 

The following image shows the output on Putty of the client-provision command. It includes the output for Signer CA public key, Signer Public Key, Device Public Key and Signer Certificate.

image

The following image shows the verification of Root of Trust (certificate linkage) and the verification of the challenge. In this image we observe how the client is provided a random number and then returned the value signed by its private key. The host takes this value and verifies that the challenge was signed by the client using the public key of the signer (client). The example includes all the roles in a single device (CA, client, host) for didactic purposes, which not likely occur in a real application. However, my impression is that ATECC508A is a  good solution to provide a verification process of OEM devices. This verification process is difficult to forge due to the hardware based protection of the private keys of the client.

image

 

TrustZone getting started project

The following example is only compatible with the SAML11 Xplained pro board and exercises the ARM's TrustZone technology. This technology  "creates an isolated secure world which can be used to provide confidentiality and integrity to the system". In other words, TrustZone enables a "secure" and a "non-secure" world to execute trusted and non-trusted code, respectively.

The following image shows the trusted an not-trusted domains enabled by the the TrustZone technology.

 

image

Source: https://developer.arm.com/technologies/trustzone

 

This example is a bit more complex than the first two, because it requires the compilation of two projects under the same Atmel Studio solution. The first project is executed on the trusted domain (secure) and the second one is executed on the not-trusted domain (not-secure). This example shows how the not-trusted application can call code that is executed on the trusted domain. This call take place through specific  callable functions exposed by a secure gateway library (libsecure_gateway_veneer.lib), which keep isolated  secure resources from not-trusted code. The getting started guide provide excellent step by step instructions to configure, compile and cross-debug this example.

 

The following figure shows the not-secure code calling a secure callable function exposed by the libsecure_gateway_veneer.lib. Check that the argument passed to the callable secure function is "1".

image

 

The following function shows the wrapper function on the TrustZone venner library, and the received argument "1" coming from the not-secure code execution..

image

 

This last image show the implementation and execution of the called function on the secure domain. Check that the final operation is 1 + 3 as expected, but this time we are in the main file of the secure application.

image

 

 

 

Pros:

  • Good documentation, Microchip website is very well organized, you can easily find all the information to work with the evaluation kits.
  • Open source design files (plenty of useful information for the interested reader).
  • Powerful on-board programmer/debugger (EDBG), SPI, I2C and GPIO gateway, and serial COM. This is a very nice piece of hardware for testing and development of embedded applications. It is easy to use and fully supported by Atmel Studio and OpenOCD.
  • Comprehensive on-board characteristic (buttons, leds, expansion headers, capacitive button, crystal, etc.) for a meaningful evaluation of the target microcontroller.
  • Plenty of examples exercising the most important characteristics of the target microcontrollers
  • Power measuring capabilities on board. Very useful for a real evaluation of battery-powered devices. It is easily accessible on the Data Visualizer of Atmel Studio.
  • Solid evaluation board for secure embedded applications (SAML11). The ATECC5058A IC, included on both boards, is a nice add-on on board for ECDH (Elliptic Curve Diffie–Hellman) key agreement.
  • Atmel Studio is an Excellent IDE (very personal opinion image), and the Atmel Start is a very helpful configuration/development tool.

 

Cons:

  • The mikro Bus expansion headers of the evaluation boards are quite unpopular. I know that MikroElectronika provides plenty of expansion boards, but they are a bit expensive. Many vendors include mikro Bus expansion headers on their development boards, but this standard is far from being as popular as the Arduino headers.
  • Microchip does not offer a Linux based  IDE for the SAM family of microcontrollers. I admit that I really like Atmel Studio on Windows, but many makers, developers, researchers---including myself--- use UNIX like operating systems on their primary workstations. It would be nice to have more options and not only Atmel Studio.
  • The kit does not include the USB cable or basic documentation on box.
  • Many of the basic examples require the "IO1 Xplained Pro" extension board connected on the EXT1 header of the evaluation board. However, this expansion board is not included with the kit and I was not able to test many examples.

 

Conclusions/recommendations:

  • The SAML10/11 Xplained pro boards are solid evaluation boards of the new ARM's Cortex-M23 processor and TrustZone technology.
  • SAML10 and SAML11 share the same low-power consumption, enhanced touch sensor and advanced analog peripherals. SAML11 also includes ARM TrustZone, secure boot, crypto acceleration, secure key storage and chip-level tamper detection.
  • Microchip's end-to-end secure solution reduces the gap between secure implementation and and low-power devices.
  • I recommend to analyze the requirements of the evaluation board according to the characteristics that you plan to evaluate. Otherwise, you will not be able to test characteristics that require extra hardware or expansion boards.
  • If you are interested on secure embedded application backed by robust secure hardware, I recommend to carefully study and take advantage of the SAML11 microncontrollers.
  • If you are only interested on the low-power and deterministic characteristics of the Cortex-M23 processor, the SAML10 family could be enough for your needs.
Anonymous