RoadTest: Microchip SAML10/11 Xplained Pro Evaluation Kits
Author: alejoseb
Creation date:
Evaluation Type: Development Boards & Tools
Did you receive all parts the manufacturer stated would be included in the package?: True
What other parts do you consider comparable to this product?: The Nuvoton's NuMaker PFM-M2351 board is a similar product featuring the Cortex-M23 and the TrustZone extension. However Nuvoton's board includes different on-board peripherals including wi-fi module and audio codec. In addition Nuvoton's board features Arduino compatible headers.
What were the biggest problems encountered?: There were no major issues, the lack of minimum accompanying information for the kits is unexpected. However the quality of the vendor's website compensates this initial impression. In addition, many basic examples cannot be tested because they require an expansion board (IO1 Xplained Pro) not included with the kit.
Detailed Review:
First of all I would like to thank Element14 for the awesome opportunity to review the SAML10/11 Xplained Pro Evaluation Kits.
I will start with a brief introduction, then I will walk through some examples running on the boards and I will finish with some Pros, Cons and conclusions.
SAML10/11 are the Microchip's secure and low-power solutions for the new connected IoT devices [1]. This family of microcontrollers implement the new ARM Cortex-M23 processor family, which is based on the ARMv8-M architecture. ARMv8-M is the new ARM's architecture for real-time deterministic embedded processors [2]. This architecture improves debugging capabilities, simplifies the programmer's model for the MPU (memory protection unit), and includes the optional Security Extension for hardware base secure environments TrustZone [3].
The SAML10 microntroller family include all the new characteristics of the Cortex-M23 processor. It is aimed for ultra low power embedded applications that requires general purpose embedded control capabilities. In addition, this microcontroller family features enhanced enhanced peripheral touch controller and advanced analog [5]. The SAML11 microcontroller family offers the same capabilities and benefits of the SAML10 family, but it also integrates security oriented hardware, which includes ARM TrustZone, secure boot, crypto acceleration, secure key storage and chip-level tamper detection [1].
Microchip offers an end-to-end solution for secure embedded solutions. According to its web site, they offer a comprehensive solution based on the robust secure hardware of the SAML11 microcontrollers and a complete software ecosystem. This comprehensive solution leverages developer efforts and reduce the time to market of feature-rich and secure applications.
The specific documentation used for this review is located on the following links:
Getting Started with the SAM L10/L11 Xplained Pro
SAM L10/L11 Xplained Pro User Guide
Design documentation (Include schematics, BOM, building files, etc.)
SAM L10/L11 Family Microcontroller Datasheet
The SAML10/11 Xplained Pro evaluation kits are the official Microchip evaluation kits for the SAML10/11 microcontrollers [6], [7].
These microcontrollers suit IoT nodes, authenticated accessories, secure remote input devices, encrypted data loggers, etc
The key features of the boards are as follow:
• ATSAML10E16A-AU/ATSAML11E16A-AU microcontrollers
• One mechanical reset button
• One mechanical programmable button
• One QTouch button
• One user LED (yellow)
• 32.768 kHz crystal
• ATECC508A CryptoAuthentication IC (both boards implements this IC)
• Two Xplained Pro extension headers
• mikroBUS header
• X32 header
• Embedded debugger/programmer (EDBG) with power measurement capabilities, SPI/I2C/GPIO gateway and virtual COM port (CDC).
The following pictures depict the Xplained Pro board according to documentation, and the actual boards that I received. They came in static shielding bags and do not include any other accessories or USB cables.
I recommend to check the Getting Started with the SAM L10/L11 Xplained Pro. This guide provide concise instructions to start testing the boards.
However, I will briefly go through the steps required to start with the testing.
First of all you need to install Atmel Studio IDE from the following link:
If you are familiar with Microsoft's Visual Studio, then you will enjoy of one of the most powerful IDEs available for embedded development. This IDE is based on the same Microsoft's IntelliSense technology that assist you while you write code.
In my opinion, Atmel Studio outperforms many other free and commercial IDEs. However, this is the only development option, there is no official documentation to configure a command line (make, kconfig, etc) development environment.
After installing Visual Studio, you will need a Micro USB cable (not included in the kit) to connect your board to your PC.
After connecting your board to your PC, you will see that the drivers are located automatically by Windows and Atmel Studio will automatically recognize the connected board.
The next step is to explore the bast collection of examples provided by Atmel Start. I personally tested many of them for both SAML10 and SAML11. However, I only include 3 examples in this review. These examples shows basic and advanced charcateristics of the SAML10/11 Xpalined pro boards. Specifically, these examples test on-board security ICs and the TrustZone available on the SAML11 microcontroller family.
This is a practical tool to select and configure software components of an embedded application. This tool allows you to begin a project from scratch or quickly begin with plenty of examples for many evaluation boards including the SAML10/11 Xplained Pro boards.
Atmel start is offered by Microchip as a web application, or it is integrated directly on Atmel Studio.
Many of the examples for the SAML10/11 require the IO1 Xplained Pro expansion board, which is not included with the kit. This is unfortunate, becasue I was not able to test many of the microcontroller capabilities. For example, the "IO1 Xplained Pro Low power demo" demonstrate the highlighted low-power capabilities of the SAML10/11 microcontrollers, but it requires a expansion board. In spite of the missed expansion board, there are still plenty of examples that you can try directly on the evaluation board without using any extra hardware.
The first example that I tested was the led flasher---the blinky example---which is included in any development/evaluation platform.
For testing this example, within Atmel Studio you need to go to File->New->Atmel Start Example Program. This is going to show the Atmel Start tool interface. In this interface you need to select your board (SAML11 Xplained Pro in my case) and look for the Led flasher example. Select the example and click on Generate project. Atmel Studio will show you a dialog window to define the name of the project and the location to save it, you may provide the information accordingly. If this is the first time that you use Atmel Studio it is possible that it will install extra packages for the target board. You must agree with the installation of the missing packages. After installing missing packages Atmel Studio will create all the required folders and include all the source files for your project.
At this point you are ready to compile and debug your code. Press F7 to build your solution, open the led_flasher_main.c file on the Solution Explorer and set a breakpoint, then press Alt + F5 to start debugging. Atmel Studio will compile and flash your board automatically. The whole process to test the first example took me 5 minutes in total. It was a very straight forward and clean process. The following image shows a debugging session on Atmel studio for the led flasher example, it includes a break point, the solution explorer and the content of base flash.
According to Atmel Start documentation, "This project is an all-in-one example that uses the ATECC508A CryptoAuthenticationTM device to demonstrate secure node provisioning and node authentication using PKI methodology. Specific details include internal key generation, creation of signer and device certificates, and certificate chain verification from device to the certificate root.". Since, the ATECC508A IC is included in both evaluation boards you can test this example on either the SAML11 or SAML10.
You need a bit of background about asymmetric encryption and PKI (Public Key Infrastructure) to understand this example. You can check the following link to have a brief idea about it: Public key Infrastructure.
This example requires a serial communication port to access the console and execute the commands of the example. You can use any external terminal software or the data visualizer of Atmel Studio. I used both, the data visualizer and Putty software with equal results. The following are the configuration parameters used on my test:
No issues were faced testing this example, similar to the previous led flasher example, compiling and flashing the code took less than 5 minutes. The following image shows the Data Visualizer accessing the serial console and the help menu of the Node Authentication Example.
This is an all-in-one example. It demonstrates the following roles of the secure implementation:
Provisioner: The role that configures and programs the ATECC508A for runtime use.
Client: The device to be authenticated, such as an accessory.
Host: The device which would perform the authentication and verification steps to ensure the device is authentic.
More details about the example can be read on the following link:
The following image shows the output on Putty of the client-provision command. It includes the output for Signer CA public key, Signer Public Key, Device Public Key and Signer Certificate.
The following image shows the verification of Root of Trust (certificate linkage) and the verification of the challenge. In this image we observe how the client is provided a random number and then returned the value signed by its private key. The host takes this value and verifies that the challenge was signed by the client using the public key of the signer (client). The example includes all the roles in a single device (CA, client, host) for didactic purposes, which not likely occur in a real application. However, my impression is that ATECC508A is a good solution to provide a verification process of OEM devices. This verification process is difficult to forge due to the hardware based protection of the private keys of the client.
The following example is only compatible with the SAML11 Xplained pro board and exercises the ARM's TrustZone technology. This technology "creates an isolated secure world which can be used to provide confidentiality and integrity to the system". In other words, TrustZone enables a "secure" and a "non-secure" world to execute trusted and non-trusted code, respectively.
The following image shows the trusted an not-trusted domains enabled by the the TrustZone technology.
Source: https://developer.arm.com/technologies/trustzone
This example is a bit more complex than the first two, because it requires the compilation of two projects under the same Atmel Studio solution. The first project is executed on the trusted domain (secure) and the second one is executed on the not-trusted domain (not-secure). This example shows how the not-trusted application can call code that is executed on the trusted domain. This call take place through specific callable functions exposed by a secure gateway library (libsecure_gateway_veneer.lib), which keep isolated secure resources from not-trusted code. The getting started guide provide excellent step by step instructions to configure, compile and cross-debug this example.
The following figure shows the not-secure code calling a secure callable function exposed by the libsecure_gateway_veneer.lib. Check that the argument passed to the callable secure function is "1".
The following function shows the wrapper function on the TrustZone venner library, and the received argument "1" coming from the not-secure code execution..
This last image show the implementation and execution of the called function on the secure domain. Check that the final operation is 1 + 3 as expected, but this time we are in the main file of the secure application.
), and the Atmel Start is a very helpful configuration/development tool.
