Microchip enhances TrustMANAGER platform

Author: Joe Peck

International cybersecurity regulations continue to adapt to meet the evolving threat landscape. One major focus is on outdated firmware in IoT devices, which can present significant security vulnerabilities.

To address these challenges, Microchip Technology, an American semiconductor manufacturer, is enhancing its TrustMANAGER platform to include secure code signing and Firmware Over-the-Air (FOTA) update delivery as well as remote management of firmware images, cryptographic keys, and digital certificates.

These advancements support compliance with the European Cyber Resilience Act (CRA) which mandates strong cybersecurity measures for digital products sold in the European Union (EU). Aligned with standards like the European Telecommunications Standards Institute (ETSI) EN 303 645 baseline requirements of cybersecurity for consumer IoT and the International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 security of industrial automation and control systems standards, the CRA sets a precedent that is expected to influence regulations worldwide.

Microchip’s ECC608 TrustMANAGER leverages Kudelski IoT’s keySTREAM Software as a Service (SaaS) to deliver a secure authentication Integrated Circuit (IC) that is designed to store, protect, and manage cryptographic keys and certificates. With the addition of FOTA services, the platform helps customers securely deploy real-time firmware updates to remotely patch vulnerabilities and comply with cybersecurity regulations.

“As evolving cybersecurity regulations require connected device manufacturers to prioritise the implementation of mechanisms for secure firmware updates, lifecycle credential management, and effective fleet deployment, the addition of FOTA services to Microchip’s TrustMANAGER platform offers a scalable solution that removes the need for manual, expensive, static infrastructure security updates,” says Nuri Dagdeviren, Corporate Vice President of Microchip’s Security Products Business Unit. “FOTA updates allow customers to save resources while fulfilling compliance requirements and helping to future-proof their products against emerging threats and evolving regulations.”

Further enhancing cybersecurity compliance, the Microchip WINCS02PC Wi-Fi network controller module used in the TrustMANAGER development kit is now certified against the Radio Equipment Directive (RED) for secure and reliable cloud connectivity. RED establishes strict standards for radio devices in the EU, focusing on network security, data protection, and fraud prevention. Beginning 1 August 2025, all wireless devices sold in the EU market must adhere to RED cybersecurity provisions.

By incorporating these additional services, TrustMANAGER – governed by keySTREAM – tackles key challenges with IoT security, regulatory compliance, device lifecycle management, and fleet management. This solution is designed to serve IoT device manufacturers and industrial automation providers.

For more from Microchip, click here.