Product Highlights > Secure Embedded MCU Solutions with Microchip

Embedded security for every engineer

Supporting your journey toward secure, compliant embedded designs.

Security is no longer optional, but getting there doesn't have to mean starting over. Microchip is committed to supporting engineers on their journey toward secure, compliant-embedded designs. We offer a range of MCU families and partner tools to help meet you where you are, whether you're retrofitting an existing design or building a new product from scratch.

For engineers with existing hardware, select supported MCUs, including devices from the SAM D51, SAM E5x, PIC32CM LS60, PIC32CM LS00, PIC32CK SG, PIC32CZCA90 and PIC32CX SG61 series—can be paired with IAR Embedded Trust to enable software-based secure boot and signed firmware updates without redesigning your hardware. Your board stays the same. Your schedule stays intact. And your journey toward regulatory compliance starts with a firmware update.

For new designs that require a higher level of assurance, Microchip provides a range of MCUs—including the PIC32CM SG00—purpose built for security from the ground up. It combines Arm® TrustZone® for ARMv8-M with an on-chip Hardware Security Module Lite (HSM-Lite) ,delivering hardware-enforced Secure and Non-Secure partitioning, Anti-Tamper detection, TrustRAM for tamper-resistant key storage, and cryptographic acceleration for secure boot, TLS, and encryption. The PIC32CM SG00 also supports IAR Embedded Trust for software-based secure boot and signed firmware updates, giving you both the hardware-backed foundation and the software-based security tools to help meet your compliance requirements.

Your solution
Develop with your preferred ecosystem
IAR Embedded Trust
Getting started

Your secure MCU solutions portfolio

Microchip’s secure MCU portfolio supports your security journey at every stage, from software-based secure boot on existing hardware to hardware-backed root of trust architectures for higher-assurance designs.

All devices below are available on Digi-Key and supported by MPLAB® tools, including MPLAB X IDE and MPLAB Extensions for VS Code. Select devices support IAR Embedded Trust for software-based secure boot and signed firmware updates.

Start here: Software-based secure boot with IAR Embedded Trust

These devices enable secure boot and signed firmware updates using IAR Embedded Trust, without requiring a hardware redesign.

SAM D51 family

Excellent high-performance all-rounder

Example device: SAMD51J19A
Cortex-M4F, 120 MHz, 512 KB Flash, 128 KB SRAM

Dual-bank Flash with ECC for data integrity
8-zone MPU
Rich peripheral set for industrial and consumer designs
IAR Embedded Trust support for secure boot + signed and encrypted updates

SAM E5x family

Connectivity and processing powerhouse

Example device: SAME51J20A
Cortex-M4F, 120 MHz, 1 MB Flash, 256 KB SRAM

Ethernet MAC + CAN-FD
USB 2.0 + QSPI + 12-bit ADC
Designed for connected industrial applications IAR embedded trust support for secure boot + signed and encrypted updates
IAR embedded trust support for secure boot + signed and encrypted updates

PIC32CMLS60Family

Low power with TrustZone, Best-in-class security in a familiar package

Cortex-M23, Arm® TrustZone® for ARMv8-M

Ultra-low power operation
Integrated secure element (ATECC608-TrustFlex CryptoAuthentication™ chip)
Cryptographic accelerator supporting multiple algorithms
Capacitive touch support
IAR Embedded Trust support for secure boot + signed and encrypted updates

PIC32CM LS00 family

Accessible cost-optimized secure designs

Cortex-M23 Arm® TrustZone®

Ultra-low power
Secure boot support
Cryptographic accelerator supporting multiple algorithms
Secure communication channels using secure pin multiplexing
Capacitive touch integration
IAR Embedded Trust support for secure boot + signed and encrypted updates

PIC32CX SG61 family

Security for smart energy and industrial IoT

Cortex-M4F dual-core with TrustZone

Multi-protocol wireless + PLC options
Integrated Hardware Security Module (HSM)
Designed for smart grid and industrial IoT
IAR Embedded Trust support for secure boot + signed and encrypted updates

Hardware Root of Trust: Higher-Assurance Architectures

For applications requiring hardware-enforced key isolation and immutable root of trust, Microchip offers MCUs with integrated HSM or HSM-Lite architectures.

These devices support hardware-backed secure boot, protected key storage and advanced tamper resistance, and also support IAR Embedded Trust for signed firmware updates.

PIC32CM SG00 family

Designed and built for essential security

Example device: PIC32CM5112SG00

Cortex-M23, 72 MHz, 512 KB Flash, 32 KB SRAM

Hardware Security Module Lite (HSM-Lite)
Arm TrustZone secure / non-secure partitioning
TrustRAM for tamper-resistant key storage
TRNG + crypto acceleration
Anti-tamper detection
CAN-FD + USB FS
IAR Embedded Trust support for secure boot + signed and encrypted updates

PIC32CZ CA90 family

Secure high-performance for automotives and industry

Cortex-M7 up to 300 MHz

Designed for smart energy, metering and industrial control
Advanced cryptographic acceleration
Secure boot and secure debug capabilities
Hardware-enforced isolation
IAR Embedded Trust support for secure boot with signed and encrypted firmware updates

PIC32CK SG family

Competitive advanced connectivity and security

Cortex-M33 with TrustZone

Integrated Ethernet, CAN-FD and connectivity peripherals
Secure key storage and crypto acceleration
Designed for connected industrial and IoT applications

SAM L11 family ultra-low power with TrustZone

Chip-level security on ultra-low power

Cortex-M23 with Arm TrustZone

Secure and Non-Secure partitioning
Built-in cryptographic accelerator
Secure communication channels through Secure pin multiplexing
Integrated secure key storage
Ultra-low power designs

MPLAB® Tools for VS Code brings the full Microchip toolchain inside Visual Studio Code, supporting the PIC32CM SG00, SAM D51, SAM E51, PIC32CMLS60, PIC32CMLS00, PIC32CZCA90, and PIC32CX SG61. Whether you're building a new hardware-backed security design on the SG00 or adding software-based security via IAR Embedded Trust to an existing design, MPLAB Tools for VS Code has you covered. Lightweight installs, modern editing, and the same debugging power you rely on.

Get MPLAB for VS Code

VS Code Marketplace

List of users
Lightweight & fast LSP-based code intelligence, real-time error checking, go-to-definition, and smart autocomplete. No heavy IDE overhead.	Full debug support PICkit™ 5, ICD 5, SNAP, and CMSIS-DAP integrated into the native VS Code debug toolbar.
MPLAB AI coding assistant A free, Microchip-trained build of the Continue extension. Fewer hallucinations than generic AI tools, in-editor datasheet access, autocomplete, and code generation.	Import in 5 clicks Already have an MPLAB X project? Import into VS Code using the MPLAB Project Importer Extension, no manual migration needed.
MPLAB code configurator Graphical peripheral config and Harmony v3 support, set up TrustZone and peripherals without low-level register code.	Cross-platform Windows, macOS, and Linux; the same free toolchain on every workstation. No per-seat licensing complexity.

IAR Embedded Trust — The bridge to software-based security

Microchip has partnered with IAR to provide engineers a practical, proven path toward regulatory compliance, without a board respin. IAR Embedded Trust delivers integrated secure boot and firmware signing workflows that work with supported devices in the SAM D51, SAM E5x, PIC32CM LS60, PIC32CM LS00, PIC32CZ CA90, PIC32CX SG61 and PIC32CM SG00 series.

This is your starting point on the security journey. Your existing investment is protected, and your path toward a more secure, compliant design can begin with a software update.

For devices that also integrate hardware security features, such as HSM or HSM-Lite with TrustZone® support, IAR Embedded Trust complements the on-chip capabilities by providing standardized firmware signing and update workflows alongside the hardware root of trust.

IAR understands your supply chain and provides end-to-end security solutions. By bringing completed development into a secure product package, IAR Secure Deploy enables secure provisioning, device lockdown, and unique device identity management to protect your product and support a secure lifecycle aligned with CRA requirements.

We partner with leading IC programming and manufacturing service providers, including Data I/O, EPS Global, Hi-Lo Systems, System General and Celestica, to build a secure end-to-end supply chain ecosystem that maximizes embedded security from development through mass production.

See how IAR Embedded Trust supports CRA readiness

WHY ENGINEERS CHOOSE IAR EMBEDDED TRUST

No hardware changes, use the board you already have
Software-based secure boot and signed firmware updates
Secure Boot Manager (SBM) with immutable boot verification and cryptographic validation
Authenticated updates with anti-rollback protection
Active IP protection against cloning and firmware theft
Supported path toward CRA and emerging regulatory requirements
Aligned with ETSI EN 303 645, IoT Cybersecurity Improvement Act, PSTI Act, and EU Cyber Resilience Act requirements
Clear audit documentation to support compliance discussions
Faster time to security than a full hardware redesign
SESIP Level 1 certified Secure Boot Manager (SBM) for additional assurance and transparency

WHEN TO CHOOSE MCUs WITH HARDWARE ROOT OF TRUST

Your design requires hardware-backed assurance beyond software-only protection
Cryptographic keys must be isolated in a secure hardware boundary
Increased resistance to physical tampering or advanced attack vectors is required
You are starting a new design and want security architected in from day one
You need an immutable root of trust enforced in silicon
You require hardware-enforced key storage combined with secure provisioning at scale

Explore how IAR Embedded Trust secures your embedded application

Book a demo

MICROCHIP + IAR PARTNERSHIP

Together, Microchip and IAR provide a supported, documented path toward a secure product lifecycle via immutable secure boot and security updates with signed, encrypted firmware across supported Microchip MCU platforms, from software-based implementations tied to hardware-backed root-of-trust architectures.

Security is integrated across development and production: from Secure Boot Manager (SBM) and authenticated firmware updates to secure provisioning with IAR Secure Deploy.

Full integration guides, example projects and certification documentation are available to accelerate deployment.

Learn more about the Microchip and IAR partnership

Understanding the Cyber Resilience Act

Requirements of the CRA and how Microchip security solutions can help support them.

Secure solutions for CRA compliance: Microchip's home page for all things CRA-related: regulations, products, and resources

Microchip's home page for all things CRA-related: regulations, products, and resources.

Safety & security courses

Full library of security-focused courses at Microchip University: Cryptography Primer, Authentication, and more.

Introduction to cryptography

ECC256, SHA256, AES128, HMAC, CMAC, RSA; key concepts for secure embedded design.

Cyber regulations & business risk

Legislative landscape, cyber product design requirements, and threat modeling for embedded engineers.

The foundations of Embedded Security

Master the strategies to protect your systems against evolving cyber threats.

The straight way to secure device software applications

Learn how to secure embedded devices by integrating secure boot, Root of Trust, and secure coding practices.

Briggs & Stratton - The electrification challenge

A global leader in engine production and power solutions faced the challenge of evolving electrification while maintaining its legacy of engineering excellence.

DevSecOps to device: Seamless code signing & secure provisioning with IAR and Keyfactor

Learn how IAR Embedded Trust, IAR Secure Deploy, and Keyfactor’s code signing and PKI create a seamless, end-to-end workflow that bridges development and the factory floor.