Nordic is a very high volume supplier of BT chips for consumer applications, but is getting crushed by a wave of very low cost Chinese competitors. Among the western chip companies, they are the ideal candidate for RISC-V adoption. I'm very curious to see what TI is planning for RISC-V as they begin to seriously engage in the low cost general purpose microcontroller market for the first time.
> "getting crushed by a wave of very low cost Chinese competitors"
That's an odd way of spelling "maintaining a stable market share in the face of Chinese competition".
Going forward, IoT security is going to be an increasingly important factor for new designs. The EU is quite serious about combating security problems with IoT devices. And security is something that the new products coming out of Nordic is very serious about.
I don't think many big, serious device manufacturers are willing to risk being the target of the first catastrophic IoT attack just to save some pennies on a dirt cheap Chinese design, with some poorly verified RISC-V core thrown in with a power hungry Bluetooth radio.
ARM TrustZone is not something the RISC-V ecosystem has a clear standardized answer to yet. So I think that's a reason why ARM will keep its role as the main application processor in high-end BT/Thread chips for the next several years.
Having bought a few hundred thousand Nordic chips I can assure you they don’t care about security in a meaningful sense.
All Nordic chips are susceptible to bootloader attacks which make them a poor choice for storing key material. This can be mitigated in the design phase by adding an external security chip like a ATECC608B but if you were to tear down a device and see a board present without this module it certainly will have other vulnerabilities too.
Having worked extensively with both Nordic and Chinese chips, what makes Nordic win is the ease of development - they are by far the best in market when it comes to programmability. Hands down.
The security problems have been known since the NRF51 and despite that those vulnerabilities were carried over into the NRF52 because the cost of validation of chip designs is so prohibitive they did not want to touch it and filed the “oh some random person can extract the entire contents of the chip” bug as “won’t fix”. They are baked into a silicon ip core and can’t be fixed with a software update.
As for RISC-V, there are some amazingly innovative and brilliant alternatives to TrustZone presented at the conference but I suspect Rambus may block innovation here using their position on the board (and chairing the security standing committee) in favor of their own (patented) solutions using an embrace, extend, extinguish strategy.
>Having worked extensively with both Nordic and Chinese chips, what makes Nordic win is the ease of development
This seems to be the norm for Chinese chips in general.
Poor documentation, even in the native Chinese, no official dev boards, sometimes no JTAG debuggers, random bugs, just a whole lot of bullshit to deal with as a foreign developer.
I suspect it might be a cultural thing; developers are less prone to pouring over data
sheets and more prone to asking their friends/colleagues to introduce them to someone who works at one of the microcontroller companies. (This is just a hunch, and I could be completely wrong.)
>I suspect Rambus may block innovation here using their position on the board (and chairing the security standing committee) in favor of their own (patented) solutions using an embrace, extend, extinguish strategy.
RISC-V members have to sign an agreement when they join, which has clauses to prevent this sort of situation.
The security issues also cause inconvenience, e.g. the later revisions of the nrf52 needing either a recover operation or updated firmware (the hack of flashing a default bootloader in recovery mode that disables security is...interesting).
That aside, Nordic still seems the best choice out there though quite a lot of features are leveraging the ARM ecosystem. RISC-V involvement is possibly toe in the water stuff/de-risking from ARM ("who owns them today?"). The recent big switch in SDK's (nrfSDK to Zephyr) wasn't teribly welcome, so the possiblility of another one is not welcome (if there was an approximately equal competitor with more stability we'd jump ship).
"I don't think many big, serious device manufacturers are willing to risk being the target of the first catastrophic IoT attack [..]"
You must be kidding, right? It's not that they would have cared much in the past. Now, I would be the first to celebrate a change in that regard, but it's just not the world we live in now.
> I don't think many big, serious device manufacturers are willing to risk being the target of the first catastrophic IoT attack just to save some pennies on a dirt cheap Chinese design, with some poorly verified RISC-V core thrown in with a power hungry Bluetooth radio.
The small budget OEMs will save some pennies on a dirt cheap Chinese design. The big, serious device manufacturers will do the design themselves by starting with an open reference design and making some minor modifications that suit them, then pay someone to fab it because they're shipping millions of units. Who does that even leave?
> ARM TrustZone is not something the RISC-V ecosystem has a clear standardized answer to yet.
This has almost nothing to do with IoT security, if not being directly opposed to it as a thing used to prevent people from installing custom firmware on devices the OEM fails to support.
The #1 problem in IoT security is OEMs that release a device which they neither patch nor allow anyone else to patch. And the first can't be a solution for small OEMs because they go out of business, so the only way to actually fix it is to have devices that users can update with third party firmware. For which the lack of ARM TrustZone is an advantage, since it's often used to prevent this.
Every IoT device already uses esp chips, that's the only reason they can afford to make them. Them being low security doesn't matter, it's not like smart homes are secure now. Security is not important to IoT devices.
It is up to the manufacturer to implement it, most esp devices like 8266 and 32 have weak security firmware, are easily hackable (benefit to me). Most don't have security in mind and don't get security updates.
The new ESP32 models coming out, especially the RISC-V models, all have security features like Flash encryption and hardware cryptography modules. Unfortunate for those who like to reflash consumer devices.
It's beyond most people's ability, equipment and effort threshold to order 1 chip from digikey (how much is delivery on that $1?) and replace a QFN package.
Most people aren't going to be tearing down consumer goods and reflashing the firmware.
If someone wants to get a hot air station and a bunch of $1 chips and reprogram their own devices, it would cost them less than a hundred dollars, 150 tops.
Anyone can learn any skill. If you can draw anything recognizable, you can do electronics.
That's not true anymore. There was a shift to Beken Chips a year or two ago so a lot of your Amazon WiFi iot stuff uses that now (Tuya and Tasmota). Check out OpenBeken. I can't find much info on it but thinking it's cheaper than esp's probably more similar to esp8266 than esp32. Espressif chips are much more secure nowadays compared to the esp8266 days.
Isn't TrustZone inherently evil, though? Isn't its main use to let the megacorps trust that your device won't do what you want and will keep secrets from you?
I can't tell if this is sarcasm. TrustZone is a technology for resource isolation. At an extremely high nontechnical level, it's conceptually similar to memory protection.
The problem with TrustZone is that control of it always resides with a megacorp and never with the owner of the device. It's not that it isn't security at all, but rather that it's security against the owner.
Note that the Raspberry Pi does not have a full TrustZone implementation to protect secure mode memory, etc. But it is a widely available device with good documentation and allows developers to experiment with and learn about the basics of TrustZone architecture.
OTP and e-fuses are also evil. Devices should never be forced to become e-waste over them being set "wrong". There should always be a factory reset option that clears everything.
Why would that require fuses? You store the firmware in flash, which can be updated to a newer version, restored to the original version or replaced entirely with third party firmware by the device's owner if the OEM fails to patch it, e.g. because they go out of business.
What are you talking about? TrustZone is an ISA feature which lets you mark certain pages as "secure only". Compliant devices with SMMUs should not allow any access to these pages except when initiated by the secure world. It's not some big evil plan by Arm. It's up to vendors how they use it. Many just use it for key storage and verifying biometric data so that even a compromised kernel can't trivially steal the most sensitive data on a device.
If you start building your own hardware and/or buy devices with unlocked bootloaders, you can load whatever you want in EL3 to play with TZ. This isn't a problem with TZ.
Unless things have changed recently, Nordic is still king of low power applications.
With that being said, I've worked with both the Nordic NRF SDK and the Espressif SDK and greatly preferred Espressif.
For doo-dads that I make for my home, esp32 and esp8266 are fantastic. The modules are inexpensive and the community is huge. I would not want to be in Nordic's shoes right now.
It's easy for us hobbiests to forget that all the spare do-dads we have floating around our workbench aren't even a drop in the bucket compared to the number of chips bought by a single manufacturer for a single model of a kitchen blender.
We matter a little and can be somewhat of an indicator sometimes. Right up until we don't. A lot of times what matters to us just doesn't apply at scale.
But these kinds of things also seem to follow a tech playbook, cheap parts show up, lots of hobbyist, small companies, etc start using them in low volume applications. They work out the bugs, and the newer competitors parts keep getting better. The existing big company doesn't care because, as someone else pointed out they are maintaining a stable volume/revenue.
Only, in the tech industry that's almost always a bad sign, the competitors are winning new designs that haven't yet really started to ramp, while the existing vendor is coasting on the current device using their parts. Then what happens is they get stuck in a declining revenue/volume situation while the newer cheaper better competitor slowly eats the market, and at that point investing in a "dying" product just about never happens.
There are actually 2 Nordic SDKs, nRF5 (now in maintenance, but still in many supported products in the field) and nRF Connect (bundled with Zephyr).
Later gives a lot of access to both Host and Controller part of the stack and for commercial products that are not simply flipping a lightbulb it is still a standard.
ESPs are good for quick hacks and more competitive with Nordic if low power is not an imperative.
I've only used the nRF5 SDK. It worked, and it worked well, but it was cumbersome to work with if you didn't want to keep your code in the same tree as the the SDK itself. This was probably an organizational issue on my part, honestly.
The other thing which really bit me was someone here used a symbol name which collided with one used in the SDK, but the build system allowed this to link without error.
nRF5 is indeed inferior SDK of the 2 (thus abandoned). Also I dislike that a big chunk of the stack there is a binary blob.
Regarding the code organization, not sure what toolchain you used, but the latest recommendation for nRF5 (Segger studio) could make it fairly easy to do this, but manually opening the project config files and changing them, not through the GUI.
nRF Connect is a different world, comes with a lot more options, some really rooted in Zephyr OS, some lessons learned from the prior SDK.
And if you're familiar with Linux build configuration system, that is basically what Zephyr brings to the table (comes from Linux foundation).
But yeah all that flexibility comes as a penalty when you want simple stuff, compared to ESP32-Sx
> nRF5 is indeed inferior SDK of the 2 (thus abandoned). Also I dislike that a big chunk of the stack there is a binary blob. Regarding the code organization, not sure what toolchain you used, but the latest recommendation for nRF5 (Segger studio) could make it fairly easy to do this, but manually opening the project config files and changing them, not through the GUI.
Yes, I ended up editing the .emProject files by hand. It worked, but it felt like I was doing something wrong. I assume that you are referring to the soft device blob? Has that been abandoned in nRF Connect?
There is a Zephyr BLE stack that can be used as well as a SoftDevice stack but SoftDevice isn't a huge binary anymore, much more modular to save code space.
> I assume that you are referring to the soft device blob? Has that been abandoned in nRF Connect?
Quite, yes. They took the ZephyrOS approach, but it comes with a learning curve penalty, unless you go the easy route of nRF Connect GUI. In that case you do have some limitations of how you organize the code base (so that the GUI works), but even that is miles ahead in configuration compared with to the nRF5 SDK + Segger Studio.
I have been out of this area for almost a decade now, but I have very fond memories of the nRF5 SDK. When I was evaluating the (then new) Nordic BLE SoC's for future products it was so much nicer than the TI CC2540 we had used in our first BLE device.
No amount of symlinking can fix this, and there's a lot of these files. Maybe copying an example project is not the right way to do things.
The link issue was, I think, the result of what Nordic does with weak symbols. I don't recall the symbol name, but it was something which caused very unusual results.
Regarding LoC tallies, I often try to minimize mine. :-)
If you're using segger, a quick find-and-replace will take care of that (ditto GCC Makefiles). Must admit that when I started with nrf52 SDK, I too used thge embed-the-application-inside-the-SDK approach. Pretty soon that got cumbersome, so I switched to the softlink approach. The exact approach is to store the SDK somewhere, create a softlink to it in the project directory and have the project files/makefiles use that instead.
I am not an engineer and have not dealt with the chinese suppliers directly, but my understanding is that their software, support, and documentation have gotten much better. And they are very very cheap because they use RISC-V and/or inexpensive Chinese alternatives to TSMC.
Maybe the quality of the Chinese competitors is/was worse but ESP32 and its predecessor have completely taken over the cheap BLE/WiFi segment by simply flooding hobbyists and students with ultra-cheap devkits.
Maybe something the Western competitors should learn from.
You can get started with esp32 for $5. Nordic devkits are more expensive, and going past that requires a JTAG programmer, which is an expensive option for hobbyists and students.
It's not surprising that they have taken off like they have. Initially it was because it was inexpensive, but now the community is huge and that is a very attractive selling point.
You can get a BBC micro:bit with Nordic SoC for $15
Not exactly $5, but not very expensive either
There's also a decent growing community around them
You've also got the nRF52 USB dongle which seems similar to those cheaper ESP32 kits, for around $10.
> and going past that requires a JTAG programmer
No, the official Nordic devkits comes with a built-in debugger. Same for micro:bit. It's just plain USB.
That said, I do think Nordic could be better at penetrating the hobbyist/student market. I think one problem is the lack of a combined BT/WiFi chip.
I think once Zephyr becomes more mature and there's more tutorials/guides around it, a good BT+Thread+WiFi solution from Nordic could become very popular. Zephyr is a bit hard to get into, but incredibly powerful once you get used to it.
> No, the official Nordic devkits comes with a built-in debugger. Same for micro:bit. It's just plain USB.
Right, the devkits can do this. If you want to go past that, like making your own PCB with a NRF52 on it you need JTAG, which is not a requirement for esp32.
Maybe the NRF52 has some sort of ROM serial loader that I've missed though.
It’s actually possible to use the debugger on the NRF dev kits to flash/debug custom PCBs with NRF chips. So a separate (more expensive) JTAG debugger is in fact not required.
Yes nrf dev boards have an on board j-link, and Nordic provides instructions on how to turn the board into a programmer. Their licensing with segger explicitly allows this as long as you use it for other Nordic devices. Much cheaper than a standalone j-link.
You can load Black Magic Probe firmware on a bluepill and have JTAG for about $2. I also ported it to nRF52840 if you have an extra dongle laying around. Or esp8266 for debugging over wifi (wireless JTAG is super useful sometimes.)
Segger has been really successful at marketing "JTAG == JLink" but it is just not true.
GDB options for debugging/flashing can be had for sub 10eur, Segger is not mandatory. Moreover, the onboard Segger of the devkit can be used externally on Nordic MCUs in custom products and is covered by the licensing agreement between Nordic and Segger for this usecase.
For $9.90 you get a Seeed Xiao NRF52840[1] board with Arduino support. In sleep mode it consumes just 1µA. In my spare time I'm building smart locks with these that last for up to 2 years with a CR123 battery. Recently I switched from Arduino to the nrf Connect SDK and a tiny nrf52832 board that cost just 4$ on AliExpress. Works like a charm.
With SWD and a Tag-Connect connector[1]. I watched someone on youtube recommend it due to the small space and low profile. You can use the VSCode NRF Connect SDK plugin (coupled with Jlink or NRF52 dev kit) to flash the device. But of course you can just use USB und copy a generated .hex file directly on the device. I use SWD because its faster to flash many boards by just pressing the pogo pins on the connector pad. Boom done. :)
Definitely! And make sure to sell to consumers too if you want to compete.
Anecdotal, but I wanted to build a 3D printer, most parts are simply not available in the EU if you are normal person. Even stuff like hex-bolts and t-nuts are impossible to source in the EU outside of specialty webshops where the markup is 2000%.
Do you not have anything like Home Depot/Grainger/McMaster-Carr in the EU? A quick check shows 3/8"-16 T-Nuts are $10/10, $15/50, and $33/100 respectively, with the first two available within a 15 minute drive of my location in the US.
The small local hardware store near me is great for common things like M3+ screws, but understandably doesn't stock slightly exotic items like M1.6 threaded inserts. There's larger e-shops that sell those, though I can't speak to the markup. Larger parts are generally easier to find.
They don't exactly make their own Bluetooth stack yet, e.g. the one chinese RISCV board I have seen used IP from RivieraWaves (made in France & Israel):
At the end of the day, 2.4 GHz frontends can be done in the same silicon process that makes your SoC and the antenna needs to be nothing more than a PCB trace, so what on earth was going to save Nordic from competition?
They have excellent documentation, and their register-level APIs are relatively high level.
Most of their chips fall into this or a related niche: good-enough computating and IO capabilities with RF for battery-powered devices. If I were to build something like this, they'd be my top choice.
I wish they would move away from the third-party suppliers for making their integrated modules. So you could buy a 'nRF-53 module with antenna' instead of browsing third party websites.
Speaking of competing with China: A Wi-Fi-capable Nordic chip is a glaring omission in their lineup. Give Espressif some competition!
There is a companion chip, the nRF7002 which supports Wi-Fi. Not integrated into a SoC though but probably way lower power consumption than an ESP. Not sure on the difference in performance between the two competitors Wi-Fi solutions
> getting crushed by a wave of very low cost Chinese competitors
Not in my experience. Reputable chipmakers are as important as they ever have been. "Westernized" supply chains are a selling point to investors.
Regardless, Nordic leads the space because their firmware libraries are best-in-class, and their documentation and support are least-terrible-in-class. The hardware has never been the most sophisticated (or the cheapest) in the segment. ex: until the nRF5340 came out, SiLabs blew them out of the water architecturally, but SiLabs' development tools are a tire fire so it doesn't matter.
