TES⩓IoT Platform

Who Benefits Features Architecture Firmware Stack Use Cases Security Contact

Enterprise-grade Security for AIoT

Empowering AIoT with
Zero‑Trust Cybersecurity

Build, secure, and scale IoT & Edge AI workloads, from device identity and TLS 1.3 to streaming analytics and data pipelines. Designed for regulated industries and mission‑critical systems.

TLS 1.3 • PKI • Vault

Zero‑copy Edge

4‑Tier PKI

Low‑latency MQTTs

AIoT Foundation Platform

Security by Design

ETSI EN 303 645 Cybersecurity Compliance

Secure AIoT Connectivity

MQTTs & HTTPs (Server-TLS & mTLS)

Smart Data Schema & Industrial Domains

Validation and Live Telemetry

ETL for Edge AI

Data Labelling for Edge AI Inference

Digital Twin

AI Agents and Real-time Product Design & Development

Live Telemetry

Auth. & IoTS Chip

Cyber-Physical Systems

CLS-Ready IoT Product

TESAIoT Overall · Zero-Trust AIoT end-to-end

See it in action · Digital Twin

From secure onboarding to a live Digital Twin

Provision devices, stream telemetry, and bring products to life with AI Agents and real-time Digital Twin. All on the TESAIoT Foundation.

Digital Twin · AI Agents & real-time product design

Who Benefits from TES⩓IoT Platform?

Accelerating Thailand's IoT ecosystem to meet global markets and cybersecurity standards

IoT Product Designers

Skip 3-6 months of security implementation
Pre-integrated PKI, mTLS, and device management
Focus on product innovation, not infrastructure

Platform Providers

White-label ready for industry verticals
Proven architecture handling millions of devices
Healthcare, Smart City, Industry 4.0 templates

Investors & VCs

De-risked IoT investments with proven tech
70% faster time-to-market for portfolio companies
Built-in compliance for global expansion

Cybersecurity Policy Makers

ETSI EN 303 645 & ISO 27402 compliant
National IoT security framework ready
Zero-Trust architecture as standard

Engineering Students

Learn production-grade IoT architecture
Free tier for academic projects
TESA certification pathway included

Startups & Enterprises

From MVP to scale without re-architecting
Enterprise SLAs and 24/7 support
Multi-tenant ready with cost optimization

Key Capabilities & Architectural Strengths

Security‑first foundation, analytics by default. Built for production AIoT.

Security‑First Design

PKI with automated certificates, HSM integration, and zero‑trust model.

Compliance‑Ready

RBAC, GDPR/PDPA flows, CLS-Ready (ETSI EN 303 645).

MQTT QUIC

Next-gen transport with 0-RTT, connection migration, multiplexing.

BDH AI

Knowledge management with RAG, embedding vectors, and AI agents.

Authentication Modes

Server-TLS

Username and password authentication. Ideal for simpler deployments.

mTLS

Digital certificates for both device and server. Enhanced security with mutual authentication.

OPTIGA™ Trust M

Hardware-based onboarding with Infineon factory certificate, protected update for TESAIoT credential rotation.

Product Model Store

3D Model, Product Industrial Design and Immersive & Interactive Digital Twin.

Edge AI Dashboard

Real-time telemetry visualization, ETL pipelines, and ML model metrics.

Knowledge Graph

Neo4j-powered relationship mapping for device dependencies and insights.

API Keys

Secure API integration tokens for live data streaming via MQTT/WSS.

Certificate Management

4-Tier

PKI Hierarchy

Auto

CSR & Renewal

HSM

Key Protection

Vault

Secret Engine

Vault PKI

National Root CA & certificate issuance.

Device Mgmt

Lifecycle, fleet ops & edge processing.

RBAC & PDPA

Access control & privacy compliance.

Provisioning

Zero-touch onboarding & configuration.

API Gateway

APISIX multi‑protocol gateway.

TimescaleDB

Time-series analytics & retention.

TES⩓IoT Architecture

Zero Trust Security Flow

End-to-end security with mTLS, PKI, and encrypted data pipelines

Zero Trust Security

mTLS authentication, encrypted channels, and certificate-based identity

Edge AI Ready

Digital twin support, real-time analytics, and ML pipeline integration

High Performance

Low-latency MQTT, optimized data pipelines, and scalable architecture

TESAIoT Firmware Stack · PSoC Edge E84 Series

Inside the TESAIoT Firmware Stack

A production-grade, dual-core real-time firmware stack for Infineon PSoC Edge E84. 60+ public APIs, 41 integrated middleware packages, 6 sensors, 3 displays, 9-DOF sensor fusion, secure boot, and healthcare BLE hooks. Shipped as C source plus prebuilt libraries for CM33-Secure, CM33-Non-Secure, and CM55.

Flash in 60 seconds →View API surface GitHub ↗

TESAIoT VS Code extension — Configurator panel (build + library + peripherals)

TESAIoT VS Code extension — Live Diagnostics (RTOS task table + IPC metrics + sensor stream)

‹›‹›

ConfiguratorLive Diagnostics

60 +

Public APIs

Middleware packages

3 cores

CM33-S · CM33-NS · CM55

Tutorial episodes

Practise examples

TESAIoT Developer Hub · MCU → middleware → web

Every layer of the stack, in one open hub

A single playground that crosses the entire product stack: firmware on the MCU, middleware on the edge, web applications in the browser. Firmware, software, and platform developers learn the shape of each layer, remix any example, and ship whatever comes next. No silo between teams, no re-inventing the interface between them.

Walkthrough · one hub, three layers, three developer profiles

Firmware · on the silicon

RTOS tasks, sensor drivers, IPC between cores, secure-boot chain. For Firmware Developers who live in the MCU and want production-ready scaffolding from day one.

Middleware · on the edge

Connectivity, device identity, BLE gateway, sensor fusion, telemetry pipelines. For Software Developers wiring the device to the cloud without re-implementing the plumbing.

Web · in the browser

Live dashboards, realtime plots, digital-twin views, admin portals. For Platform Developers who ship the surface users actually touch.

Open the Developer Hub →

In the delivery

What arrives in your checkout

The stack ships as a ModusToolbox multi-core application plus three prebuilt static archives, a shared-middleware manifest, and 38 runnable reference designs.

◆ Static libraries

3 prebuilt archives

Ready-to-link, delivered per toolchain variant.

libtesaiot_cm55.a
libcm55_lvgl.a
libalgobsx.a · Bosch BSXLITE

◆ Source modules

26 modules · 60+ APIs

Callable C surface across 3 cores.

CM33-NS · connectivity + fusion
CM55 · DAQ + graphics + touch
SHARED · IPC contract + helpers

◆ Reference designs

38 runnable demos

Not stubs. All flash on the dev kit today.

14 tutorial episodes
24 practise references
15 distinct UX categories

◆ Toolchain + BSP

3 toolchains · 2 kits

Switch without source edits.

GCC_ARM · LLVM_ARM · IAR
KIT_PSE84_EVAL_EPC2 · 7" DSI
KIT_PSE84_AI · 4.3" DSI

Read paths

Four ways in: pick your read

Memfault-style persona routing. Every claim below is verifiable in source.

Firmware Developer

60+ APIs across connectivity, IPC, sensors, UI. Flash in 60 seconds, tune at compile time.

See the API surface →

Technical SI

True dual-core split (CM33-S + CM33-NS + CM55), 46-opcode IPC, 41 middleware integrations.

See the architecture →

Business Owner

Time-to-prototype in days, not quarters. Proven demos: medical gateway, smartwatch, industrial dashboard.

See the killer demos →

Policy Maker

Thai-built · open source · Optiga Trust M secure boot · PSoC Edge enablement for Thai industry.

See the security posture →

Architecture

Three cores. One symmetric IPC bus. Zero context-switch tax

Real-time sensing on CM55, graphics on CM55, secure boot + fusion + cloud on CM33, all wired by a 128-byte, 46-opcode pipe.

Secure

CM33-S

Root of trust · Optiga Trust M · PSA · secure boot chain

Non-Secure

CM33-NS

WiFi · MQTT(s) · AWS IoT · BLE · BSXLITE 9-DOF fusion · CLI

Real-Time

CM55

LVGL 9.5 · VGLite GPU · IMU DAQ · magnetometer · touch

◄── IPC pipe · 46 opcodes · 128-byte payload · dual endpoint (EP1, EP2) ──►

Optiga Trust MHardware root-of-trust

FreeRTOSTunable priorities, prebuilt libs

PSoC Edge E84KIT_PSE84_EVAL_EPC2 · KIT_PSE84_AI

What this buys you

Decoupled jitter. Graphics on CM55 never stalls sensor acquisition, and vice versa. Stock single-core examples can't do this.
Symmetric IPC. cm33_ipc_send_gyro_data(), cm33_ipc_send_fusion_result(), cm55_trigger_scan_all(): send raw, receive typed.
Compile-time tuning. A central configuration header centralises FreeRTOS priorities and stack sizes per task. Override with -DTESAIOT_* defines; no library rebuild.
Prebuilt archives shipped to you. libtesaiot_cm55.a, libcm55_lvgl.a, libalgobsx.a (Bosch BSXLITE 9-DOF fusion), built for GCC_ARM, LLVM_ARM, and IAR.
Two BSPs, one stack. Switch between EVAL_EPC2 and KIT_PSE84_AI with a Makefile target; no source edits.

API surface

60+ public APIs across 7 categories, all C, all grep-able

Organised by responsibility, not by file layout. Every entry below is a real function prototype in the library headers.

WiFi manager

wifi_manager_request_scan()
wifi_manager_request_connect()
wifi_manager_request_disconnect()
wifi_manager_request_status()
cm55_trigger_scan_all()
cm55_get_wifi_list()

IPC pipe · CM33→CM55

cm33_ipc_pipe_start()
cm33_ipc_send_gyro_data()
cm33_ipc_send_fusion_result()
cm33_ipc_send_imu_daq_config()
cm33_ipc_send_mag_daq_config()
cm33_ipc_pipe_send_raw()
cm33_ipc_get_recv_pending()
cm33_ipc_get_send_queue_used()

System init

cm33_system_init()
cm33_system_enable_cm55()
system_register_tick_hook()
cm55_system_init()
cm55_system_register_tick_callback()
+ compile-time priority tuning via defines

Event bus

event_bus_create()
event_bus_subscribe()
event_bus_unsubscribe()
event_bus_publish()
event_bus_destroy()
event_bus_stats()

Sensor fusion · BSXLITE

imu_fusion_init()
imu_fusion_get_status()
fusion_push_imu_sample_from_ipc()
fusion_set_output_mode()
fusion_set_stream_rate_hz()
Returns quaternion · Euler · orientation · calibration state

Sensor DAQ

create_imu_daq_task() BMI270
imu_daq_set_rate_hz() 1–100 Hz
imu_daq_set_enabled()
create_mag_daq_task() BMM350
mag_daq_set_rate_hz()
+ remote rate & enable via IPC

UI · LVGL 9.5 layout

ui_container_clear_style()
ui_fill_parent()
ui_center_in_parent()
ui_pad_xy()
ui_margin_all()
ui_gap()

Display pipeline · CM55

display_init() GFXSS + DC + GPU
cm55_gfx_task()
VGLite GPU · NemaGFX · LVGL 9.5
3 displays · 3 touch controllers wired

BLE pack · IoT gateway

ipc_ble_pack_cmd_empty()
ipc_ble_pack_read_index()
ipc_ble_pack_scan_result()
Generic BLE scan · pair · read · publish
Pluggable GATT-profile handler

Diagnostics

setup_run_time_stats_timer()
calculate_idle_percentage()
cm33_ipc_get_recv_pending()
cm33_ipc_get_send_queue_used()
+ FreeRTOS task introspection table

Security · Optiga Trust M

cy_rslt_t return codes throughout
Secure boot chain · CM33-S → CM33-NS → CM55
TLS 1.3 · mbedTLS · HW-accelerated
On-device CSR · signed OTA · dual-slot
Crypto APIs match mbedTLS signatures

Cloud / IoT · via middleware

MQTT / MQTTs AWS IoT SDK
HTTPs
secure-sockets
core-mqtt · aws-iot-device-sdk-port
wifi-connection-manager

▶ All entries above are exported symbols from the shipped static archives. Link them the same way you'd link any Arm C library.

VS Code Extension · seven firmware lanes

Your entire firmware workflow, inside VS Code

The TESAIoT extension collapses seven firmware tools into one editor panel. Configure the silicon, build the libraries, flash the board, provision the connection, inspect the RTOS, and watch the sensor stream, all without leaving the file you're editing.

Walkthrough · seven lanes · bring-up to realtime plot · one panel

Hardware & Firmware Configurator

Pin mux, clock tree, peripherals, and IRQs. Visual config with live Makefile sync. One panel covers every bring-up decision.

Library Builder

Select modules, pick the toolchain (GCC_ARM · LLVM_ARM · IAR), and produce the three prebuilt static archives per target.

Firmware Builder

Compile CM33-Secure + CM33-Non-Secure + CM55 in one click. Errors navigate straight to the source line in the editor.

Firmware Programmer

One-click flash via KitProg3 / OpenOCD. Secure-boot signature-chain state is visible alongside the flash progress.

Connection Manager

WiFi credentials, MQTT brokers, cloud endpoints, and device identity: set at provisioning time, never hardcoded.

System Inspector

FreeRTOS task table, heap usage, CPU idle %, IPC queue depth. Live, sortable, updated at 1 Hz.

Realtime Visualizer

IMU, magnetometer, environmental and 60 GHz radar streams plotted live. Export CSV for offline analysis.

Sensors & peripherals

Six sensors, three displays, three touch controllers, all wired and ready

Every chip below has a working reader, a matching LVGL presenter, and a tutorial episode that proves the pipeline.

SENSORS

BMI270

6-axis IMU

Accelerometer + gyroscope. Feeds BSXLITE 9-DOF fusion. 1–100 Hz on CM55.

BMM350

3-axis magnetometer

I3C. Hard-iron calibration tracked in imu_fusion_status_t.

DPS368

Pressure · temperature

Barometric + ambient. 8× oversampling. Background-all mode.

SHT40

Humidity · temperature

I²C. Sensirion driver. Comfort-zone presenter bundled.

BGT60TR13C

60 GHz radar

Range-Doppler & spectrogram processing stack (see Edge-AI dashboard).

OV7675

VGA camera

DVP capture stream via CM55 camera_stream task.

PDM mic

Stereo digital mic

Level meter + peak hold + balance. Episode INT-EP06.

BSXLITE

9-DOF fusion

Bosch prebuilt algorithm. Quaternion + Euler + orientation + calibration.

DISPLAYS & TOUCH

DSI 4.3"

Waveshare DSI 4.3"

Default for KIT_PSE84_AI. FT5406 touch.

DSI 7.0"

Waveshare DSI 7"

Default for KIT_PSE84_EVAL_EPC2. GT911 touch.

TFT

EK79007AD3

Parallel TFT option for compact form factors.

ILI2511

Capacitive touch

Third touch controller. Wired, not hardcoded.

Protocol coverage

What the stack speaks, out of the box

Every chip below is pulled via make getlibs. No side-download, no side-license.

Wi-Fi

cy_wcmWHD driverlwIPWPA2 / WPA3wifi-connection-managerwifi-core-freertos-lwip-mbedtls

Bluetooth LE

BTStackbtstack-integrationbt-fw-mur-cyw55513TaiDocOmronAccuChek

Cloud / IoT

TESAIoT SDKMQTTMQTTs (TLS 1.3)HTTPsAWS IoT SDK portcore-mqtt

Security

TESAIoT Trust M SDKOptiga Trust M drivermbedTLSPSA Cryptosecure-socketsHW AES / SHA / RSA / ECC

Buses

I²CI3CSPIUARTUSB CDCSDIOPDM

Graphics

LVGL 9.5VGLiteNemaGFXGFXSS + DC + GPUlib_ui_layout

RTOS

FreeRTOSabstraction-rtosrun-time statsper-task priority config

What's different from ModusToolbox

Ten things no stock ModusToolbox example ships with

Every claim below ships as part of the platform — a callable API, a live service, or a first-class tool.

— 01

True dual-core IPC protocol

46 opcodes, 128-byte payload, dual endpoints (EP1, EP2). Symmetric send/receive, backpressure-aware, sequence-numbered for ordering.

Callablecm33_ipc_pipe_start() · cm33_ipc_send_gyro_data() · cm33_ipc_send_fusion_result() · cm33_ipc_pipe_send_raw() · cm33_ipc_get_recv_pending() · cm33_ipc_get_send_queue_used()

— 02

BSXLITE 9-DOF fusion, calibration-tracked

Bosch prebuilt algorithm. Exposes quaternion, Euler, orientation class, and acc/gyr calibration state, not just "here's raw data".

Callableimu_fusion_init() · imu_fusion_get_status() · fusion_push_imu_sample_from_ipc() Shipslibalgobsx.a

— 03

IoT gateway BLE hooks

A generic BLE-gateway surface: scan, pair, read, and publish any BLE peripheral to your cloud broker. Device-type classification is built into the IPC opcode set, and new GATT profiles register through a single handler callback.

Callableipc_ble_pack_cmd_empty() · ipc_ble_pack_read_index() · ipc_ble_pack_scan_result()

— 04

Semantic UI layout library

ui_pad_xy(), ui_gap(), ui_center_in_parent(), ui_fill_parent(). Eliminates 80% of LVGL boilerplate.

Callableui_container_clear_style() · ui_fill_parent() · ui_center_in_parent() · ui_pad_xy() · ui_margin_all() · ui_gap()

— 05

Thai-language first-class support

Noto Sans Thai rendering + a shipped working example. No patching required. Thai industry gets a stack that speaks their language natively.

ShipsNoto Sans Thai font · LVGL font pipeline preconfigured

— 06

Production WiFi manager

5-state machine (IDLE→CONNECTING→CONNECTED→RECONNECT_WAIT→ERROR). Exponential retry 1s→5s→15s→60s. NVM + CRC32 + ping watchdog.

Callablewifi_manager_request_scan() · wifi_manager_request_connect() · wifi_manager_request_disconnect() · wifi_manager_request_status()

— 07

Cross-domain demos on one stack

Medical gateway · industrial dashboard · smartwatch · motion radar · Pong · Flappy · sensor fusion. All from the same 60+ APIs.

Ships38 runnable reference designs · 15 categories

— 08

OPTIGA Trust M middleware · CSR to Protected Update

End-to-end trust management. On-device CSR via Optiga, CA signing, cert provisioning, then signed-OTA delivery with dual-slot rollback. One middleware covers the full trust lifecycle.

Callablecsr_request() · protected_update_begin() · protected_update_apply() · dual_slot_rollback() Shipstrustm middleware + protected-update service

— 09

TESAIoT Configurator & Diagnostics · live in VS Code

Configurator (pin mux, peripherals, clock tree) and live diagnostics (RTOS task table, IPC queue depth, sensor streams) both drive the board in real time from the VS Code editor. No separate tool, no external log viewer.

ShipsTESAIoT VS Code extension · live-link protocol · Configurator + Diagnostics panels

— 10

TESAIoT Digital Twin · hardware-synchronized in real time

A 3D model of the board mirrors the physical device in real time: orientation, sensor readouts, peripheral state. Drive the model from the board for visualization, or drive the board from the model for HIL testing.

Ships3D model assets · twin sync bridge · bi-directional HIL adapter

Tutorials · 14 episodes · 38 examples

Learn by building: every episode is a working firmware image

Two 7-episode arcs plus 24 practise examples. All runnable tutorials on KIT_PSE84_AI.

Tutorial · WiFi

Final WiFi Manager

Scan → profile save → auto-connect → exponential retry → ping watchdog. Enterprise WiFi provisioning as a reference design.

state machineNVM · CRC32

Tutorial · Integration

SensorHub Final

Five sensors + stereo mic on one 60 fps dashboard. I²C + I3C + PDM + SDIO scheduled under FreeRTOS. The most complex reference.

5 sensorsmulti-task

Tutorial · Motion

BMI270 Radar View

6-axis IMU projected to a polar radar scope with 64-point trace. Raw accel/gyro becomes a visual you can feel.

polar plotreal-time

Reference · Fusion

9-DOF Sensor Fusion

Complementary-filter AHRS: accel + gyro + mag → roll / pitch / heading. Production orientation in under 500 lines.

AHRSBMM350 heading

Reference · Industrial

Industrial Dashboard

Four live sensor cards + rolling chart + FreeRTOS stats. A drop-in reference for gateway / plant-floor HMI.

industrialsystem stats

Reference · Graphics

Space Shooter

Entity pool, AABB collision, D-pad + fire touch input, 50 fps on the MCU. Proof that the graphics pipe has headroom.

50 fpstouch

HMI Menu & Setting · 7 tutorials

Basic Label

Tutorial 01 · first LVGL widget

Button Event

Tutorial 02 · callbacks + counter

Text Input Keyboard

Tutorial 03 · textarea + dropdown

Menu Navigation

Tutorial 04 · tabs + stage layout

WiFi List

Tutorial 05 · scan + RSSI list

WiFi Profile NVM

Tutorial 06 · CRC32 persistence

Final WiFi Manager

Tutorial 07 · state machine + watchdog

Interactive Sensors · 7 tutorials

DPS368 Monitor

Tutorial 01 · pressure + temperature

BMI270 Motion Visual

Tutorial 02 · 6-axis bars + trend

SHT40 Indicator

Tutorial 03 · humidity comfort zone

BMM350 Compass

Tutorial 04 · heading + calibration UI

BMI270 Radar View

Tutorial 05 · polar motion radar

Digital Mic Probe

Tutorial 06 · PDM stereo + peak hold

SensorHub Final

Tutorial 07 · 5 sensors + mic

Reference designs · 24 runnable examples

9-DOF Sensor Fusion

AHRS · complementary filter

Industrial Dashboard

Integration · 4-sensor plant-floor HMI

Smartwatch

Integration · 4 watch faces

Space Shooter

Graphics · entity pool + 50 fps

Pong

Graphics · AI opponent + speed-up

Snake

Graphics · 30×24 grid + touch

Flappy Bird

Graphics · 50 fps physics

Game Framework

Graphics · palette + CRT overlay

WiFi Connect

Connectivity · state-machine UI flow

Automation Rules

Automation · IF-THEN engine

Data Logger

Analytics · 200-entry ring buffer

Chart Statistics

Data viz · rolling min/max/avg

Line Chart Accel

Data viz · scrolling IMU XYZ

Bar Chart Multi

Data viz · 4-sensor multi-series

Motion Detector

Data viz · event log + BMI270

Level Bubble

Data viz · 2D accel tilt

Gauge Cluster

Data viz · 3 arc gauges

Environment Monitor

Environment · trend arrows

Status Panel

System · CPU / heap / uptime

Tile Navigation

Layout · 4-page swipe

Multi-Page App

Layout · tab bar nav

Color Mixer

UI · RGB + hex preview

LCD Console

Utility · color-coded log

Thai Text

UI · Noto Sans Thai pipeline

Healthcare BLE device support

BLE medical device bridge. Discovered via scan filter, paired, and routed to MQTTs with device-type classification.

TaiDocGlucose meters · infrared thermometers · pulse oximeters

OmronBlood pressure monitors · heart rate · weight scales

AccuChekContinuous glucose monitoring · blood glucose readers

Generic BLE HIDSpO₂ · ambient temperature · body temperature probes

Generic health profileBLE GATT health services · auto-discovery

Custom profilesOpen extension point: register device handler via API

Industrial device bridges · Modbus + CAN

Same discover → classify → route pattern for the plant floor and vehicle fleets. Plug in existing OT hardware without writing new middleware.

Modbus RTURS-485 · function codes 01-06, 15, 16 · poll + event modes

Modbus TCPUnit-ID routing · gateway dispatch · TCP keep-alive

CANopenSDO + PDO · NMT state machine · CiA-301 profile

J1939Heavy-duty vehicle · PGN subscription · BAM transport

ISO-TP / OBD-IIMulti-frame transport · on-board diagnostics

Custom industrialRegister your own protocol handler via bridge API

MQTT over QUIC · mobile + distributed fleets

For devices that change network. 0-RTT reconnection, connection migration across IP, mTLS provisioned per device via Vault PKI.

QUIC transportUDP 14567 · TLS 1.3 mandatory · 0-RTT resume

IP migrationSurvive Wi-Fi to cellular handover without reconnect

mTLS lifecyclePer-device cert from Vault PKI · 7-day auto-rotation

APISIX routingPer-device topic ACL · consumer quota · Vault plugin

Shared subscriptionsFleet fanout · worker load-balance · EMQX 5.10

Bridge patternSame discover → classify → route flow as BLE and CAN

Quickstart

Three commands. KitProg3. Sixty seconds

Shipped with ModusToolbox 3.7. GCC_ARM by default. LLVM_ARM and IAR also supported with the prebuilt variants.

make getlibsFetches 41 middleware packages into the shared cache. Run once per checkout.
make buildCompiles CM33-Secure, CM33-Non-Secure and CM55 in one invocation. Prebuilt libs wire in automatically.
make programFlashes via KitProg3 / OpenOCD. Secure-boot chain verifies on first reset.
make debug_cm55GDB-server + OpenOCD session against CM55; VS Code launch config included.

$ tesaiot quickstart

$ git clone https://tesaiot.github.io/developer-hub/ $ cd firmware-stack $ export CY_TOOLS_PATHS=/Applications/ModusToolbox/tools_3.7 $ make getlibs && make build && make program # Live in < 60 seconds on KIT_PSE84_AI or EVAL_EPC2.

Security posture

Hardware root of trust. Signed updates. Zero-trust ready

Security is not a module — it's the first thing CM33-Secure does.

— HW

Optiga Trust M

Hardware secure element. Root of trust. Device identity. CSR provisioning.

ShipsPer-device identity · hardware RoT · tamper-resistant key storage

— BOOT

Secure boot chain

CM33-Secure verifies CM33-Non-Secure → CM55. PSA-aligned. Rejects unsigned images at reset.

ShipsThree-core chain-of-trust · hardware-accelerated signature verification

— TLS

TLS 1.3 / mbedTLS

Hardware-accelerated crypto. MQTTs · HTTPs · secure-sockets all routed through the accelerated stack.

ShipsTLS 1.3 · AES · SHA · RSA / ECC hardware primitives

— OTA

Signed OTA

Protected Update flow with version + signature gates. Dual-image slot.

ShipsDual-slot bootloader · signed image verification · rollback protection

— CSR

On-device CSR

Device-local CSR generation via Optiga — never exposes the private key.

ShipsDevice-local CSR · private key never exits silicon · factory provisioning flow

— LOG

IPC-log audit trail

Structured logging over IPC; CM55 renders, CM33 audits. No plaintext-to-USB leaks.

ShipsStructured inter-core log channel · no direct USB leak path

The stack is open. The kit is on your desk in a week

Open Developer Portal →View on GitHub ↗

Use Cases

Healthcare, Smart City, Industry 4.0, Energy. All powered by Edge AI and secure connectivity.

Healthcare IoTFDA / CE / PDPA Compliant

Fall detection for seniors (Edge AI)
Continuous vital signs monitoring
Baby cry & siren recognition
HIPAA/PDPA privacy compliance

Smart CityConnected Infrastructure

Gesture control for smart homes
Object & human detection
Low-latency event alerts
Secure telemetry & analytics

Industry 4.0OT / SCADA / Digital Twin

Factory alarm detection (audio AI)
Predictive maintenance
Visual inspection of parts
OT network segmentation

Smart EnergyGrid / EV / Solar

Energy-efficient edge computing
Smart grid integration
EV charging optimization
Solar & battery forecasting

Security & Compliance with Advanced PKI

Certificate‑based identity, encrypted data paths, RBAC, and auditable operations. Supports ISO 27001, ETSI EN 303 645, GDPR/PDPA.

ISO 27001ETSI EN 303 645GDPR / PDPAmTLS / TLS 1.3

TESAIoT PKI Architecture

PKI Architecture

Root CA (offline, 10–20 yrs), Intermediate CA (Vault‑managed, ~5–10 yrs), Device certs (auto‑issued, 90‑day rotation).

Security Features

HSM integration, CRL/OCSP responders, automated lifecycle & renewal notifications.

Operational Workflows

Secure bootstrap enrollment, mutual TLS auth, audit logging & compliance reporting.

Key Innovation: 4‑Tier PKI Strategy

Tier 1 (Battery)

ECC P‑256

Sensors <1 mW – optimize for 10‑year battery life.

Tier 2 (Controllers)

ECC P‑384

<100 mW controllers – enhanced security.

Tier 3 (Gateways)

RSA 3072

>100 mW gateways – HW acceleration ready.

Tier 4 (Critical)

RSA 4096

Critical infrastructure – maximum protection.

Certificates sized by tier balance cryptographic strength, packet overhead, and device power budgets.

Join the Future of Secure AIoT

Provision identities, stream data securely, and unlock AI at the edge with TESAIoT.