Using TrustZone for ARMv8-M on ARM Cortex-M23 and ARM Cortex-M33

ARM

Christopher Seidl Technical Marketing Manager Thomas Ensergueix Director, Product Marketing

Webinar 11/17/2016

© ARM 2016



- Introduction of ARM<sup>®</sup> Cortex<sup>®</sup> -M23 and ARM Cortex-M33
- TrustZone<sup>®</sup> for ARMv8-M: Security foundation in hardware
- Software development tools and software components
- Demo

# ARM Cortex-M23 and ARM Cortex-M33



## Bringing TrustZone to the Cortex-M family



## TrustZone for ARMv8-M

## Separation and access control Isolate trusted software and resources

Reduce attack surface of key components

#### Trusted software

- Provision of security services
- Small, well-reviewed code

#### Trusted hardware

- Hardware assist for cryptography
- Secure-access validation built into SoC



## Bringing security protection to the system

- Secure the system, secure the processor
  - Hardware separation and isolation
  - Protect memories, peripherals, legacy IP
- AMBA AHB5 bus protocol
  - Signals security through the interconnect
  - Complementary to ARMv8-M
- Optimized for embedded systems
  - Fewer wires saves area and power
  - Hardware protection simplifies software



## Ever-expanding world's #1 embedded ecosystem

Public silicon lead partners

Public ecosystem lead partners



TrustZone for ARMv8-M Security foundation in hardware



## TrustZone for ARMv8-A

## TrustZone for ARMv8-M





Secure transitions handled by the processor to maintain embedded class latency

## Security defined by memory map

## All transactions from core and debugger are checked

- All addresses are either secure or non-secure
- Policing managed by Security Attribution Unit (SAU)
  - Internal SAU similar to MPU
  - Supports use of external system-level definition
  - For example, based on flash blocks or per peripheral
- Banked MPU configuration
  - Independent memory protection per security state
- Load/stores acquire non-secure attribute based on address
  - Non-secure access to secure address  $\rightarrow$  memory fault



## ARMv8-M additional states

## Existing handler and thread modes are mirrored

- Secure and non-secure code runs on a single CPU
  - For efficient embedded implementation
- Secure state for trusted code
  - New secure stack pointers for robust operation
  - Addition of stack-limit checking
- Dedicated resources for isolation between domains
  - Separate memory protection units for secure and non-secure
  - Private SysTick timer for each state
- Secure side can configure target domain of interrupts



Non-secure

thread

mode

ARMv8-M

Secure

thread

mode

# High performance cross-domain calls

### Efficient implementation focused on microcontroller

- Security inferred from instruction address
  - Secure memory considered to hold secure code
- Direct function calls across boundary
  - High performance and high security
  - Multiple entry points
  - No need to go via 'monitor' for transitions
- Uses Secure Gateway (SG) instruction
  - Only permitted in special secure memory with non-secure callable (NSC) attribute



## ARMv8-M programmer's model: Memory map

#### Non-secure state

| 0xffffffff | ROM tables               | / \//////////////////////////////////// |
|------------|--------------------------|-----------------------------------------|
| 0xF0000000 | System control and debug |                                         |
| 0xE0000000 | System control and debug |                                         |
|            |                          |                                         |
|            | Off-chip peripherals     | Debug                                   |
| 0xA0000000 |                          |                                         |
|            | Off-chip memory          |                                         |
|            |                          | MPU                                     |
| 0x60000000 | Peripherals              | SCB                                     |
|            |                          |                                         |
| 0x40000000 | <u> </u>                 | NVIC                                    |
|            | RAM                      | SysTick                                 |
|            |                          | ITM/DWT/FBP                             |
| 0x20000000 |                          |                                         |
|            | Flash                    | —Vector table for                       |
| 0x0000000  |                          |                                         |
|            |                          | Non-secure handlers                     |

Non-secure memory view is identical with Cortex-M

Branches to fixed memory locations access secure firmware

Secure memory is invisible

## ARMv8-M programmer's model: Memory map

#### Secure state

| न्यन्यन्यन्यन्र <del>४</del> 0 |                          |  |     |
|--------------------------------|--------------------------|--|-----|
|                                | ROM tables               |  | 1   |
| 0xF0000000                     | System control and debug |  |     |
| 0xE0000000                     | Off-chip peripherals     |  | N   |
| 0xA000000                      | Off-chip memory          |  |     |
| 0x60000000                     | Non-secure peripherals   |  |     |
| 0x40000000                     | Secure peripherals       |  |     |
| 0410000000                     | Non-secure RAM           |  |     |
| 0x20000000                     | Secure RAM               |  |     |
| 0.20000000                     | Non-secure flash         |  |     |
| 0x00000000                     | Secure flash             |  | Vec |
|                                |                          |  |     |

Non-secure MPU alias Non-secure SCB alias Non-secure SysTick alias Debug SAU SAU Secure MPU Secure SCB NVIC Secure SysTick ITM/DWT/FBP

Vector table for secure handlers

Secure memory view shows additional Flash, RAM, and peripherals

Access to all regions is possible in secure state

Regions can be configured in secure state using the SAU

## A simplified use case

## Composing a system with secure and non-secure projects



# Software development tools and software components

# Accelerate software creation for ARMv8-M devices with TrustZone



## Tools and components for software development



## Keil MDK Microcontroller Development Kit

Most comprehensive development solution supporting over 3600 devices





## CMSIS: Pathway to the ARM ecosystem



ΔRN

- Vendor-independent hardware abstraction layer for Cortex-M series
  - Open source software framework with processor HAL, DSP library, and RTOS kernel
- Consistent, generic, and standardized software building blocks
  - Optimized API that software creation, code portability, and middleware interfaces
- Infrastructure to accelerate time to market for device deployment
  - Software Packs to distribute device support, board support, and software building blocks







## **CMSIS-CORE** for secure mode projects



## Debugging of software projects



- MDK offers debugging with:
  - Simulation environment for software development prior silicon availability
  - MPS2 target connection for testing with microcontroller prototypes
- Secure & Non Secure Debug Access

| μVision                                                                                                    | ×   |
|------------------------------------------------------------------------------------------------------------|-----|
| Enter password and press "OK" to enable secure debug.<br>Press "Cancel" to continue with non-secure debug. |     |
| 0x1234ABCD                                                                                                 |     |
| OK Can                                                                                                     | ;el |

Enter password for Secure Debug Access

# Demo



## More information

- Application note 291: Using TrustZone on ARMv8-M (keil.com/appnotes/docs/apnt\_291.asp)
- Upcoming webinars (<u>keil.com/events</u>):
  - Dec 1<sup>st</sup>: Dynamic software analysis with MDK event recorder
  - Dec 8<sup>th</sup>: What's new in CMSIS-RTOS2 and Keil RTX5



ARMv8-M provides the architecture for the next generation of secure connected embedded devices

Software and tools make it easy for developers to use secure mode

CMSIS provides software building blocks for faster time to market of embedded applications that require security



The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

Copyright © 2016 ARM Limited

© ARM 2016