New-Tech Europe | February 2019

Improving Embedded Security with the Armv8-M Architecture and TrustZone Rich Miron, Digi-Key Electronics

Securing a m icrocontro ll er-based application for the IoT can be tricky. Security starts at the hardware level and then scales into the embedded software. To successfully secure the software, developers require that the underlying hardware support critical features such as: Secure boot Memory protection Cryptographic engine accelerators True ran do m number generator (TRG) Secure pin multiplexing Software isolation While some of these features are supported in the Arm® Cortex®-M processors such as the M0+, M3/4/7 series, it can be difficult and time consuming to create a successful solution. A new solution that developers can leverage at the hardware level is to use the new Cortex-M23/33

series of microcontrollers which are based on the Armv8-M architecture. These processors are designed with security in mind and contain many security features like those listed earlier, including Arm TrustZone® for microcontrollers. In this article we will become more familiar with the Armv8-M architecture and explore how we can improve embedded security using TrustZone. Introduction to the Armv8-M architecture The first thing to realize about the Armv8-M architecture is that it is the latest microcontroller architecture from Arm that targets low cost, deeply embedded real-time embedded systems. There are three new processor types that are joining the family. The M23, which is a low- power variant, the M33, which is a

high-performance variant, and the recently announced M35P which is a high-performance, physical security (think tamper-resistance) processor (Figure 1). While the Armv8-M architecture does improve performance from previous architecture generations, several critical improvements to note include: Instruction set enhancements Flexible breakpoint configuration Dynamic reprioritization of interrupts Enhanced trace support Simpler Memory Protection Unit (MPU) setup The biggest and most interesting improvement to the architecture is the ability to use Arm TrustZone. TrustZone is a security extension to the architecture that allows a developer to physically isolate executing code and memory regions such as RAM, code space, and

40 l New-Tech Magazine Europe