ARM has been designing processors for decades now, and has come to realize that security is best approached from a systems perspective and should involve both the SoC hardware and software together, thus giving birth to the moniker ARM TrustZone, where there is hardware-based security designed into their SoCs that provide secure end points and a device root of trust. This webinar focused on the Cortex-M33 and Cortex-M23 embedded cores shown below in Purple:
Most IoT systems could use a single M33 core, although you can easily add two of these cores for greater flexibility and even saving power. Cores and peripheral IP communicate using the AHB5 interconnect. Security is controlled by mapping addresses with something called the Implementation Defined Attribution Units (IDAU). This system also filters incoming memory accesses at a slave level as shown in the system diagram:
That diagram may look a bit complex, however ARM has bundled most of this IP together along with the mbed OS with pre-built libraries and called it the CoreLink SSE-200 subsystem which is pre-verified, saving you loads of engineering development time.
With TrustZone you have a system that contains both trusted and un-trusted domains, then memory addresses are sorted to verify that they are in a trusted range or not.
Let's say that you like the security approach from ARM and then want to get started on your next IoT project, what options are available? ARM has built up a prototyping system using FPGA technology called the MPS2+ along with IoT kits that include the Cortex-M33 and Cortex-M23, plus there's a debugger called Keil. You can also use a Fixed Virtual Platform (FVP) which uses software models for simulation.
One decision that you make for your IoT device is the memory map, splitting it into secure and non-secure addresses using a Secure Attribution Unit (SAU) together with the IDAU. There are even configuration wizards available to let you quickly define the start and end address regions.
ARM even has created an open-source platform OS called mbed OS, just for the IoT market, already with some 200,000 developers. With the addition of this OS we now have three levels of security:
- Lifecycle security
- Communication security
- Device security
Related blog - IoT devices Designers Get Help from ARMv8-M Cores
It's pretty evident that ARM has put a lot of effort into creating a family of processors, and when it comes to security they have assembled an impressive collection of cores, semiconductor IP, SDK, compiler, platform and debugger. What this means is that now I can more quickly create my secure IoT system with ARM technology, using fewer engineers, all at an affordable price.
There's even detailed virtual training courses coming up in April and May for just $99 each, providing more depth than just the webinar provides.
Watch the archived webinar online here.