CEC – Securing IoT Devices using arm TrustZone

One of the greatest challenges facing developers creating connected systems is securing their devices.  In the good old disconnected days, developers only had to concern themselves with physical tampering but today, systems are also vulnerable to remote attacks that can result in device cloning, repurposing, intellectual property theft, data manipulation and many other potential issues. In this course, we will examine how developers can start to secure their embedded systems using arm TrustZone for microcontrollers.

Session 1 – Understanding Embedded Security

Security is often misunderstood by embedded systems engineers working with microcontrollers. In this session, we will explore embedded system security concepts that every IoT developer needs to know. We will start with what security is and the potential avenues hackers can use to attack our connected systems. We will examine the general methods and strategies used to protect devices and several architectures that can be used to enhance system security.

Registration and Playback located here (May require login to access)

Session 2 – Introduction to Arm TrustZone

Once a developer understands the methods and strategies used to a secure a system, they can more appropriately decide how to use the technology available to them. In this session, we will dig deeper into the armv8-M architecture and the TrustZone security extension and how it fits into the developer’s security toolbox. Attendees will become familiar with the new Cortex-M23/33 processors along with the new programmers’ model.

Registration and Playback located here (May require login to access)

Session 3 – Creating your First TrustZone Application

In this session, attendees will dive in and learn how to create their first application using TrustZone. Developers will be able to follow along using Keil MDK to simulate their application or they can use available TrustZone hardware. Attendees will learn how to configure the secure and unsecure zones and how they can protect memory regions such as RAM, Flash and even peripheral access.

Registration and Playback located here (May require login to access)

Session 4 – Designing and Debugging a Secure Application

Security starts with developing a Chain of Trust. In this session, we will walk developers through how a TrustZone application starts and the steps necessary to develop a Chain of Trust. Attendees will also learn how the secure zone affects debugging and the steps developers must take to debug their code. Once this is understood and the Chain of Trust is developed, developers can then execute their user code with more confidence.

Registration and Playback located here (May require login to access)

Session 5 – Securing a RTOS Application with TrustZone

RTOSes can still play an important role in TrustZone applications. So how does a developer use an RTOS when there is a secure and unsecure world executing on the processor? In this session, we will explore several different options developers leverage to use an RTOS in a TrustZone application. Attendees will walk away with an understanding on what considerations they need to make and they methods they can employ to use a RTOS.

Registration and Playback located here (May require login to access)

Course Resources

  • Sign-Up for the Embedded Bytes Newsletter here
  • Embedded Software Design Techniques – An API Standard for MCU’s here
  • Technology Primer – TrustZone here
  • Developing Reusable Firmware – A Practical Guide to API’s, HAL’s and Drivers here
  • Doxygen C Templates Download can be here
  • DesignNews Blog Articles can be found here
  • Jacob’s YouTube Channel – here

Course Source Code Download

The SAM L11 application code can be downloaded from Microchip here.

Keil Application Note 291 on using Arm TrustZone here.

SAM L11 Xplained Board page here

  • Arm TrustZone Reference Guide
  • Secure Bootloader
  • TrustZone Example Code

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.