We’ve been hearing for several years now that Arm Cortex-M processors would soon be getting a security upgrade by supporting TrustZone in the M23/M33 microcontrollers. The wait is finally over! Microchip has publicly released the first TrustZone compatible microcontrollers based on the low-power M23 core, the SAM L11. In this post, we will walk through some basic information about the SAM L10/L11 and what developers need to know in order to start improving their systems security.
Figure 1 – The Microchip SAML11 development kit is based on the armv-8 architecture and supports arm TrustZone extensions. (Image Source: Keil)
Before diving deep into the details, it’s useful to understand that Microchip released two M23 family variants, the L10 and L11. The L10 appears to be targeting very low-power devices that may not have very many security requirements. I say this because the L10 does NOT support the TrustZone security extension even though it is an M23 processor. Developers who want to use TrustZone in their designs will need to use the L11. I didn’t realize this difference at first and got lucky in that when I purchased my development kit, I decided to go with the L11.
TrustZone is a security extension to the armv-8 architecture that creates secure regions within the processor. These regions can be flash memory, RAM and even peripherals which are defined as secure versus non-secure. A developer has complete control to specify how they want to divide up the microcontrollers resources. In essence, TrustZone allows a developer to create isolation between different software and hardware components. The non-secure software is not able to access the secure region except where a secure function has explicitly been made callable. Random attempts to access this region result in an error.
The SAM L11 is targeted to be used in low power, IoT edge node environments where security is needed. These devices are resource constrained devices in that they have a 32 MHz clock rate. From a memory perspective, they provide up to 64 KB of flash and 16 KB of SRAM which is plenty of memory to run an RTOS if a developer desires to do so. The microcontroller packages are also either 24 or 32 pins, so they are definitely resource constrained compared to some of the other Cortex-M microcontrollers that are currently available. Given that this part is targeting low power, this doesn’t come as a big surprise and shouldn’t deter developers.
Developers working with TrustZone have several different options on how they can architect their software. First, they can create an integrated application where they carefully partition their application into the secure and non-secure regions. In these applications, developers will most likely place their RTOS in the non-secure region and more sensitive information such as keys and mission critical software into the secure region.
The second option is for stack developers who don’t want to share their source to preload microcontroller with their libraries and or applications within the secure region. They can then tailor the libraries to expose only the pieces of information they want the non-secure region to have. Developers can then use those exposed functions to create their own applications based on those software stacks.
The ARMv8-M Cortex-M processors are just starting to come to market. Undoubtedly, we will see many more releases and announcements over the coming months. The TrustZone extension will provide developers with the ability to improve their systems security; However, this added security will at first come at cost. Developers will need to invest time and money to learn the new techniques that are required to use TrustZone effectively. One way to get an early start is to leverage Microchip’s SAM L11 development board.
If you are interested in learning more about how to leverage Arm TrustZone in your products or are interested in taking a training course, please contact [email protected]
