Securing the edge with ARM TrustZone for v8-M
September 16, 2016
ARM's new 32-bit ARMv8-M architecture was introduced in 2015, adding TrustZone security extensions for Cortex-M microcontrollers (MCUs), among other f...
ARM’s new 32-bit ARMv8-M architecture was introduced in 2015, adding TrustZone security extensions for Cortex-M microcontrollers (MCUs), among other features. As v8-M-based silicon comes to market, it’s essential that developers understand the architecture, the new capabilities it offers, and how to implement it in the design of connected edge devices that form the foundation of secure end-to-end systems.
Internet of Things (IoT) security issues often result from inadequate protection for devices at the edge of a connected system. These tend to be low power, cheap microcontroller-based devices that perform a single function, like temperature monitoring. Lack of processing power, memory, and, of course, cost, are often cited as reasons for not being able to properly secure these assets, which are increasingly being exploited by hackers as trampolines to higher value assets connected to the same network. In order to protect intellectual property, customer data, user safety, and brand reputation against such threats, device makers have investigated a variety of techniques to secure vulnerable endpoints, including the use of multiple MCUs with one or more dedicated solely to performing security functions such as encryption and authentication. This of course raises complexity, cost, and adds another line item to a bill of materials (BOM).
Fortunately, however, that is set to change for MCU-based devices. In 2015 ARM announced that its hardware-based security technology, TrustZone, would be available on Cortex-M MCUs by virtue of the new v8-M architecture. With security capabilities akin to what has been widely deployed across Cortex-A application procesors, ARMv8-M brings foundational security to Cortex-M devices and enables the creation of IoT systems that are secure from end to end.
TrustZone extensions for ARMv8-M: Enhanced security architecture
The ARMv8-M architecture is a 32-bit architecture that maintains compatibility with ARMv6-M and ARMv7-M to ease software migration within the Cortex-M family, while also incorporating a host of enhancements and new capabilities, most notably in the way of security. The security enhancements include improvements to the Protected Memory System Architecture and the aforementioned inclusion of TrustZone security extensions, the latter of which allows secure and non-secure states to be established so that multiple security domains can exist within a single Cortex-M device.
System on chips (SoCs) often include multiple microprocessors, each assigned to offload system management or other tasks (I/O for example). In this architecture, one processor typically operates in a privileged state and the other in non-privileged state. While MCU-based systems have also had the ability to establish privileged and unprivileged states via the use of memory protection units (MPUs) or memory management units (MMUs) for some time, the v8-M TrustZone extensions provide an additional level of security and more efficient resource utilization, which reduces system design complexity and thereby cost.
How it works
Conceptually, TrustZone for v8-M works similar to TrustZone for Cortex-A processors. Unlike TrustZone technology for Cortex-A-class processors, however, there is no Secure Monitor to manage transitions between the two states. Instead, the secure and non-secure states are memory map based, which eliminates switching overhead and effectively fulfills the energy efficiency requirements of edge devices (Figure 1).
With TrustZone extensions for v8-M, the definition of secure and non-secure regions in an MCU is at the discretion of the chip designer. This is done using a new capability called the Secure Attribution Unit (SAU), a software technology that is used to define secure and non-secure memory regions. Alternatively, device- or system-specific controller logic tied to a special Implementation Defined Attribution Unit (IDAU) interface to the processor can be used accomplish the same. They key difference between the two is that the SAU is programmable in secure states, whereas the IDAU creates a fixed memory map.
The processor state depends on which memory region (secure or non-secure) is accessed. The processor state is secure if code is running in the secure memory region, and, similar to traditional TrustZone technology, code executing in the secure memory region has access to the non-secure region but not the other way around. However, TrustZone for v8-M introduces an additional memory type within the secure region called a Non-secure Callable (NSC) that acts as an entry point for code running in the non-secure memory region to access services, functions, or data in the secure region. Thus, the NSC portion of memory adds a degree of separation between secure and non-secure memory regions while facilitating access to secure functions. Application developers who need to use NSC memory must do so using a new instruction introduced in the v8 architecture called the Secure Gateway (SG). The SG instruction must reside in NSC memory and must be the first instruction in the API to access secure functions. Any attempt to access secure memory without a valid SG instruction leads to a hard fault.
In addition, ARM has also enhanced AHB-Lite that was defined as part of the AMBA 3.0 interconnect specification. Now AMBA 5 AHB5, the updated specification adds a special instruction to flag secure and non-secure bus transactions, permitting systems with TrustZone for ARM v8-M to interoperate with TrustZone on Cortex-A devices. This feature is essential for enablement design scalability and end-to-end, system-wide security.
Edge protection scenarios
There are a number of security applications are enabled by the new TrustZone extensions for ARMv8-M, including:
IP protection: Intellectual property, such as proprietary algorithms, relate directly to a company’s intrinsic value. Device makers can use TrustZone for ARMv8-M to store intellectual property in secure memory while still allowing non-secure applications to access it via APIs.
Secure storage of critical information: Keeping user data, identity information, and security keys separate from the rest of the system ensures confidentiality.
Root of trust implementation: A root of trust implementation provides a secure foundation for many different applications, such as secure over-the-air (OTA) firmware updates. Such a basis of trust is also critical to enabling mutual authentication between devices in a system.
Sandboxing of certified software: Software certification is an expensive process. Using certified software for cryptography, for example, allows device makers to enter new markets where such requirements are mandated. TrustZone for ARMv8-M allows keeping such code in secure memory regions while allowing access to applications via APIs in NSC memory regions.
Reducing cost via processor consolidation: In complex SoCs where one processor may be dedicated to performing security functions, TrustZone for ARMv8-M makes it possible to implement the same security capabilities as would be performed by the dedicated processor, thereby reducing cost and complexity.
End-to-end security example
Let’s take a simple door lock example to demonstrate the usefulness of TrustZone for ARM v8-M in achieving end-to-end security. There are four parts to this system – a door lock, a Cortex-M MCU based camera unit with TrustZone extensions for ARMv8-M that controls the lock, a Cortex-A microprocessor-based gateway with TrustZone technology, and a smartphone. When someone comes to the door, the camera takes an image and sends it to the gateway, which relays the image to a mobile phone app. Upon viewing the image, the user clicks a button in the app to open the door.
In this example, the edge node gains its root of trust from TrustZone for ARMv8-M, which becomes the basis for authenticating itself to the gateway. The gateway also authenticates itself to the mobile phone via TrustZone on the Cortex-A MPU. When the user selects the “open door” command on their phone, the phone relays it to the gateway, which in turn relays it to the edge node to open the door. Commands relayed between devices are validated at each step as part of the process, ensuring system-wide integrity (Figure 2).
TrustZone for ARMv8-M supports energy-conscious devices like wearables or battery-operated edge nodes in markets such as smart utilities and smart cities. Not only do the TrustZone extensions make it possible to secure the edge, but they change security economics by reducing complexity and eliminating additional parts dedicated to performing security functions. While TrustZone for ARMv8-M-capable silicon has yet to hit the market, several software companies – including Express Logic, Green Hills Software, IAR Systems, IBM, Mentor Graphics, Micrium, Real-Time Engineers, Symantec, and Trustonic – have announced their intentions to support it.
Ultimately, the choice to leverage the capabilities of ARMv8-M lies with device makers, as TrustZone for v8-M will require that developers change application development practices. Using TrustZone for ARMv8-M enforces disciplined thinking about what information needs to be protected, and will likely result in short-term learning curves that could impact the development process. But weighed against the cost of releasing insecure products, the decision is a simple one – TrustZone for ARMv8-M fills an immediate gap in the path towards system-wide security for the IoT.
Sequitur Labs Inc.