An article from Semicast Research, published in Design & Reuse in January 2017, described Cortex-M23 and Cortex-M33 as “Born Secure”. I believe that this statement says something crucially profound about the direction of the microcontroller industry.
There is no need to rehearse the recent history of hacks and attacks on the increasingly connected world of devices. These have exposed a simple truth – unless implementing a secure system is as cheap as not doing so, in an ever more competitive world insecure systems will continue to be deployed, simply due to cost-pressure and inertia. Or, as Semicast puts it in the same article: “The issue of security must move from the nickel-and-dime list to be front-and-center in the minds of all developers and makers if the IoT is to maximize its potential.”
Security needs to be built in to even the simplest of systems at many levels: the processor needs to have been built with security features baked in; secure and tamper-resistant memory is required to hold secure identity and cryptographic data; firmware must support a secure boot process, founded on a hardware Root of Trust; there must be a secure, reliable over-the-air update mechanism; the RTOS or hypervisor needs to provide the ability to segregate and secure code and data regions to minimize the attach surface; communications links have to be adequately authenticated, secured and encrypted. The list goes on.
But, the fundamental point remains that the hardware you use must have been built with security as a foundation from the processor outward. Without this, even the most secure software stack is basically built on foundations of sand.
And this is where Cortex-M23 and Cortex-M33 offer something unique. They are both based on the ARMv8-M architecture which implements TrustZone security for the first time in the microcontroller space. When extended to the system, via appropriate bus fabric and memory systems, this allows for secure, segregated code and data memory regions. From this starting point, a truly secure system can be built. And since these features are an integral part of the processor, there is little or no extra cost involved in implementing or using them.
When you couple this with other hardware and software IP available off-the-shelf from ARM and many others in the ecosystem, including mbedOS uVisor and TrustZone Cryptocell, assembling a secure system becomes much, much easier. You are one huge step closer to making a system which is, by construction, secure from the endpoint all the way to the point where the service ecosystem takes over.
This is a game-changing step along the road to making it as easy as it possibly can be to design, build and deploy a system which is “Born Secure”.
"When extended to the system, via appropriate bus fabric and memory systems"
With CoreLink SIE-200 System IP for Embedded, ARM has this covered too:
www.arm.com/.../corelink-sie-200.php