ARM Cortex-M23 is the smallest and most energy efficient processor with TrustZone technology. Based on the ARMv8-M baseline architecture, Cortex-M23 is the ideal processor for constrained embedded applications where efficient security is a key requirement.
My colleague Thomas Ensergueix introduces the newest members to the Cortex-M family in his blog Cortex-M23 and Cortex-M33 - Security foundation for billions of devices , and here I will take you through some of the most interesting parts of the new Cortex-M23 processor:
TrustZone for ARMv8-M brings hardware-enforced separation between the trusted and non-trusted software on each Cortex-M23 based device. As such, TrustZone provides a foundation for building embedded applications that, in the past, might have required two separate physical processors to create physical separation between the trusted and the non-trusted sides. A single Cortex-M23 processor can provide a robust solution for security requirements such as device identification management, high-value firmware protection, software certification, and secure boot, just to name a few.
The Cortex-M23 processor with TrustZone has two security states:
Code execution transitions and data accesses in the two security states, is policed by hardware, minimizing switching overhead and guaranteeing determinism – a hallmark for all Cortex-M processors. More details on features of TrustZone for ARMv8-M can be found in Joseph Yiu’s ARMv8-M architecture overview.
Cortex-M23 is a simple two-stage pipelined Von Neumann processor, yet it supports the full ARMv8-M baseline instruction set. Users familiar with the Cortex-M0+ will quickly recognize many similar features in the Cortex-M23 that bring extreme energy efficiency to these processors: WFI (Wait for Interrupts)/WFE (Wait for Event) and sleep/deep-sleep modes, sleep-on-exit, SysTick timer and optional single cycle IO.
The instruction set comprises around 80 Thumb instructions, most of which are 16-bit wide to maximize code compactness, but also include a few 32-bit instructions where efficiency gains can be made. All ARMv6-M instructions are supported to ensure ease of code migration from the Cortex-M0 and Cortex-M0+ processors. Several new instructions have been included in the ARMv8-M baseline instruction set to improve performance efficiency for conditional operations, mutually exclusive accesses, hardware divide operations, and immediate moves.
An efficient and secure 32-bit processor alone does not make for successful field deployment. Software development costs often far surpass fabrication and hardware IP costs. The Cortex-M23 makes it easier to develop and debug software by introducing more configurable hardware breakpoints and data watch points compared to other ARMv6-M processors. An optional Embedded Trace Macrocell (ETM) has also been added, in addition to the optional Micro Trace Buffer (MTB) which is also available as in Cortex-M0+ processor. These options give designers the choice of a more full-featured instruction trace functionality or a more cost-effective, trimmed-down, instruction trace capability.
A new programmer-friendly Memory Protection Unit (MPU) based on the latest PMSAv8 architecture has been added to the Cortex-M23 processor as an option. It can “protect” up to 16 regions for each of the Secure and Non-Secure states. Each region has a base address, ending address, access permission and memory attribute settings. In multi-tasking environments, the OS can reprogram the MPU during task context switching to define the memory permissions for each task. For example, application tasks may be granted access to all or some application data and specific peripherals. The MPU dramatically improves system reliability by protecting all other data from corruption and other peripherals from unauthorized accesses.
Easier to set up memory regions
Cortex-M23’s memory protection architecture adopts base and limit-style comparator for defining memory regions, as opposed to the previous power-of-two size, sized-aligned scheme. This improvement simplifies software development, and in some cases, reduces memory wastage when region sizes do not fit a perfect power-of-two size.
New instructions have been added to enhance the Cortex-M23's capability compared to ARMv6-M implementations, but without compromising the ultra-high energy efficiency of this Cortex-M processor class. Most of these 'new' instructions (except for the security extension ones) are inherited from the ARMv7-M architecture instruction set in order to extend Cortex-M23's capability compared to the Cortex-M0+.
TrustZone for ARMv8-M brings additional instructions to the baseline instruction set. This includes the secure gateway (SG), non-secure branch (BXNS, BLXNS), and test target (TT) instructions. More information can be obtained from Joseph Yiu’s ARMv8-M architecture overview.
Support for the execute-only memory regions has been improved by the addition of immediate-move instructions (MOV/MOVT inherited from ARMv7-M), which facilitate immediate-data generation in execute-only code. These instructions provide the ability to produce 32-bit values via two instructions without the need to perform a literal load.
Conditional Compare and Branch instructions (CBNZ/CBZ inherited from ARMv7-M) improve performance for many conditional control code sequences. Immediate branch with long offset (B.W inherited from ARMv7-M) allows for direct branch to a far target address. And hardware integer divide instructions (SDIV/UDIV inherited from ARMv7-M) reduce processing cycles for divide operations.
Load and store exclusive instructions from ARMv7-M have been added to improve the architecture consistency of Cortex-M23 processor in multicore systems where semaphores between processors can be handled with the same mechanism. In addition, to provide atomic support for C11/C++11, the load-acquire and store-release instructions are included from ARMv8-A (Thumb 32 version), including exclusive access variant of those instructions.
For more information about the Cortex-M23 and the Cortex-M33, see the introduction white paper on both processors here.
additional resources/documents on ARMv8-M and developing software for Cortex-M23 can be found here: Docs – ARM Developer