Using TrustZone on Cortex-M23 and Cortex-M33

ARM recently announced the first two processors using the ARMv8-M architecture, ARM Cortex-M23 and Cortex-M33. ARM TrustZone for ARMv8-M adds security features to these cores that allow applications and services to operate securely while safeguarding the secure resources from being misused, corrupted or inspected by intruders. On November 17th christopherseidl and thomasensergueix hosted a webinar explaining how to program secure and non-secure domains on a processor with TrustZone.

Missed the webinar? Don't worry, you can watch the recording here:

During the webinar there were lots of great questions asked. We wanted to share some of these with you here.

Q: What about the code compatibility, migrating from Cortex-M0+ to Cortex-M23? Or Cortex-M3/M4 to Cortex-M33?

A: Cortex-M23 is building on ARMv8-M which is a superset of the AMRv6-M architecture, so code will remain forward compatible. I would just point out, that as the new architecture improved the programmer's model of the MPU, you are very likely to have to adapt MPU management code (assuming MPU was in use). The same is valid for porting from Cortex-M3/M4 (ARMv7-M) to Cortex-M33.

Q: What kind of OS is used in the secure world?

A: Any kind of real-time operating system supporting ARMv8-M can be used. CMSIS-RTOS v2 API provides a standardized interface for RTOS running on Cortex-M23 and M33.

Q: Is RTX supporting natively secure and non-secure tasks creation?

A: The current implementation of RTX runs in the non-secure state, but can call functions from the secure state. Further revisions will allow for other use cases as well. Generally, we advise to use the RTOS in the non-secure state as this will lower the attack surface for hackers.

Q: How do you define the functions in specific address like secure or non-secure? Using SAU, I understand that we can define regions as S/NS. But while defining the C functions, how will we assign that func1 should go to secure area and the func2 or func3 should go to NS area?

A: Any function defined in the secure project will go to the secure memory, while functions from the non-secure project will be stored in the non-secure memory.

Q: Any issues using Trust Zone entry functions with C++?

A: Code written in C++ must use extern “C” linkage for any inter-state interaction.

Q: Is "ARMv8-M Architecture Reference Manual" available (even in draft state)?

A: https://developer.arm.com/products/architecture/m-profile/docs/ddi0553/latest/armv8-m-architecture-reference-manual

Q: Are Cortex-M23 and Cortex-M33 simulated in Keil MDK?

A: In MDK-Professional you can simulate your code using Fixed Virtual Platforms that model the functionality (not the cycle accuracy) of ARM Cortex-M23 and M33.

Q: Any specific built in crypto engine available?

A: there is no crypto engines built into the Cortex-M23 and Cortex-M33 processors. ARM offer crypto-engines as part of the TrustZone CryptoCell product line.