Whitepaper - ARMv8-M Architecture Technical Overview

November 11, 2016

3 minute read time.

The next generation of ARM Cortex-M processors will be powered by a new architecture version called ARMv8-M architecture. This document provides a technical overview of various enhancements in the new architecture, as well as an introduction to the security technology, called TrustZone for ARMv8-M. This document also introduces AMBA 5 AHB5 which enables security management at a system level, and covers various use cases of the new technology.

ARMv8-M Architecture

Information on ARMv8-M and TrustZone

Cortex-M23, Cortex-M33 and Cortex-M35P processors information

For details of Armv8.1-M processors (Cortex-M55, Cortex-M85), please visit:

https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/cortex-m-resources

Resources for software developers

Documents on developer.arm.com

Topics	Document
Introduction	Introduction to the ARMv8‑M Architecture
TrustZone	TrustZone technology for ARMv8‑M Architecture
ARM C Language Extension (ACLE)	ACLE Extensions for ARMv8‑M
Secure software	Secure software guidelines for ARMv8‑M based platforms
System Design	System Design for ARMv8-M
Exceptions and Interrupts	ARMv8‑M Exception Handling
Fault exception	Fault Handling and Detection
Power management and sleep modes	ARMv8-M processor power management secure state protection
Debug	ARMv8‑M Processor Debug
Memory model, MPU	Armv8-M Memory Model and MPU User Guide (doc, example codes)
MPU	Memory Protection Unit for ARMv8‑M based platforms
OS	RTOS design considerations for ARMv8‑M based platforms
ARMv8-M software development with ARM Compiler 6	Chapter 9 : Building Secure and Non-secure Images Using ARMv8-M Security Extensions
TrustZone software development in Keil MDK	Keil Application Note 291: Using TrustZone on ARMv8-M
Security extension details for compiler vendors	ARMv8-M Security Extension: Requirements on Development Tools (latest) (v1.1)
ARMv8-M software development	EW2017 - Software Development on ARMv8-M Architecture
mbed(TM)OS deployment on Armv8-M	EW2017 - High-End Security Features for Low-End Microcontrollers
RTOS design	EW2019 - How RTOS should work in a TrustZone for Armv8-M environment
TrustZone Secure software	Stack sealing and why it is needed in TrustZone for Armv8-M
TrustZone Secure software	Armv8-M processor Secure software Stack Sealing vulnerability

Resources for silicon designers

Enhanced Security and Energy Efficiency of Microcontrollers and SoCs (AHB5 and Q channel introduction)
System Design for ARMv8-M
ARM AMBA 5 AHB Protocol Specification
AMBA APB Protocol Specification
AMBA Low Power Interface Specification
AMBA 4 ATB Protocol Specification
Corstone Foundation IP (Contains CoreLink SSE-200, CoreLink SIE-200 and more).
Webinar on secure system design
The six things you need to know about ARM CoreLink SSE-200 subsystem & ARM CoreLink SIE-200 system IP
CoreLink Interconnect | ARM CoreLink SIE-200 – ARM Developer
System Design | CoreLink SSE-200 subsystem – ARM Developer
Cortex-M Prototyping System+ (FPGA board)

Whitepaper - ARMv8-M Architecture Technical Overview.pdf

Parents

daith over 9 years ago

If I understand this right then it is possible for a non-secure side interrupt to interrupt the secure side and then call back to the secure side again. So it is fairly essential that there be a stack limit on the secure side as that could happen multiple times. I can see that happening okay by mistake or if the non-secure side is compromised. Is it envisaged that there will sometimes actually be more than one call from the non-secure side to the secure side outstanding in some circumstances, e.g. if an interrupt needs to check something?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Comment

daith over 9 years ago

If I understand this right then it is possible for a non-secure side interrupt to interrupt the secure side and then call back to the secure side again. So it is fairly essential that there be a stack limit on the secure side as that could happen multiple times. I can see that happening okay by mistake or if the non-secure side is compromised. Is it envisaged that there will sometimes actually be more than one call from the non-secure side to the secure side outstanding in some circumstances, e.g. if an interrupt needs to check something?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Children

No Data

Architectures and Processors blog

Using SVE in C#

Alan Hayward

.NET 9 introduces SVE support on Arm, allowing users to write simplified vectorised code. This blog gives examples in C# and compares it to C++.
- November 20, 2024
Part 3: Enabling PAC and BTI on AArch64 for Linux

Bill Roberts

Supporting C++ style exceptions and DWARF for Pointer Authentication Codes (PAC) signed pointers.
- November 20, 2024
Part 2: Enabling PAC and BTI on AArch64 for Linux

Bill Roberts

Utilizing Pointer Authentication Codes (PAC) and Branch Target Instructions (BTI) together and optimizations in instruction counts.
- November 19, 2024

AI and ML blog

Announcements

Architectures and Processors blog

Automotive blog

Embedded blog

Graphics, Gaming, and VR blog

High Performance Computing (HPC) blog

Infrastructure Solutions blog

Internet of Things (IoT) blog

Operating Systems blog

SoC Design and Simulation blog

Tools, Software and IDEs blog