The configuration of a microcontroller system that includes TrustZone-M or several processors can be difficult, as the application software of the system is developed with multiple sub-projects that share common memory and a set of peripherals. Furthermore, Arm Cortex-M23/M33 based microcontrollers contain security features such as:
The SAU, MPC, PPC need a consistent setup across the various projects that matches with the configuration of the development tools (especially the linker script). CMSIS-Zone manages even systems that contain several processors. The figure below shows a multi-processor system where peripheral and memory are shared across two Cortex-M33 processors.
To aid the system designer and software developer, Arm is extending the CMSIS software and tools framework with CMSIS-Zone. It defines methods to describe system resources and to partition these resources into multiple projects and execution areas. The system resources may include multiple processors, memory areas, peripherals and related interrupts.
CMSIS-Zone includes an utility that:
The CMSIS-Zone utility is Eclipse-based and stores the relevant information in an XML format using the following file types:
The CMSIS-Zone utility supports a multi-step approach which gives the system architect better control. The steps for a multi-processor system could therefore look like:
The separation of resource (*.rzone) and assignment (*.azone) information makes it possible to update the resource information independent of the settings or assignments. The user interface of the CMSIS-Zone utility combines both files into one view and makes it easy to distribute the available system resources to sub-projects. The Generate function of the utility creates sub-system resource files that provide the developer of the various sub-projects with the information of memory and peripherals that is relevant.
The resource file of a sub-system may be loaded again with the CMSIS-Zone utility. While this multi-step approach gives better control to the system architect, also it shows the software developer only the memory regions and peripherals that are available to the sub-system. Other resources cannot be accessed. This allows to create complex applications with independent teams, as the configuration settings of the various sub-projects are clearly separated.
Currently, the Eclipse-based CMSIS-Zone utility is available as pre-release from GitHub. Several example projects are already provided in the repository that show the configuration for some Cortex-M33 systems. Until October 2019, CMSIS-Zone will be finalized and later integrated into the standard CMSIS deliverables. The CMSIS-Zone configuration will get integrated into the Trusted Firmware for Cortex-M systems (TF-M) and should simplify the configuration of this comprehensive security software stack.
The following video shows how to operate the CMSIS-Zone utility.
We have released version 1.0.0! Please download the CMSIS-Zone utility below and use it for configuring your own hardware system.