In the recent ARM Connected Community event Interview and Question Time with Joseph Yiu
community member Gopal Amlekar asked the following question:
"How are ARM processors and especially the Cortex-M processors helping in making the IoT more secure, reliable and not prone to hacking?
Is it something to do with the TrustZone?
Even with all these, what care should be taken by developers to make their device more secure in the WWW of things?"
I recently recorded this interview and members should expect to see it very soon! However I would like to elaborate further on this question, and explain in detail about how Cortex-M is approaching security.
Security management on existing Cortex-M processors
In a large part of the microcontroller application space, the most likely security issue is with software. For example, there could be vulnerabilities in the application code or at the communication protocol stack.
Typically, some form of security management can be implemented using the privileged and unprivileged execution levels. By executing protocol stack and application code at unprivileged level, and by using the Memory Protection Unit (MPU), we can significantly reduce the risk of any hacking instance or efforts gaining full control of the device. The MPU can ensure that the stack and critical data used by the OS kernel are not corrupted by a rogue application task. It can also make the SRAM region non-executable so that even if malicious code is injected into the SRAM (e.g. if part of the SRAM can be used to store received packets), such code cannot be executed.
In the mbedOS, which will be available in Q4 2015 the µVisor in the OS also uses the MPU for their security management. On top of that, mbedOS has added a lot of other security features to enable software developers to create applications that need to securely communicate with other devices and server. For example, Datagram Transport Layer Security (DTLS) can be used to securely handle data communications.
Software components in the mbedOS
Can Trustzone for Cortex-A be used for Cortex-M
The software execution environments for Cortex-M processors are often quite different from Cortex-A processors. In the Cortex-A processors, the OS environment (e.g. Android, iOS) allows you to download applications from third parties, meaning you have multiple secure domains within the system. The secure contents need to be completely hidden away from these applications, making TrustZone technology the best way to manage security.
For microcontroller type applications based on the Cortex-M processors, however, software components are often compiled and linked together during the software development stage. As the software components are essentially "trusted", there is no need to hide contents from them. Given that the MPU can prevent hackers from injecting code and executing them, the risk is more about how the on-chip software handles secure contents, and whether it is possible for the software to leak secure contents accidentally.
Multi-core approach
In complex SoC designs, Cortex-M processors might be used for various subsystems (e.g. I/O subsystem, power management). In these systems, 3rd parties software components could be downloaded into the SRAM in the Cortex-M subsystems and executed from there. In these cases, additional security arrangements might be needed. For example, a number of SoC designs use multiple Cortex-M processors in the design, with at least one of them always in a secure domain, and with the others in a non-secure domain. This arrangement can work well with a TrustZone based (e.g. Cortex-A processor) system.
What next
We are continuously investigating future technology to see how we can provide better solutions for a wider range of applications.
In addition to the processors, the mbedOS will be an important part of the picture. The mbedOS will make it easier to develop secure IoT applications because the OS is designed with security management from ground up. A wide range of secure communication technologies will be integrated into the OS so that application developers can deploy these technologies easily, securely and efficiently. The mbedOS will be free to use, and the applications created can be exported into other toolchains for further modifications and optimizations if required.
If you have further questions about Cortex-M security then do not hesitate to comment below and I will get back to you as soon as possible.