Enhancing embedded device security with new TrustZone-enabled microcontrollers

The introduction of Nuvoton’s M2351 microcontroller brings a new level of trust and security to embedded systems. At the core, the Arm TrustZone-enabled Arm Cortex-M23 processor provides hardware-enforced isolation between the Trusted and the Non-trusted resources in the device. That all sounds nice, but why should anyone care?

Connecting devices adds features but also vulnerabilities

Designers are adding Internet connectivity to many everyday devices which adds cool new features such as upgrades, but also opens the door to hackers. Building enough trusted security into devices so that they can make our lives easier has been a challenge. And unfortunately, that lack of trust has prevented many cool applications from seeing the light of day. Adding security to embedded systems needs to be done “ground-up”, not as an afterthought to the design. The M2351 from Nuvoton integrates the latest generation Cortex-M23 processor with security by isolation built into its core, yet maintains very low power consumption and deterministic behavior that is the hallmark of all Arm Cortex-M processors.

Picture this: applications that can benefit from better security

  • Fingerprint-enabled cards and locks
  • Smart home appliances such as a washing machine or heating, ventilation and air conditioning system
  • Smart city applications such as connected lamp posts or traffic controllers
  • Wireless sensor nodes such as temperature monitors
  • Automatic meter readers
  • Portable wireless data collectors such as in-home patient monitors
  • Digital currency wallet such as USB crypto store
  • Portable drug delivery systems such as an insulin pump
  • Disposable asset tracking systems

Opening up a world of comprehensive, user-friendly embedded security

With the M2351 Nuvoton brings its first programmable TrustZone-enabled microcontroller to developers. If you need a refresher in TrustZone for Armv8-M, here is a good place to start. The three biggest benefits of this are:

  1. User-friendly design: Cortex-M software developers will find the Cortex-M23 programmer’s model very familiar and pretty much identical to that of the Cortex-M0+, known for its ease of use. And the good news is, the same development tools, such as Arm Keil MDK, Arm Compiler, and GCC, all support the new processor. To get interested developers moving with their projects quickly, Nuvoton and Arm have partnered together to offer a free version of Keil MDK which includes the Cortex-M23. This free license supports over 400 devices (including Nuvoton’s Cortex-M0 based devices) and provides a free entry point to developing on Nuvoton NuMicro devices. Read more about how to get your hands on this free MDK license. 
  2. A proven foundation: TrustZone is already deployed in billions of Cortex-A devices. Now, TrustZone for Armv8-M uses the same concept, but optimized for embedded, deterministic devices and using our familiar Cortex-M programming model.
  3. Widely supported: Choose from many Arm tools or from a wide selection of ecosystem partners offering software, tools, RTOS and security solutions. Access all you need to know, along with Q&A support, at the TrustZone Community for Armv8-M. Take advantage of other Arm services to make your project a success with Arm technical reviews, technical support, online courses, and much more. Explore Arm services.

TrustZone for Armv8-M diagram

What’s included and how do I get started?

The M2351 MCU family key features:

  • Arm Cortex-M23 with TrustZone for Armv8-M at up to 48 MHz
  • 96 KB embedded SRAM, 512 KB embedded flash, 32KB Secure boot ROM
  • Cryptographic accelerator with ECC, AES, DES and a TRNG
  • I²C, SPI, UART, GPIOs, USB, and SMC interfaces
  • USB 2.0 with OTG, CAN interface
  • 16 ch 12-bit ADC and 2 ch 12-bit DAC

Arm partner Beningo Embedded Group recently hosted a webinar on the M2351 board bring-up with RTOS, showing how secure and non-secure software debug is done.

Tailored to fit within a comprehensive Arm IoT security solution

The Platform Security Architecture (PSA) from Arm is a step towards creating a more secure IoT and fits within Arm’s IoT solution. Announced in October 2017, PSA offers a security framework for anyone designing connected devices. PSA is a three-stage process giving designers and developers everything they need to correctly determine the level of security and the threat mitigation they should opt for. The PSA documentation and open source code (Trusted Firmware-M) makes it easier for developers using CPUs like the Arm Cortex-M23 processor to get started. Keil RTX5 fully supports TF-M and can be easily used with the free MDK edition for Nuvoton devices. Visit our PSA page to learn more and access PSA resources

How Arm's Platform Security Architecture works

M2351 and Mbed enable secure cloud connectivity

Nuvoton and the Arm Mbed team have been working closely to enable a port of Mbed OS for the M2351. This port showcases the security features that the Armv8-M architecture, PSA and Mbed OS provide to our joint partners and customers.

Security is one of the fundamental foundations of Mbed OS, which is why Arm has been working on delivering a PSA-compliant platform, providing developers with the tools they need to ensure the devices they deploy meet the security requirements of both today and tomorrow’s IoT customers. Mbed OS support for Armv8-M will be available to all our silicon partners in future Mbed releases alongside PSA-compliant cryptographic APIs* and secure partition management*, enabling Nuvoton to bring a leading-edge platform to the Mbed ecosystem.

*First available to Mbed partners on a feature branch

The only limit is your imagination…

There are many real-world products and applications that could benefit from more security. With the launch of this product family, developers will be able to create new products not dreamed of or designed before.

Cortex-M23 Applications

Get information on the M2351 family or purchase a demo board