IoT and Security: ARM v8-m Architecture Robert Boys Product Marketing DSG, ARM Spring 2017: V 3.1
ARM v8-m Trustzone. Need to add security to Cortex -M processors. IoT Cortex-A has had TrustZone for a long time now. ARM has recently moved this into Cortex-M Almost the same TrustZone modified for Cortex-M Parts are Cortex-M23 and Cortex-M33 for now. Parts will be available this year tools available now. People are developing for ARM V8-M for some time 2
3
ARMv8-M Sub-profiles Both add ARM TrustZone technology. MAINLINE ARMv7-M ARMv8-M Mainline: Cortex-M33 For general purpose microcontroller products: similar to Cortex-M3/M4 Scalable Optional DSP and floating-point extensions. ARMv6-M Today BASELINE ARMv8-M ARMv8-M Baseline: Cortex-M23 Lowest cost, smallest, ARMv8-M Lo-power. Similar to Cortex-M0 Subset of Mainline 4
TrustZone for ARMv8-M Secure and Non-Secure states: S and NS. _s and _ns Switch between them. Using some rules. Memory mapped. S and NS peripherals and memory. Maybe no RTOS in Secure. NON-SECURE STATES Nonsecure App Nonsecure OS SECURE STATES Secure App/Libs Secure OS TrustZone for ARMv8-M 5
ARM TrustZone Technology One CPU. TWO of these: one each for S and NS state: MPU - granularity of 32 bytes SysTick timer. Stack pointers with stack limit checking. Vector Interrupt Tables. SCB System Control Block. 6
ARM TrustZone Technology New instructions: SG, BXNS, BLXNS, MOVW, MOVTW, TT New compiler intrinsics. cmse: Cortex M Security Extensions S and NS memory and peripherals. ARM SecurCore is a different technology. 7
Instructions SG Secure Gate: to go from NS to S. BXNS, BLXNS: branch and exchange S -> NS state. MOVW, MOVT used together used to move 32 bit value into a register. T = upper 16 bits. TT Test Target: returns Security Attribute Unit (SAU) region. Intrinsics: attribute ((cmse_nonsecure_call)) attribute ((cmse_nonsecure_entry)) 8
New MPU Memory Protection Unit Old is PMSAv7, New is PMSAv8 Memory regions defined by start and end address. 32 byte granularity. Used with TrustZone V8-M for protected memory. 9
ARMv8-M Additional States: Existing handler and thread modes mirrored with secure and non-secure modes or states. Thread mode can be either Privileged or Unprivileged. Handler Mode Thread Mode Non-secure Handler Mode Non-secure Thread Mode Secure Handler Mode Secure Thread Mode 10 ARMv7-M ARMv8-M
A few more things about ARMv8-M: TrustZone Secure is active at RESET. Code in S state can access both S and NS information. Code in NS state can access only NS information. NS can call functions in S in special way. SG S and NS memory mapped: configured by SAU (Security Attribution Unit) or IDAU 11
A Typical Situation Composing a system with secure and non-secure projects Non-secure state User project User application Start Secure state Firmware project System start Non-secure projects cannot access secure resources I/O driver Function calls Function calls Function calls Firmware Communication stack Secure project can access everything Secure and non-secure projects may implement independent time scheduling 12
System visibility to processor and peripherals New CMSIS Partition.h file describes memory areas. SAU shown here: 13
Another Secure Memory Configuration: How can a Non-secure app access a Secure function? Secure memory further divided into: 1) Secure: Contains secure code or data, secure stack and heap. 2) Non-Secure Callable (NSC) Entry function point. SG instruction. NS programs use NSC to access Secure functions. 14
How does this work? NSC memory area contains small branch veneers. These are defined entry points. When NS program calls a function in the Secure memory: 1. First instruction must be a SG (Secure Gateway). 2. SG must be present in an NSC region as defined by SAU/IDAU. Why make an NSC region? data could have same opcode value in Secure mem as SG. Must be in defined NSC region so this can t happen. NS code can access Secure code only via this NSC process. 15
NS program doesn t follow this? If a Non-Secure program attempts to branch/call into a Secure program address without using a valid entry point, a fault exception occurs. ARMv8-M Mainline: Secure Fault exception # 7 ARMv8-M Baseline: existing Hard Fault in Secure state. 16
Returning from Secure to Non-Secure Worlds: NS program calls a Secure function via NSC memory. Sees SG so good. Returns with new BXNS instruction: 17
Secure program Calling a Non-Secure Function: Secure calls with BLXNS directly to Secure region. Return address + some other things pushed on Secure Stack. Return address on LR set to special FNC_RETURN value. On RETURN: Return address from FNC_RETURN. 18
Return from NS function to Secure state: On RETURN: Branches to return value in FNC_RETURN (in LR). Secure Stack popped giving true Secure return address. Hardware hides true return address to Secure state. 19
Exception and Interrupts State Transitions: Each interrupt is set to Secure or Non-secure. Set in NVIC_ITNS register. No restrictions on interrupt occurring in N or S code. Nesting of interrupts, vectored interrupt handling, and vector table relocation are all supported as before. Same latency times as before for NS interrupts. Secure interrupt latency a little longer. Lazy Stacking supported (no stack of FPU unless used Int H) 20
Stack and Stack Pointer: ARMv8-M processor has four stack pointers: 1. MSP_S (Secure Main Stack Pointer) 2. PSP_S (Secure Process Stack Pointer) 3. MSP_NS (Non-Secure Main Stack Pointer) 4. PSP_NS (Non-Secure Process Stack Pointer) Stack Checking Limit: if more stack used than expected. ARMv8-M Mainline: SP have stack limit registers. ARMv8-M Baseline: Secure SP have stack limit registers. Non-Secure SP use the MPU for stack overflow. 22
TT instruction: Test Target. SAU/IDAU generates a Region Number for each region. Software can check a region to determine security. TT returns RN and Attribute (N or S) on an address. Use TT on start and end address. Can determine memory has required security attributes. Secure code can see if the memory referenced by an NS software has the correct security attribute. Prevents NS software from reading or corrupting S info. 23
How TT works: 24
Debugging: Debugging can see everything (it has to have this ability). Obvious security breaches easily done via JTAG. Allowing access to NS only is a benefit. Debuggers must securely blocked. All, NS or nothing. 25
Firmware protection A company wants to secure its firmware. TrustZone allows putting IP in protected space. A customer can access this IP with APIs as described. Can also provide part with blank protected Flash for 3 rd parties to add their IP. 26
Thank you! Now a demonstration! The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright 2015 ARM Limited