IoT and Security: ARM v8-m Architecture. Robert Boys Product Marketing DSG, ARM. Spring 2017: V 3.1

Similar documents
ARM TrustZone for ARMv8-M for software engineers

Arm TrustZone Armv8-M Primer

Implementing Secure Software Systems on ARMv8-M Microcontrollers

The Next Steps in the Evolution of ARM Cortex-M

ARMv8-M Architecture Technical Overview

the ARMv8-M architecture

The Next Steps in the Evolution of Embedded Processors

M2351 Security Architecture. TrustZone Technology for Armv8-M Architecture

Secure software guidelines for ARMv8-M. for ARMv8-M. Version 0.1. Version 2.0. Copyright 2017 ARM Limited or its affiliates. All rights reserved.

TrustZone technology for ARM v8-m Architecture

Designing Security & Trust into Connected Devices

M2351 TrustZone Program Development

ARM Cortex-M and RTOSs Are Meant for Each Other

Designing Security & Trust into Connected Devices

Cortex-M3/M4 Software Development

A Developer's Guide to Security on Cortex-M based MCUs

The ARM Cortex-M0 Processor Architecture Part-1

Resilient IoT Security: The end of flat security models

ARM architecture road map. NuMicro Overview of Cortex M. Cortex M Processor Family (2/3) All binary upwards compatible

Cortex-M Software Development

ECE254 Lab3 Tutorial. Introduction to MCB1700 Hardware Programming. Irene Huang

How to protect Automotive systems with ARM Security Architecture

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

ARM Cortex -M for Beginners

Trustzone Security IP for IoT

ELC4438: Embedded System Design ARM Cortex-M Architecture II

Kinetis Software Optimization

ARM CORTEX-R52. Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture.

OUTLINE. STM32F0 Architecture Overview STM32F0 Core Motivation for RISC and Pipelining Cortex-M0 Programming Model Toolchain and Project Structure

Arm Cortex -M33 Devices

ARM Architecture and Assembly Programming Intro

Design and Implementation Interrupt Mechanism

Internet of Things (IoT)

Embedded System Design

Resilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer

ARM Cortex core microcontrollers

AND SOLUTION FIRST INTERNAL TEST

AN316 Determining the stack usage of applications

Separating instructions and data with PureCode

Designing Security & Trust into Connected Devices

Cortex-M3/M4 Software Desig ARM

ARM Cortex -M33 Processor User Guide

Interrupts and Low Power Features

AN301, Spring 2017, V 1.0 Ken Havens

ARM Cortex core microcontrollers 3. Cortex-M0, M4, M7

ARM processors driving automotive innovation

ARM Cortex processors

Introduction to Armv8.1-M architecture

Exception and fault checking on S32K1xx

ARM mbed Technical Overview

Hercules ARM Cortex -R4 System Architecture. Processor Overview

Interrupts (Exceptions) Gary J. Minden September 11, 2014

CODE TIME TECHNOLOGIES. Abassi RTOS. Porting Document. ARM Cortex-M3 CCS

ARM Roadmap Spring 2017

Securing IoT with the ARM mbed ecosystem

Interrupt/Timer/DMA 1

Interrupts (Exceptions) (From LM3S1968) Gary J. Minden August 29, 2016

Practical real-time operating system security for the masses

Cortex-M Processors and the Internet of Things (IoT)

ECE254 Lab3 Tutorial. Introduction to Keil LPC1768 Hardware and Programmers Model. Irene Huang

Bringing the benefits of Cortex-M processors to FPGA

ARMv8-A Software Development

ARM instruction sets and CPUs for wide-ranging applications

Troubleshooting Guide

Chapter 15 ARM Architecture, Programming and Development Tools

New ARMv8-R technology for real-time control in safetyrelated

COEN-4720 Embedded Systems Design Lecture 4 Interrupts (Part 1) Cristinel Ababei Dept. of Electrical and Computer Engineering Marquette University

QPSI. Qualcomm Technologies Countermeasures Update

References & Terminology

Mobile & IoT Market Trends and Memory Requirements

ARM Processors for Embedded Applications

ARM Ltd. ! Founded in November 1990! Spun out of Acorn Computers

Cortex-R5 Software Development

Reversing FreeRTOS on embedded devices

Lesson 2 Prototyping Embedded Software on Arduino on Arduino boards. Chapter-9 L02: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

ARM Cortex -M7: Bringing High Performance to the Cortex-M Processor Series. Ian Johnson Senior Product Manager, ARM

Cortex-M3 Reference Manual

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

RM3 - Cortex-M4 / Cortex-M4F implementation

Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler

ARM Cortex A9. ARM Cortex A9

EE4144: ARM Cortex-M Processor

Hypervisors on ARM Overview and Design choices

ARM Interrupts. EE383: Introduction to Embedded Systems University of Kentucky. James E. Lumpp

Lecture notes Lectures 1 through 5 (up through lecture 5 slide 63) Book Chapters 1-4

ARM mbed mbed OS mbed Cloud

Building mbed Together: An Overview of mbed OS and How To Get Involved

Cortex-M4 Processor Overview. with ARM Processors and Architectures

The Definitive Guide to ARM Ò Cortex Ò -M3 and Cortex-M4 Processors

Chapter 5. Introduction ARM Cortex series

Innovation is Thriving in Semiconductors

Each Milliwatt Matters

Migrating to Cortex-M3 Microcontrollers: an RTOS Perspective

The Changing Face of Edge Compute

CODE TIME TECHNOLOGIES. mabassi RTOS. Porting Document. SMP / ARM Cortex-A9 CCS

Lecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay

EMBEDDED SYSTEMS: Jonathan W. Valvano INTRODUCTION TO THE MSP432 MICROCONTROLLER. Volume 1 First Edition June 2015

ARM mbed Enabled. Mihail Stoyanov Partner Enablement Team Lead, ARM mbed. Xiao Sun Partner Enablement Engineer, ARM mbed

2018/04/11 00:10 1/6 NuttX Protected Build

Support for high-level languages

Transcription:

IoT and Security: ARM v8-m Architecture Robert Boys Product Marketing DSG, ARM Spring 2017: V 3.1

ARM v8-m Trustzone. Need to add security to Cortex -M processors. IoT Cortex-A has had TrustZone for a long time now. ARM has recently moved this into Cortex-M Almost the same TrustZone modified for Cortex-M Parts are Cortex-M23 and Cortex-M33 for now. Parts will be available this year tools available now. People are developing for ARM V8-M for some time 2

3

ARMv8-M Sub-profiles Both add ARM TrustZone technology. MAINLINE ARMv7-M ARMv8-M Mainline: Cortex-M33 For general purpose microcontroller products: similar to Cortex-M3/M4 Scalable Optional DSP and floating-point extensions. ARMv6-M Today BASELINE ARMv8-M ARMv8-M Baseline: Cortex-M23 Lowest cost, smallest, ARMv8-M Lo-power. Similar to Cortex-M0 Subset of Mainline 4

TrustZone for ARMv8-M Secure and Non-Secure states: S and NS. _s and _ns Switch between them. Using some rules. Memory mapped. S and NS peripherals and memory. Maybe no RTOS in Secure. NON-SECURE STATES Nonsecure App Nonsecure OS SECURE STATES Secure App/Libs Secure OS TrustZone for ARMv8-M 5

ARM TrustZone Technology One CPU. TWO of these: one each for S and NS state: MPU - granularity of 32 bytes SysTick timer. Stack pointers with stack limit checking. Vector Interrupt Tables. SCB System Control Block. 6

ARM TrustZone Technology New instructions: SG, BXNS, BLXNS, MOVW, MOVTW, TT New compiler intrinsics. cmse: Cortex M Security Extensions S and NS memory and peripherals. ARM SecurCore is a different technology. 7

Instructions SG Secure Gate: to go from NS to S. BXNS, BLXNS: branch and exchange S -> NS state. MOVW, MOVT used together used to move 32 bit value into a register. T = upper 16 bits. TT Test Target: returns Security Attribute Unit (SAU) region. Intrinsics: attribute ((cmse_nonsecure_call)) attribute ((cmse_nonsecure_entry)) 8

New MPU Memory Protection Unit Old is PMSAv7, New is PMSAv8 Memory regions defined by start and end address. 32 byte granularity. Used with TrustZone V8-M for protected memory. 9

ARMv8-M Additional States: Existing handler and thread modes mirrored with secure and non-secure modes or states. Thread mode can be either Privileged or Unprivileged. Handler Mode Thread Mode Non-secure Handler Mode Non-secure Thread Mode Secure Handler Mode Secure Thread Mode 10 ARMv7-M ARMv8-M

A few more things about ARMv8-M: TrustZone Secure is active at RESET. Code in S state can access both S and NS information. Code in NS state can access only NS information. NS can call functions in S in special way. SG S and NS memory mapped: configured by SAU (Security Attribution Unit) or IDAU 11

A Typical Situation Composing a system with secure and non-secure projects Non-secure state User project User application Start Secure state Firmware project System start Non-secure projects cannot access secure resources I/O driver Function calls Function calls Function calls Firmware Communication stack Secure project can access everything Secure and non-secure projects may implement independent time scheduling 12

System visibility to processor and peripherals New CMSIS Partition.h file describes memory areas. SAU shown here: 13

Another Secure Memory Configuration: How can a Non-secure app access a Secure function? Secure memory further divided into: 1) Secure: Contains secure code or data, secure stack and heap. 2) Non-Secure Callable (NSC) Entry function point. SG instruction. NS programs use NSC to access Secure functions. 14

How does this work? NSC memory area contains small branch veneers. These are defined entry points. When NS program calls a function in the Secure memory: 1. First instruction must be a SG (Secure Gateway). 2. SG must be present in an NSC region as defined by SAU/IDAU. Why make an NSC region? data could have same opcode value in Secure mem as SG. Must be in defined NSC region so this can t happen. NS code can access Secure code only via this NSC process. 15

NS program doesn t follow this? If a Non-Secure program attempts to branch/call into a Secure program address without using a valid entry point, a fault exception occurs. ARMv8-M Mainline: Secure Fault exception # 7 ARMv8-M Baseline: existing Hard Fault in Secure state. 16

Returning from Secure to Non-Secure Worlds: NS program calls a Secure function via NSC memory. Sees SG so good. Returns with new BXNS instruction: 17

Secure program Calling a Non-Secure Function: Secure calls with BLXNS directly to Secure region. Return address + some other things pushed on Secure Stack. Return address on LR set to special FNC_RETURN value. On RETURN: Return address from FNC_RETURN. 18

Return from NS function to Secure state: On RETURN: Branches to return value in FNC_RETURN (in LR). Secure Stack popped giving true Secure return address. Hardware hides true return address to Secure state. 19

Exception and Interrupts State Transitions: Each interrupt is set to Secure or Non-secure. Set in NVIC_ITNS register. No restrictions on interrupt occurring in N or S code. Nesting of interrupts, vectored interrupt handling, and vector table relocation are all supported as before. Same latency times as before for NS interrupts. Secure interrupt latency a little longer. Lazy Stacking supported (no stack of FPU unless used Int H) 20

Stack and Stack Pointer: ARMv8-M processor has four stack pointers: 1. MSP_S (Secure Main Stack Pointer) 2. PSP_S (Secure Process Stack Pointer) 3. MSP_NS (Non-Secure Main Stack Pointer) 4. PSP_NS (Non-Secure Process Stack Pointer) Stack Checking Limit: if more stack used than expected. ARMv8-M Mainline: SP have stack limit registers. ARMv8-M Baseline: Secure SP have stack limit registers. Non-Secure SP use the MPU for stack overflow. 22

TT instruction: Test Target. SAU/IDAU generates a Region Number for each region. Software can check a region to determine security. TT returns RN and Attribute (N or S) on an address. Use TT on start and end address. Can determine memory has required security attributes. Secure code can see if the memory referenced by an NS software has the correct security attribute. Prevents NS software from reading or corrupting S info. 23

How TT works: 24

Debugging: Debugging can see everything (it has to have this ability). Obvious security breaches easily done via JTAG. Allowing access to NS only is a benefit. Debuggers must securely blocked. All, NS or nothing. 25

Firmware protection A company wants to secure its firmware. TrustZone allows putting IP in protected space. A customer can access this IP with APIs as described. Can also provide part with blank protected Flash for 3 rd parties to add their IP. 26

Thank you! Now a demonstration! The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright 2015 ARM Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback