Arm TrustZone Armv8-M Primer Odin Shen Staff FAE Arm Arm Techcon 2017
Security
Security technologies review Application Level Security Designed with security in mind: authentication and encryption Privilege Level Security OS kernel and apps partitioned Privileged and Unprivileged states Access restrictions on unprivileged using Memory Management Unit (MMU) or Memory Protection Unit (MPU) Arm TrustZone Full isolation 2 security levels Secure and Non-Secure states Non-secure prevented to access/modify Secure. Root of Trust Anti-Tampering Security Secur-Core Prevents physical attacks 3
Meet Arm v8m
Arm v8-m sub-profiles Scalable architecture ARMv8-M Baseline: ARMv8-M Lowest cost, smallest, ARMv8-M implementations. MAINLINE ARMv6-M ARMv7-M BASELINE ARMv8-M Mainline: For general purpose microcontroller products Highly scalable Optional DSP and floating-point extensions. 5
Arm v8-m baseline performance & scalability Instruction set feature uplift for baseline microcontroller Feature Hardware divide Compare and branch Long branch Wide immediate moves Exclusive accesses Interrupt active bits Key benefits Faster integer divide operation in hardware. Removes need for library code. Combined compare-with-zero and branch. Faster control code. Long non-linking branch to compliment branch with link. Enables support for cross unit tail calls. Pointer and large immediate creation without needing a literal load. Provides a linking mechanism for execute-only code. Load-link / store-conditional support for semaphore use. Enables common semaphore handling between CPUs. Active status of all interrupts individually tracked. Offers dynamic re-prioritization of interrupts. 6
TrustZone TrustZone Options Arm v8-m mainline variants Comprehensive instruction set support with optional DSP and floating-point extensions Retains Baseline fundamentals. Adds extensive 32-bit instruction set ~ 40% performance uplift over Baseline. Optional integer digital signal processing (DSP) extension ~ 80 saturating arithmetic and SIMD operations. Baseline Hardware divide, mutually exclusive access, cond. branch, imm. move Mainline Co-processor support Single Precision Floating Point DSP Enhanced functionalities Optional floating-point (FP) extension ~ 45 instructions, IEEE754 compatible single, and/or double precision floating-point operations. Standard functionalities Baseline 7
TrustZone for Armv8-M NON-SECURE STATES SECURE STATES Non-secure App Secure App/Libs Non-secure OS Secure OS TrustZone for Armv8-M 8
Arm TrustZone technology Bringing ARM security extensions to the embedded world New instructions: SG, BXNS, BLXNS, MOVW, MOVT, TT and a few more. New style Memory Protection Unit (MPU) granularity of 32 bytes. Separate MPU for Secure and Non-secure modes. S and NS memory and peripherals. Secure stack pointers + stack limit checking. Private SysTick timer for each state. Secure (S) and Non-Secure (NS) states: on one CPU. TrustZone and SecurCore are different technologies. 9
Arm v8-m additional states Existing handler and thread modes mirrored with secure and non-secure states Secure and Non-Secure code run on a single CPU For efficient embedded implementation. Secure state for trusted code New Secure stack pointers for robust operation Addition of stack-limit checking. Handler Mode Thread Mode ARMv7-M Dedicated resources for isolation between domains Separate memory protection units for Secure and Non-secure Private SysTick timer for each state. Secure side can configure target domain of interrupts. Non-secure Handler Mode Non-secure Thread Mode ARMv8-M Secure Handler Mode Secure Thread Mode 10
A simplified use case Non-secure projects cannot access secure resources. Non-secure state User project Secure state Firmware project User application Start System start Secure projects can access everything. Function calls Firmware Secure and non-secure projects may implement independent time scheduling. I/O driver Function calls Function calls Communication stack 11
Security defined by address All transactions from core and debugger checked All addresses are either Secure or Non-secure. Request from CPU Policing managed by Secure Attribution Unit (SAU) Internal SAU similar to MPU Supports use of external system-level definition E.g. based on flash blocks or per peripheral. Security Attribution Unit (SAU) System Level Control Banked MPU configuration Independent memory protection per security state. Load/stores acquire NS attribute based on address Non-secure access attempts to Secure address = memory fault. Non-Secure MPU Request to System Secure MPU 12
Same address map, different access permissions Configured into Secure and Nonsecure regions Defines access control to all regions including peripherals and memory No change for developers on the Non-secure side 0xFFFFFFFF 0xE0000000 0xA0000000 0x60000000 0x40000000 0x20000000 0x00000000 Cortex-M standard 4GB linear address map System region Device region RAM region Peripheral region SRAM region CODE region System components and debug Off-chip peripherals Off-chip memory Peripherals SRAM Program flash Example partition with TrustZone Various, CPU controlled Secure Non secure Secure Non secure Secure Non secure Secure Non secure Secure Non secure 13
High performance cross-domain calls Efficient microcontroller focussed implementation Security inferred from instruction address Secure memory considered to hold Secure code. Direct function calls across boundary High performance and high security Multiple entry points No need to go via monitor for transitions. Uses Secure Gateway instruction SG Only permitted in special Secure memory with Non-secure-callable attribute (NSC). Secure Secure handler mode Secure thread mode MSP_S MSPLIM_S PSP_S PSPLIM_S Calls Calls R0 R1 R13 R14 R15 Non secure Nonsecure handler mode Nonsecure thread mode MSP_NS MSPLIM_NS PSP_NS PSPLIM_N S 14
Privileged Unprivileged Privileged Unprivileged Privileged Unprivileged Retain the familiar programmers model Classic embedded design ARMv7-M Secure embedded design ARMv7-M Secure embedded design with TrustZone for ARMv8-M Untrusted Trusted Firmware Firmware Firmware Trusted libraries RTOS RTOS Trusted resource manager and libs RTOS Trusted resource manager and libs 15
Typical software generation flow Based on proposed update to ARM C Language Extension (ACLE) NSC contains branch veneers Automatically generated by tool chains (linker) main(). func1(); Linkage Symbol file / export library Non-secure callable SG B.W func1 SG B.W func2 SG B.W func3 Secure APIs func1:. func2:. func3:. 16 attribute ((cmse_nonsecure_entry))
Stack and Stack Pointer Armv8-M processor has four stack pointers 1. MSP_S (Secure Main Stack Pointer) 2. PSP_S (Secure Process Stack Pointer) 3. MSP_NS (Non-Secure Main Stack Pointer) 4. PSP_NS (Non-Secure Process Stack Pointer) Stack Checking Limit: if more stack used than expected. Armv8-M Mainline: SP have stack limit registers. Armv8-M Baseline: Secure SP have stack limit registers. Non-Secure SP use the MPU for stack overflow 17
Example compiler interaction Coding a Non-Secure Callable function Ability to mark Secure code as Non-secure callable. int MySecureFunc(int v) attribute(nsentry) { return v + 1; } Code generation produces: SG at entry, or an SG veneer BXNS to permit return to Non-secure Header file or linker script to support calling from Non-secure state MySecureFunc: SG ADDS r0,r0,#1 BXNS lr extern MySecureFunc(); 18
Tools and components for software development
Tools and components for software development Keil MDK v5.22 IDE & debugger arm Compiler 6.6 CMSIS v5.0.0 Fast Models ULINK debug adapters MPS2 Cortex-M Prototyping System 20
Software packs MDK tools Keil MDK Microcontroller Development Kit Complete support for Cortex-M23 and Cortex-M33 MDK-Core arm C/C++ Compiler DS-MDK µvision IDE with pack management ARM Compiler 5 with qualification kit DS-5 IDE with pack management µvision Debugger with streaming trace ARM Compiler 6 LLVM technology DS-5 Debugger with streamline Device Startup Device HAL CMSIS driver CMSIS CMSIS-Core CMSIS-DSP CMSIS-RTOS IPv4 network USB device File system Middleware IPv6 network USB host Graphics mbed TLS encryption mbed Client IoT connector CMSIS defines software packs that are created by ARM, silicon vendors, and middleware partners For each project the version of the Software Packs may be specified 21 www.keil.com/mdk
CMSIS: Pathway to the Arm ecosystem Vendor-independent hardware abstraction layer for Cortex-M series Open source software framework with processor HAL, DSP library, and RTOS kernel Consistent, generic, and standardized software building blocks Optimized API that software creation, code portability, and middleware interfaces Infrastructure to accelerate time to market for device deployment Software Packs to distribute device support, board support, and software building blocks 22 3668 devices supported 1.2M+ source files on GitHub 3M+ downloads in past six months
What s new in CMSIS v5 Cortex-M23 and Cortex-M33 support Complete with examples for Fast Model (FVP) and MPS2 TrustZone for Armv8-M extensions Access to all new CPU registers Partitioning for Secure / Non-Secure access RTOS stack context management (generic) DSP Library adapted for Cortex-M23 and Cortex-M33 CMSIS-RTOS2 and RTX implementation Supports TrustZone for Armv8-M 23 Development public on GitHub https://github.com/arm-software/cmsis_5 3M+ downloads in past six months
CMSIS-RTOS2 new in CMSIS v5 Compatible with CMSIS-RTOS (v1) mbedos is using RTX Enhanced RTOS2 API with more flexibility: Dynamic and static object allocation Extended features, i.e. flag events Fixed API, no implementation specifics Armv8-M support for secure mode libraries Multi-processor communication support C++ API wrapper (in development) Addresses weaknesses of CMSIS-RTOS API v1 CMSIS-RTOS2 reference implementations: RTX v5 implements native RTOS2 API FreeRTOS (in development) Application Code cmsis_os.h CMSIS-RTOS API Object definition via macros Function call translation cmsis_os2.h CMSIS-RTOS2 API Real Time Kernel 25
Debugging of software projects MDK offers debugging with: Fast Model simulation environment for software development prior silicon MPS2 target connection for testing with microcontroller prototypes Secure & Non Secure Debug Access 26 Enter password for Secure Debug Access
System visibility to processor and peripherals MDK Debugger provides detailed dialogs for processor, core peripherals, and device peripherals CMSIS-SVD delivers information about device specific peripherals 27
System visibility to software components XML File Status and Event Views Software components are black box for the application programmer MDK Debugger gives visibility to status and events of software components Supports secure firmware and requires no source and debug information + Execution Status Event Information MDK Debugger + Event Recorder Software Component 28
CMSIS-RTOS2 Secure system demo on Cortex-M33 Demonstration of ARMv8-M security features and system recovery Non-secure state Secure state CMSIS-RTOS2 based on RTX5 User interface display thread Test case execution System restart secure fault handlers Incident log Secure watchdog MSP2 running Cortex-M33 system Full source code is part of AppNote 291: Using TrustZone on ARMv8-M 29
Debugging Debugging can see everything (it has to have this ability). Obvious security breaches easily done via JTAG. Allowing access to NS only is a benefit. Debuggers must securely blocked. 30
MDK Target Toolkits for ARMv8-M MDK targeted toolkits are based on DS-MDK (Eclipse) and indented for free to use toolkits provided by SiPs for their customers Initially only for global SiPs with huge customer base (> 10.000) and multi-year budgets Requires co-operation with SiP engineering teams as it needs to match in existing infrastructure Contact odin.shen@arm.com 31
Next steps in the evolution of Armv8-M Compilers must be upgraded for new instructions etc. RTOS to take advantage of new features. Middleware upgrades. Tools partners must update their tools. Arm MDK already capable of Armv8-M development. Arm already started on compilers. Others are in the same situation. 32
Further documentation https://community.arm.com/docs/doc-10896 Whitepapers: Armv8-M Architecture Technical Overview.pdf, Joseph Yiu Cortex-A TrustZone: PRD29-GENC-009492C_trustzone_security_whitepaper.pdf www.arm.com/trustzone Appnote 291 33
Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 34
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 35