Introduction to ARM
Trust Zone for Cortex-M Processors
This techerature introduces the ARM's 'TrustZone' on Cortex-M
ARM TrustZone in Cortex-M is different to Cortex-A class processors.
Secure and Non-Secure are just 'states' of the processor.
Unlike TrustZone technology in Cortex-A processors, the division of
Secure and Normal worlds is memory map based and the transitions
takes place automatically in exception handling code.
ARM TrustZone technology enables the system and the software to be
partitioned into Secure and Normal worlds. Secure software can
access both Secure and Non-secure memories and resources, while
Normal software can only access Non-secure memories and resources.
These security states are orthogonal to the existing Thread and
Handler modes, enabling both a Thread and Handler mode in both
Secure and Non-secure states.
Thread mode can also be either Privileged or Unprivileged.
If the Security Extension is implemented, the system starts up in
Secure state by default.
If the Security Extension is not implemented, the system is always
in Non-secure state.
ARM TrustZone technology does not cover all aspects of security. For
example, it does not include cryptography
In designs with the ARMv8-M architecture Security Extension,
components that are critical to the security of the system such can
be placed in the Secure world. These critical components include:
• A Secure boot loader.
• Secret keys.
• Flash programming support.
• High value assets.
Secure (Trusted) and Non-secure (Non-trusted) software can work
together, but Non-secure applications cannot access Secure resources
directly. Instead, any access to Secure resources can go through
APIs provided by Secure software, and these APIs can implement
authentications to decide if the access to the Secure service is
permitted. By having this arrangement, even if there are
vulnerabilities in the Non-secure applications, hackers cannot
compromise the whole chip.
NSC is a special type of Secure location. This type of memory is the
only type which an ARMv8-M processor permits to hold an SG(secure
gateway) instruction that enables software to transition from
Non-secure to Secure state. The inclusion of NSC memory locations
removes the need for Secure software creators to allow for the
accidental inclusion of SG instructions, or data sharing encoding
values, in normal Secure memory by restricting the functionality of
the SG instruction to NSC memory only.
Memory Space divided into
S -> Secure
NSC -> Non Secure Calleable -> the SG (secure gateway
instruction) can only be placed in this region.
NS -> Non-secure.
Click Here to Make Comments or ask Questions