More and more objects are connecting to one another wirelessly via the internet. This has increased the need for reliable security features in IoT nodes, especially for consumer products, industrial devices and "home appliances" within the household, because such internet connections provide an attack vector for attacks by hackers - from DDoS attacks (distributed denial of service) to unauthorized access to internal networks.
Priority is given to measures that provide anti-tampering security in system-integrated hardware - namely networked, embedded devices. First and foremost, however, systems at the physical level should have secure boot processes, as hackers frequently target systems' reboot mechanisms. To counter this threat, a variety of software solutions are used that employ hardware security mechanisms. One of these is ARM's TrustZone technology. Like any currently available technology, not even TrustZone is capable of providing a perfect and everlasting defense against attacks from outside, but TrustZone makes it substantially more difficult to penetrate a system.
Reliable Security Features at Chip Level
The heart of the TrustZone approach is made up of two areas isolated at a hardware level: a "secure world" and a "non-secure world". These can be implemented simultaneously on a single core. This prevents secure software from directly accessing insecure resources. The isolation of the two areas within a system-on-chip (SoC) encompasses not only the processor but also the memory, bus activities, interrupts and peripheral devices.
This is the foundation on which TrustZone technology establishes a basis for system-wide security and creates a trustworthy platform on which any part of the system can be flexibly conceived as part of the secure world. Creating a security subsystem allows assets to be protected from software and hardware-based attacks.
TrustZone can secure both a software library and an entire operating system for execution in the secure world. Non-secure software is not accessible when accessing the secure page and resources located therein.
TrustZone Technology in Cortex-M Microcontrollers
The ARMv8-M architecture expands TrustZone technology to Cortex-M-based systems and providing robust protection with lower costs than with a dedicated IC.
It substantially reduces the costs and development workload for processor-based security, thus ensuring that security hardware is no longer a relevant cost factor.
Cortex-M and Cortex-A processors have the same security concepts in principle, but also have key differences. The key advantage of the Cortex-M is that context changes between the secure and non-secure worlds are performed at a hardware level, which allows for faster switches and greater energy efficiency. Unlike the Cortex-A, absolutely no secure monitoring software is required. The level of security achieved in the Cortex-A processors is much greater, however.
TrustZone is based on the principle of granting the absolute minimum of permissions required. This means that system modules such as drivers and applications are only granted access to a resource where necessary. Software is generally executed in both secure and non-secure environments. Content is transmitted between the two environments via a routine referred to as "core logic" (Cortex-M processors) or the "secure monitor" (Cortex-A processors).
TrustZone for ARMv8-M is an ideal technology for a Platform Security Architecture (PSA), as the hardware between the normal code and the trusted code basis is isolated. It provides a flexible basis on which SoC designers can select certain functions with the secure environment, allowing for the development of cost-effective and low-energy solutions. TrustZone includes procedures that provide trustworthy hardware for hardware-based secure storage, random number generators (RNGs) and a reference clock for secure time configuration.
The Cortex-M23 low-power microcontroller is the smallest yet also the most powerful microcontroller in this category with TrustZone technology implemented. The Cortex-M33 series is optimized in terms of cost and power consumption. The Cortex-M33 series is designed for mixed-signal applications, especially those that require efficient security and - where relevant - digital signal control.
Standardized Rules for Software Development
However, TrustZone is only used to its full potential if recognized data security rules are adhered to during the software development process. This is where the C CERT standard, which specifies "good coding practice", comes into play, serving among other things to ensure that:
- variable lifecycle conventions (local, global, auto, etc.) are adhered to,
- preprocessor instructions are unambiguous (e.g. by using include guards),
- value limits for variables are adhered to,
- memory limits (e.g. for arrays) are monitored and adhered to.
It is implemented by integrating a tool into the development environment that verifies compliance with rules during software development each time it is compiled. Retroactive implementations in existing code can, much like MISRA-C (C programming standard from the automotive industry) can be complicated, as violations of the standard necessitate the re-design and re-coding of large portions of the program.
In both C CERT and MISRA-C the code undergoes static analysis and is check against certain coding rules. The difference between the two is that the MISRA-C rules serve to provide functional device security, while C CERT provides data protection and data security.
The STM32L5 family is the successor to the STM32L4+ Cortex-M family and is the first ST product family that is based on the ARMv8-M architecture with TrustZone. This makes it much easier for developers to create trustworthy devices based on the PSA Framework with the Cortex-M33 processor, TrustZone technology and enhanced SoC security features. With its wide range of integrated digital and analog peripherals and interfaces, among them CAN FD, USB Type-C and USB Power Delivery, the STM32L5 microcontrollers provide an ideal platform for products such as industrial sensors, controllers, home automation devices (such as smart home), smart meters, fitness trackers, smart watches, medical engineering applications such as pumps and measurement device and much more.
An upgrade to the Cortex-M33 processor and a cache for internal and external program memory improves the STM32L5's performance compared to its predecessor. An optimized power supply reduces current consumption to 33nA in shutdown mode and offers maximum energy efficiency for long operating periods.
The STM32L5 also satisfies the need for more security thanks to additional safety features which are typically not present on microcontrollers such as a cryptographic co-processor and external storage media encryption. Further improvements include software isolation, secure boot and a specially secured storage area for cryptographic keys.
Specific explanations are provided below on various examples of peripherals (integrated functional units) and their implementation in connection with the TrustZone security concept in the microcontroller series.
Configurable Secure Attribute Units (SAUs) support up to eight memory ranges, optionally as secure or non-secure ranges. The Cortex-M33 processor supports System AHB (S-AHB) and Code AHB (C-AHB) bus interfaces. The S-AHB is used for each instruction called and each access to data in memory-mapped SRAM as well as for instruction calls and accesses to SOC peripherals, to external RAM and external hardware. The C-AHB is used with each instruction call and data access in the code range of memory.
TrustZone provides a completely securable real-time clock (RTC) for a wake-up timer Alarm A / Alarm B as well as customizable timestamping for secure/non-secure configurations.
Overview of Global TrustZone Controller
The Global TrustZone Controller (GTZC) encompasses three subblocks:
- The TrustZone Security Controller (TZSC) defines the secure, privileged state of the master/slave peripherals and determines the size of a non-secure area in the Watermark Memory Peripheral Controller (MPCWM). It notifies selected integrated peripheral units in connection with shared usage of RCC and I/O logic about the secure status of "securable peripherals" such as the RCC and GPIOs.
- The block-based memory protection controller (MPCBB) controls the secure state modes of all blocks (256-byte pages) of the associated SRAM.
- The TrustZone access controller for illegal access events (TZIC) collects all illegal access events in the system and generates a secure interrupt to the NVIC (Nested Vectored Interrupt Controller). Using the subblocks the TrustZone and privileged attributes are configured throughout the entire system.
The most important features of the GTZC are:
- three independent 32-bit AHB interfaces for TZSC, MPCBB and TZIC,
- MPCBB and TZIC are only accessible with secure transactions,
- the private and non-private area in the TZSC is supported in terms of secure / non-secure access.
TrustZone Support in the Tamper and Backup Register (TAMP)
For tamper-proof / non-secure configurations TAMP offers backup register configuration in several configurable memory areas as follows: a secure read-to-write area, a secure write-to-read area, a non-secure read-to-write area and a monotonic counter.
TrustZone in Integrated Flash Memory
TrustZone in the embedded flash memory accounts for 512kB for storing programs and data and allows for "single / dual bank" operating states and the "read-while-write" (RWW) mode in dual bank mode.
Four security levels are available for the flash memory.
- Level 0.5 is only available when activating TrustZone. All read/write operations from and to the non-secure flash memory area are possible under the condition that "TrustZone" is activated and read-only access is not set. Debug access to the secured area is not possible, although it is still possible to access non-secured areas.
- Level 0: No read protection
- Level 1: Memory read protection: The flash memory cannot be read or written to while debug functions are linked or "Boot in RAM" or the Bootloader are enabled. If TrustZone is activated, "non-secure debug" is possible, but booting in SRAM is not.
- Level 2: IC read protection
TrustZone Security Mode
If the "TrustZone Security" mode is activated, the entire flash memory is secure following reset, and the following security measures are available:
Non-volatile, secure flash area with integrated verification (watermark-proofed): The secure area is only accessed in "secure mode" here. In terms of addressability, a memory bank can only be addressed in single bank mode with jumps of 1kB or the entire memory bank is divided into 4kB blocks.
Proprietary Code Read-Out Protection (PCROP): This is a part of the flash secured area that offers protection from unauthorized read and write operations by third parties. The protected area is referred to as an "execute only" area and can only be addressed by the STM32 CPU by instruction code. No other access method (DMA [direct memory access], debug, CPU data read, write or erase) is possible. In single bank mode two areas with both secured areas can be selected. In dual bank mode one area per memory bank can be selected alongside the secured area.
The "secure hide protection area" is part of the secured flash area and can be protected to prevent read operations, write operations or access to data in this area.
In a volatile block-based secure flash area each page can be programmed in real time as secure or non-secure.
Activation and Access Permissions
The security architecture is based on ARM's TrustZone technology with the ARMv8-M Main Extension.
TrustZone Security is activated by the TZEN option bit (Trust Zone Enable) in the FLASH_OPTR register. In this case the SAU (Security Attribution Unit) and IDAU (Implementation Defined Attribution Unit) define the access permissions relating to secure and non-secure status.
SAU is an attribution unit relating to security and is used for the management of hardware security attributes. Up to eight configurable SAU areas are available for security attribution.
IDAU is an attribution unit that relates to access permissions. It covers a first memory partition for non-secure/not-securely-accessible attributes where code or data can be stored. These are then combined with the results of the SAU security attribution and the higher security status is selected. IDAU duplicates the memory for flash, system SRAM and peripherals to enable secure and non-secure states. This process is not performed for external storage, however.
Using the mechanisms specified here TrustZone also affects other areas in the microcontroller in keeping with the principle of a hardware solution.
An extensive yet concise summary of security information (tampering, attacks) in microcontrollers is provided in the Rutronik white paper "Security Aspects" (p. 74/75): www.rutronik.com/security-aspects
Find components at www.rutronik24.com.
Subscribe to our newsletter and stay updated.