SoC
  • Home
  • Arm
  • Arm Cortex M0/M0+
  • Arm Cortex M4
  • Arm Cortex M3
  • Contact
Reading: What are TrustZone security instructions in Arm Cortex-M series?
SUBSCRIBE
SoCSoC
Font ResizerAa
  • Home
  • Arm
  • Arm Cortex M0/M0+
  • Arm Cortex M4
Search
  • Home
  • Arm
  • Arm Cortex M0/M0+
  • Arm Cortex M4
Have an existing account? Sign In
Follow US
  • Looking for Something?
  • Privacy Policy
  • About Us
  • Sitemap
  • Contact Us
© S-O-C.ORG, All Rights Reserved.
Arm

What are TrustZone security instructions in Arm Cortex-M series?

Jamie Kellett
Last updated: September 18, 2023 2:27 am
Jamie Kellett 6 Min Read
Share
SHARE

TrustZone security instructions in Arm Cortex-M series processors provide hardware-based security features to enable trusted execution environments and partition sensitive and non-sensitive application code and data. The key capabilities enabled by TrustZone include secure boot, authentication, encryption, and isolated execution of trusted software.

Contents
Overview of Arm TrustZoneTrustZone Security Extensions in Cortex-MCortex-M TrustZone InstructionsSecure Boot ProcessUse CasesConclusion

Overview of Arm TrustZone

Arm TrustZone technology creates a hardware-enforced secure world for trusted software alongside the normal world for regular applications. This is achieved by adding security extensions to Arm processors like the Cortex-M series. The secure world has full access to system resources but isolated from the normal world. Sensitive code and data can be stored and processed in the secure world.

A new “NS” bit tag added to registers, buses, and memory spaces allow access control between the two worlds. The secure world can access both tagged and untagged resources while the normal world can only access untagged resources. Switching between the worlds requires a secure monitor mode which saves state and applies access restrictions.

TrustZone Security Extensions in Cortex-M

The TrustZone security extensions in Cortex-M series processors include:

  • Secure and Non-secure stack pointers for thread mode
  • Banked register support for fast world switching
  • Secure and Non-secure memory spaces with configurable splitting
  • New secure privileged modes for managing TrustZone
  • Secure Fault Handlers to catch secure world exceptions
  • Secure SysTick timer for reliable timekeeping
  • New TrustZone aware bus interfaces and peripherals
  • Crypto extensions for hardware acceleration (in some models)

With these extensions, Cortex-M processors can provide end-to-end security from boot to trusted applications. Sensitive code, data, and peripherals are accessible only from the secure world. The hardware isolation protects against vulnerabilities and malicious attacks from the normal world software.

Cortex-M TrustZone Instructions

The TrustZone specific instructions in Cortex-M processors enable switching between secure and non-secure states, managing interrupt handling, and accessing banked registers:

  • SG – Secure Gateway – This triggers a switch from non-secure to secure state via an exception return. The secure context state is saved/restored and system changes to privileged thread mode.
  • BXNS – Branch Exchange to Non-Secure – This branches to a non-secure address from secure state. The context state is saved, unprivileged thread mode is set, and execution switches to non-secure.
  • BLXNS – Branch with Link Exchange to Non-Secure – Same as BXNS but also saves return address to a non-secure register.
  • SMUL/SMULL – Signed Multiply with Exchange – Performs signed multiplication of two operands and exchanges the result between secure and non-secure states.
  • SEV/SEVL – Send Event – Triggers secure event or interrupt handling. This is used for secure inter-processing communication.
  • SSB – Speculative Store Bypass – Mitigates data leakage across worlds due to speculative execution. It ensures memory accesses are not speculated between worlds.

There are also instructions for managing banked registers used during world switches:

  • MRS – Move to Register from Special Register – Moves between banked registers.
  • MSR – Move to Special Register from Register – Moves between banked registers.
  • RRXNS – Rotate Right with Extend Exchange to Non-Secure – Exchanges value between banked registers during rotation.

Secure Boot Process

The secure boot process utilizes TrustZone instructions and features to establish a Chain of Trust:

  1. After reset, the processor starts in the secure world with trusted software.
  2. A secure boot loader or Root of Trust boots up the secure world and validates the next stage boot loader.
  3. The secure boot loader decrypts and authenticates the next stage loader before execution.
  4. This process continues in stages with each loader validating the next until the final application.
  5. The SG instruction is used to switch to non-secure world after validation completes.
  6. The trusted application executes securely isolated by TrustZone.

TrustZone security prevents tampering with the boot process. The hardware isolation also protects trusted software from access by normal world applications.

Use Cases

Some common use cases for TrustZone on Cortex-M processors include:

  • Secure Boot – Validating boot stages to root of trust for software integrity.
  • Authentication – Securely storing and processing authentication keys and algorithms.
  • Digital Rights Management – Hardware backed security for valuable firmware IP or media.
  • Trusted Applications – Isolating and protecting sensitive programs and data.
  • Secure Communications – Implementing trusted channels between endpoints.

TrustZone enables building robust end-to-end security without expensive hardware additions. The extensions integrate security deeply into the Cortex-M processor architecture itself. This allows implementation of advanced trusted computing concepts on low cost microcontrollers.

Conclusion

The TrustZone security extensions in Arm Cortex-M series processors enable new trusted execution environments for microcontroller applications. Key instructions provide access control between secure and non-secure worlds, allowing isolation of sensitive code and data. Hardware-backed security capabilities like secure boot, authentication, and encryption protect against vulnerabilities and tampering. With minimal cost increase, TrustZone unlocks advanced trusted computing use cases previously requiring dedicated security chips.

Newsletter Form (#3)

More ARM insights right in your inbox

 


Share This Article
Facebook Twitter Email Copy Link Print
Previous Article What are Helium vector instructions in Arm Cortex-M series?
Next Article What are Co-processor instructions in Arm Cortex-M series?
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

2k Followers Like
3k Followers Follow
10.1k Followers Pin
- Sponsored-
Ad image

You Might Also Like

Where are ARM Chips Used?

ARM chips are used in a wide variety of devices…

8 Min Read

Is Arm Really Faster Than X86?

The answer to whether Arm is really faster than x86…

8 Min Read

Differences between osDelay() and osWait() calls in Keil RTX

The osDelay() and osWait() functions are used for creating delays…

5 Min Read

What is Security Attribution Unit (SAU) in Arm Cortex-M series?

The Security Attribution Unit (SAU) is a hardware security feature…

6 Min Read
SoCSoC
  • Looking for Something?
  • Privacy Policy
  • About Us
  • Sitemap
  • Contact Us
Welcome Back!

Sign in to your account