How ARM® TrustZone® for ARMv8-M can bring hardware based security to low cost IoT devices
The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:
- Increased connectivity of microcontroller based IoT devices
- The need to keep IoT systems updated to protect them fromvulnerabilities. Many IoT devices need to support remote firmware update (e.g. over-the-air firmware update), and hence potentially open to possibility of firmware modifications by hackers
- Deployment at scale. IoT devices will be deployed in massive numbers and this will increase the attention from hackers.
There is a new trend for connecting microcontrollers to cloud based services and this is creating a big challenge for the industry: how do we build in robust security at the lowest cost points? In recent years, many IoT-focused microcontroller products were designed with security features, such as crypto engines, secure storage and other hardware features like true random number generators (TRNG).
These features address some parts of the security requirements, such as secure communications, but are not able to address some other challenges. For example, vulnerabilities in applications could still result in a compromise of the whole system. In order to strengthen security measures and make it easier to develop secure solutions in small embedded systems like microcontrollers, ARM released the Cortex®-M23 and Cortex-M33 processors, which are based on a new ARMv8-M architecture release. One of the key features in the newer architecture is the introduction of a security extension called Trust- Zone for ARMv8-M.
TrustZone technology is already being used in billions of high-end embedded systems with Cortex-A processors. To allow it to be used in small embedded systems, TrustZone has been redesigned and optimized for the requirements in microcontrollers.
Introduction to TrustZone for ARMv8-M
TrustZone for ARMv8-M is an optional security extension that is deeply integrated within the processor and across various parts of the chips. For example, security measures are deployed in memory access control, bus interface, exception handling (e.g. interrupts) and debug features. When it is implemented, it provides an extra protected execution environment called Secure world, in addition to the normal execution environment (Non-secure world).
Fig. 1: Processor modes changes from ARMv6-M/ARMv7-M architecture to ARMv8-M architecture
Fig. 2: Example partitioning of user and firmware projects with TrustZone security extension
Software running in Secure world can access to both Secure and Non-secure memories and resources, but Non-secure world can access only Non-secure memories and resources.
The normal execution environment (Non-secure world) is mostly unchanged from previous Cortex-M processors, and most applications that are written for previous Cortex-M processors can run in the Non-secure world with no or minimal modifications (e.g. RTOS need to be updated).
The additional protected environment provides a way for security-critical operations and resources to be protected. At the same time, however, security features can still be accessed by normal applications via protected Application Programming Interfaces (APIs), since the architecture allows direct function calls to take place between security domain boundaries with tiny overhead. To enable Root-of-Trust security, the processor starts up in Secure state. After security management blocks are programmed (e.g. configuration of memory partitioning and interrupt assignments), the secure software can then execute the start-up code in the Non-secure world.
For the Non-secure world applications, it can run in the same way as traditional embedded applications, with full control on its memories, peripherals, interrupt control and the Non-secure MPU (Memory Protection Unit). However, it is also possible to make use of other APIs provided in secure firmware to access other features. Optionally, Secure firmware can also make use of other I/O driver libraries that could be placed in Non-secure memory.
Why TrustZone enables better security for MCUs?
To better understand TrustZone’s capabilities, let us look at an example of a secure IoT microcontroller with IoT connectivity. In such an example device, the IoT connectivity APIs, crypto engine and its APIs, integrity check (heath check) and flash programming are all protected in the Secure world.
Application developers only need to call the APIs to establish a secure connection to IoT cloud services, and the cloud services deliver IoT application services, device management and firmware update mechanism to the IoT devices.
In a design like this, there are benefits to multiple parties:
- Microcontroller vendors can differentiate their products by providing various security software solution on chip. The preload onchip firmware can also include 3rd party software that are licensed. Since the Secure memories are protected with TrustZone, the values of the firmware IPs are protected.
- For the software developers creating the applications, they only need to call the software APIs to utilize the security features. This potentially reduces product cost (the IoT software stacks are already preloaded on chip), reduces risk of errors in the integration of software components, and enables faster time to market.
Of course, the security strength of the system depends heavily on the quality of the secure firmware on chip. Assuming that the security APIs are written based on well-established security standards, reviewed and tested thoroughly, the communication connection to the cloud services should be very secure. In a secure IoT platform based TrustZone, it is also expected that:
- Security keys (e.g. for cryptography operations) can never be accessed from Non-secure world all cryptography operations are handled by security APIs
- Security hardware resources, such as True Random Number Generator (TRNG) and unique ID, are Secure access only. Since TRNG might be used when session keys are generated for secure communications, such information must be protected
- Firmware update mechanism is placed in Secure world and can be configured to allow only signed firmware images that pass authentication checks to be used.
- In addition, system health check service can be running periodically in the background, triggered by a Secure timer. The periodic interrupt can be configured to have higher priority than Non-secure interrupts and cannot be disabled from the Non-secure side.
As the application get more complex, inevitably there could be bugs in the application code. And potentially this can result in vulnerabilities, allowing an attack on the IoT device using those weaknesses. If the attacker can access to privileged-access level (e.g. if a vulnerability lead to execution of injected code in privileged level), then the Non-secure world can be completely compromised.
Fig. 3: Example use case of TrustZone technology – a microcontroller system for IoT applications