By Nick Flaherty
www.flaherty.co.uk
The ARM Cortex-M23 is the smallest and most energy
efficient processor with TrustZone technology. Based on the ARMv8-M
baseline architecture, Cortex-M23 is aimed at constrained embedded applications
where efficient security is a key requirement.
While you might think that moving TrustZone into hardware was a popular step, it has taken a while for M23
devices to reach the market. The first cores from NuMicro were launched in
March 2017, but it has taken until now for the mainstream suppliers to deliver
silicon.
The first of these is Microchip with the SAM architecture it
inherited from its acquisition of Atmel. The SAM L10 and L11 both use the M23 core, but only the
L11 implements TrustZone. Microchip has added chip-level tamper resistance,
secure boot and secure key storage which, when combined with TrustZone
technology, provides an hardware root of trust. It also includes an on-board
cryptographic module supporting Advanced Encryption Standard (AES), Galois
Counter Mode (GCM) and Secure Hash Algorithm (SHA).
When benchmarked for power consumption, the SAM L10 received
a ULPMark score of 405, which is twice that of the nearest competitor
certified by the Embedded Microprocessor Benchmark Consortium (EEMBC), with the
L11 just behind at a ULPMark of 400. Microchip uses proprietary picoPower technology
to provide industry-leading low power consumption in active and all sleep
modes.
We would expect NXP and STMicroelectronics to be launching similar M23-based chip later this year and we'll keep you updated.
Microchip has partnered with Trustonic, a member of
Microchip’s Security Design Partner Programme, to offer a comprehensive
security solution framework that simplifies implementation of security and
enables customers to introduce end products faster. Microchip is also working
with Secure Thingz and Data I/O Corporation to offer secure provisioning
services for SAM L11 customers that have a proven security framework.
TrustZone for ARMv8-M brings hardware-enforced separation
between the trusted and non-trusted software on each Cortex-M23 based device.
As such, TrustZone provides a foundation for building embedded applications
that, in the past, might have required two separate physical processors to
create physical separation between the trusted and the non-trusted sides. A
single Cortex-M23 processor can provide a robust solution for security
requirements such as device identification management, high-value firmware
protection, software certification, and secure boot, just to name a few.
The Cortex-M23 processor with TrustZone has two security
states: The secure state can access both Secure and Non-Secure
resources (memories, peripherals, etc) while the Non-Secure state can only access Non-Secure resources, of course.
Code execution transitions and data accesses in the two
security states is policed by hardware, minimizing switching overhead and
guaranteeing determinism, which is a hallmark for all Cortex-M
processors.
Compact two-stage pipelined processor
Cortex-M23 is a simple two-stage pipelined Von Neumann
processor, yet it supports the full ARMv8-M baseline instruction set.
Users familiar with the Cortex-M0+ will quickly recognize many similar features
in the Cortex-M23 that bring extreme energy efficiency to these processors: WFI
(Wait for Interrupts)/WFE (Wait for Event) and sleep/deep-sleep modes,
sleep-on-exit, SysTick timer and optional single cycle IO.
The instruction set comprises around 80 Thumb instructions,
most of which are 16-bit wide to maximize code compactness, but also include a
few 32-bit instructions where efficiency gains can be made. All ARMv6-M
instructions are supported to ensure ease of code migration from the Cortex-M0
and Cortex-M0+ processors. Several new instructions have been included in the
ARMv8-M baseline instruction set to improve performance efficiency for
conditional operations, mutually exclusive accesses, hardware divide
operations, and immediate moves.
Enhanced debug and trace
An efficient and secure 32-bit processor alone does not make
for successful field deployment. Software development costs often far
surpass fabrication and hardware IP costs. The Cortex-M23 makes it easier
to develop and debug software by introducing more configurable hardware
breakpoints and data watch points compared to other ARMv6-M processors.
An optional Embedded Trace Macrocell (ETM) has also been added, in addition to
the optional Micro Trace Buffer (MTB) which is also available as in Cortex-M0+
processor. These options give designers the choice of a more full-featured
instruction trace functionality or a more cost-effective, trimmed-down,
instruction trace capability.
Memory Protection Unit for task isolation
A new programmer-friendly Memory Protection Unit (MPU) based
on the latest PMSAv8 architecture has been added to the Cortex-M23 processor as
an option. It can “protect” up to 16 regions for each of the Secure and
Non-Secure states. Each region has a base address, ending address, access
permission and memory attribute settings. In multi-tasking environments, the OS
can reprogram the MPU during task context switching to define the memory
permissions for each task. For example, application tasks may be granted access
to all or some application data and specific peripherals. The MPU dramatically
improves system reliability by protecting all other data from corruption and
other peripherals from unauthorized accesses.
Easier to set up memory regions
Cortex-M23’s memory protection architecture adopts base and
limit-style comparator for defining memory regions, as opposed to the previous
power-of-two size, sized-aligned scheme. This improvement simplifies software
development, and in some cases, reduces memory wastage when region sizes do not
fit a perfect power-of-two size.
New ARMv8-M baseline instructions
New instructions have been added to enhance the Cortex-M23's
capability compared to ARMv6-M implementations, but without compromising the energy
efficiency. Most of these 'new' instructions (except for the security extension
ones) are inherited from the ARMv7-M architecture instruction set in order to
extend Cortex-M23's capability compared to the Cortex-M0+.
TrustZone for ARMv8-M brings additional instructions to the
baseline instruction set. This includes the secure gateway (SG), non-secure
branch (BXNS, BLXNS), and test target (TT) instructions.
Execute-only code generation
Support for the execute-only memory regions has been
improved by the addition of immediate-move instructions (MOV/MOVT inherited
from ARMv7-M), which facilitate immediate-data generation in execute-only code.
These instructions provide the ability to produce 32-bit values via two
instructions without the need to perform a literal load.
Code optimization
Conditional Compare and Branch instructions (CBNZ/CBZ
inherited from ARMv7-M) improve performance for many conditional control code
sequences. Immediate branch with long offset (B.W inherited from ARMv7-M)
allows for direct branch to a far target address. And hardware integer
divide instructions (SDIV/UDIV inherited from ARMv7-M) reduce processing cycles
for divide operations.
Exclusive access
Load and store exclusive instructions from ARMv7-M have been
added to improve the architecture consistency of Cortex-M23 processor in
multicore systems where semaphores between processors can be handled with the
same mechanism. In addition, to provide atomic support for C11/C++11, the
load-acquire and store-release instructions are included from ARMv8-A (Thumb 32
version), including exclusive access variant of those instructions.
The SAM L10 (DM320204) and SAM L11 (DM320205) Xplained
Pro Evaluation Kits are available to kick-start development. All SAM L10/L11
MCUs are supported by the Atmel Studio 7 Integrated Development Environment
(IDE), IAR Embedded Workbench, Arm Keil MDK as well as Atmel START, a
free online tool to configure peripherals and software for accelerated
development. START also supports TrustZone technology for configuring and
deploying secure applications. A power debugger and data analyser tool is
available to monitor and analyse power consumption in real-time and fine-tune
the consumption numbers on-the-fly to meet application needs.